All across America today, retailers have begun to accept Apple Pay purchases using secure encryption, Touch ID and Apple iPhones. So is cash still king or have we crowned a new form of payment winner?
Apple’s new smartphones and iPads use an NFC wireless module to communicate to a merchant’s payment terminal. Once connected, a tokenized transfer occurs, whereby shoppers only transfer a special, single-use digital token that the Point-of-Sale system will decode using a shared secret. At no time does a user’s credit card information ever actually leave the secure enclave contained on their device. This patent pending method also requires Apple’s Touch ID biometric fingerprint verification in order to verify the shopper is who they say they are. Since the Touch ID data is stored in a secured enclave and is also a hash, or a numeric value that represents the data, it’s almost like having 2-factor authentication built in without the hassle of pass codes for the user to enter.
Here is another way to look at it. Your phone and your merchant’s terminal agree upon a secret passphrase, and when that’s successful, they pass the info onto the payment provider or bank which then authorizes payment. Only you and the payment card provider ever know the credit card number used but the merchant’s terminal only ever knows the passphrase, which is unique and automatically generated for one-time use.
Apple does this so that even if the NFC communication is hacked and intercepted by a 3rd party, the data stolen is completely worthless. It’s a measure designed to alleviate the fear that transferring any kind of payment information wirelessly sets a user up for attack, which is likely one of the factors involved in slow adoption of NFC payment methods thus far. Google Wallet and many Android smartphones have been supporting NFC for a few years now but consumer fear and most U.S. merchant’s unwillingness to upgrade to NFC terminals has stalled mass adoption. This is all poised to change now that Apple has addressed some ease of use issues for consumers as well as secured partnerships with over 500 banks and 220,000 stores including Target, Bloomingdales, Duane Reade and of course Apple own retail stores.
Credit card and debit card fraud resulted in losses amounting to $11.27 billion during 2012. And that doesn’t even factor in identity theft and the hassle and cost of issuing new cards for every fraud report. Credit and debit cards trade security for convenience due largely to the fact that most cards are still using 40 year old technology. Is Apple Pay the major overhaul needed to secure an aging retail transaction system? Only time will tell.