How Secure is Apple Pay?

How Secure is Apple Pay?

January 27, 2015         Written By Bill Hardekopf

In their quarterly report this afternoon, Apple is expected to post record revenues and profits. Many analysts are curious how Apple Pay will be assessed after being in operation for a little over three months. While reviews have generally been positive, there have been a couple of hiccups with respect to security if you believe some tech experts.

First, Chaos Computer Club, a large group of European hackers, said in December they were able replicate fingerprints using only photographs showing a person’s fingers. Hacker Jan “Starbug” Krissler said he had copied the thumbprint of German Defense Minister Ursula von der Leyen. He used a widely available program called VeriFinger which used photos of the Defense Minister at a news conference to create the fake image of her finger. Theoretically, this could be used to hack TouchID and use Apple Pay as well as other systems on the iPhone. Other experts consulted about the fingerprint photos say conditions would have to perfect for that type of hack to work, and even then, the chances of success would be small. It is highly doubtful a petty thief would have the expertise or time to pull off such a hack.

The second problem with Apple Pay security came from The Drop Labs Blog, a blog dedicated to mobile payments. They pointed out a couple of flaws they found with Apple Pay. One was the lack of a physical card. Currently, when hackers buy a stolen credit card number, they can use that number online. But if they want to use the number in the brick-and-mortar world, they have to make a physical card. Not particularly hard, but Apple Pay made it 100 times easier to use it in the real world. Simply transfer the card number to the iPhone and use Apple Pay. No physical credit card is needed because your phone is your (stolen) credit card.

That brings us to another larger problem The Drop Labs Blog pointed out. Banks aren’t properly verifying cards when they are entered into Apple Pay. If they were, then crooks would not be able to put stolen card numbers into Apple Pay because they would have to be properly verified. Chalk it up to the newness of the system, but banks are behind on their end of making Apple Pay secure.

The TouchID hack is a theoretical problem without any practical examples of it being used. The fake numbers being used with Apple Pay are the fault of the banks and their lax security and verification methods.

The utter lack of any real news about any breaches with the Apple Pay system means it must be doing a lot of things right. Therefore, if we were to give Apple Pay an early grade for security, it has to be an A+.

The information contained within this article was accurate as of January 27, 2015. For up-to-date information on any of the terms, cards or offers mentioned above, visit the issuer's website. Many of the offers on this article are from our affiliate partners, and LowCards.com may be compensated if you take action with any of our affiliate partners.

Review LowCards.com Editor’s Top Cards!

2020 Top Credit Cards by Category
Featured Prepaid Card
NetSpend® Visa® Prepaid Card
EDITOR RATING
Featured Prepaid Card
NetSpend® Visa® Prepaid Card

Applying for this card will securely direct you to the issuer's website.

Top Features: No late fees or interest charges because this is not a credit card it is a prepaid card. 

Featured Secured Card
Assent Platinum 0% Intro Rate Mastercard Secured Credit Card
EDITOR RATING
Featured Secured Card
Assent Platinum 0% Intro Rate Mastercard Secured Credit Card

Applying for this card will securely direct you to the issuer's website.

Top Features: Intro APR Offer on Purchases, No Annual Fee For First Year

Featured Fair Credit Card
Reflex Mastercard® Credit Card
EDITOR RATING
Featured Fair Credit Card
Reflex Mastercard® Credit Card

Applying for this card will securely direct you to the issuer's website.

Top Features: All credit types welcome to apply!

Featured Bad Credit Card
First Digital NextGen Mastercard® Credit Card
EDITOR RATING
Featured Bad Credit Card
First Digital NextGen Mastercard® Credit Card

Applying for this card will securely direct you to the issuer's website.

Top Features: Reports to all three credit bureaus, perfect credit not required for approval


bill-hardekopf

About Bill Hardekopf

Bill Hardekopf is the CEO of LowCards.com and covers the credit card industry from all perspectives. Bill has been involved with personal finance for over 15 years. He is a frequent contributor to Forbes, The Street and The Christian Science Monitor.