Real news from the privacy world

Apple Pay Is Finally Out, But Will It Last?

UPDATE: on Oct. 16 an announcement was made by Apple, that Apple Pay should be ready for use on Monday, Oct. 20. Also two new devices were introduced by the company, the new iPad mini 3 and the iPad Air 2, Apple Pay will work on both of those devices.

Unlike the new iPhone models – 6 and 6 Plus as well as Apple watch, purchases on the new iPads will be made only in iOS applications and will not be possible at retail locations. Apple chose not to explain why it will be that way; there is a possibility that the new Apple devices, specifically iPads, will simply not contain the NFC chips that are a must in order to communicate with retail PoS point-of-sale devices.

According to Apple, additionally around 500 more banks in U.S. as well as other payment-card issuers will support its Apple Pay, but they named five of those only: Navy Federal Credit Union, U.S. Bank, Barclaycard, Bank and USAA and PNC. Previously Apple announced these six banking partners – Bank of America, Citibank, American Express, Wells Fargo, JPMorgan Chase and Capital One.
Apple introduced its mobile-payment system called Apple Pay, which Apple says, should finally create a revolution in US retail shopping after what Isis, aka Softcard and Google Wallet failed to do. Can you really trust Apple claims that Apply Pay will be “fast, secure and private”?

The good news is that Apple Pay will use security feature which is called tokenization, a feature that has been already long desired by the industry of payment-card. With this feature, called tokenization, each and every number in credit card’s account is substituted with a “token”, a one-time string that contains random data, before the payment data even gets received by merchant’s point-of-sale system.

That way real account number never gets to be shared with the merchant. Nothing can be stolen if there is nothing to steal, be it merchant’s systems containing malware (à la Home Depot or Target) or by a dishonest cashier with a hidden card swiper.

Apple Pay already is much more secure than any other standard credit-card formats just by including tokenization, which up until now has yet to be widely adopted, including EMV “chip-and-PIN” format which is used widely outside of the U.S., not to talk about Google’s product Google Wallet.

There is more to steal if there is more data

Let’s not forget that with the good news usually comes the bad news. With such features in Apple Pay, new iPhone mobile devices will be much more captivating for thieves to pilfer. Another Apple feature called Apple Watch, also introduced on October 16, extends the capabilities of Apple Pay on the older Apples’ iPhone 5 phones line, but adds another “trendy” device to the stolen devices list in buses and subway cars.

But Apple is placing a lot of trust in applications developers as well. Groupon, OpenTable, Uber and Target are the named companies to have Apple Pay directly incorporated into their iOS applications for mobile online transactions, and more companies will follow this.

“Ninety-six percent of the applications we scanned in 2013 contained at least one security vulnerability” Trustwave’s managing consultant Mike Park said in his statement, which followed the presentation from Apple. “With the introduction of this type of functionality into a platform, it makes every device a possible target.”

Stolen fingerprints, stolen photos, stolen phones

After all of that we have Touch ID. The newest iPhone users will have to hold the phone over a compatible card reader while pressing Touch ID button to be able to make a purchase. That way fingerprint reader that is built in this Touch ID will scan holders fingerprint on the thumb and verify him or her as the authorized user, yet previous tests proved that this feature is not 100% reliable and it is possible to fool it with a rubber fingerprint.

It is not all, what if your iPhone is lost or stolen? Well according to Apples Senior Vice President Eddy “if your iPhone is lost or stolen, you can use Find My iPhone to quickly suspend payments from that device.” However that would not work if the phone won’t be able to receive Wi-Fi or cellular signals, and it is not hard for a thief to disable those by turning off iPhone right away or dropping it into a radio-proof Faraday bag which is sold nearly in every store that sells computer parts.

To top all of this, one of primary methods to add credit card to Apple Pay is user simply taking and sending a photograph of the iPhone with the card and sending it to Apple. After recent events in which the young celebrities that took nude selfies got these photos stolen and leaked, user just cannot know how secure this method is. And Apple didn’t even explain yet who will be assigning Device Account Numbers or how that number would be transmitted to a phone.

Trustwave’s Park said “We cannot say with certainty that mobile payment systems are more secure than payment cards; only time will tell”. “With any new addition or feature to a platform — even ones meant to enhance security — this expands the overall attack surface, making it attractive for criminals looking for vulnerabilities to exploit.” This surfaces the question, how can an user actually improve his own security and protect himself from such vulnerabilities to be exploited or the hackers and our answer to that is that you do not need to look far to find such comfort, we offer it here and now, just head over and check out all the features that we offer. Our VPN service will get cracking fast on the new Apple machines.

Try NordVPN for Free!

3 days of full security and privacy, with no strings attached


Your email address will not be published. Required fields are marked *

Leave a Comment

Your email address will not be published. Required fields are marked *