The Apple Pay service is an upcoming mobile payment system first revealed by the Cupertino company early last month. The service has been boasted to be “easy, secure and private” and the replacement of the physical wallet we carry around with us on a daily basis.
We turn to swipe our credit card often and we think, “hey, this isn’t too hard.” Well, Apple wants to make it even easier for you. The Apple Pay service is aimed to give users greater security than the credit card with features such as Device Account Numbers that will replace credit card numbers as well as unique security codes for each transaction and the use of the Touch ID feature to verify payments.
TUAW’s Yoni Heisler has taken it upon himself to answer the number one question on our minds: How is Apple safeguarding user information and data? How is this a safer route compared to the use of a credit card?
Apply Pay is reportedly the first implementation of the EMVCo tokenization specification. The EMVCo is the newly released security outline that is designed to cover upcoming payment procedures just like Apple Pay. This security framework has been called “the most secure payments scheme on the planet.”
In addition to using this security scheme, Apple Pay uses a “token” which refers to a Device Account Number. The “token” is meant to replace a user’s current and existing credit card number on the iPhone. The 16 digit number is randomized and unique so no two people have the same code and it ensures that no retailer is able to obtain and access a user’s credit number. While the credit card shows your number on the face of the card, the “token” is for users’ eyes only. It protects consumers from any security breaches by merchants. The “tokens” simply put are randomized numbers that cannot be traced back into a credit card number.
On top of this personalized Device Account Numbers, the “token” is paired with an animated one-time user code that is generated to replace the CCV (the 3 digit security code at the back of a credit card) belonging to a user with every single transaction. This can be compared to the one time password (OTP) or transaction access code (TAC) that some us get while doing online banking.
Furthermore, to add another layer of security, the Device Account Number in Apple Pay can only be used with the one-time use cryptogram. The purpose of the cryptogram is to verify the “token in transit originated from the device being used.” The cryptogram also carries transaction data. For example, the identity of the retailer and the amount of money charged can be retrieved from the cryptogram.
The last step in the whole security tight process of using Apple Pay is the use of the Touch ID. This is last point of verification that essentially does away with passwords and uses biometrics to verify the correct user of the account accessed. This outline of the security system is Apple’s way of being absolutely transparent and gaining the trust of users who want to use the service but are hesitant due to the fear of security breaches occurring.
This transaction implemented with the Apply Pay service is “a new and much higher standard of security for electronic payments” which is assured by Apple that will not let users down.
Apple Pay is to be launched into the market this month via an iOS 8 update. We will definitely be keeping our eyes out for any other news regarding the payment service so that all of you are informed of the security risks and safeguards that come with Apple Pay.