Apple Pay Security
  • Written by Super User
  • Hits: 3036
Apple has claimed that Apple Pay is the most secure payment system... Is it true?

Apple Pay

Is Apple Pay system really the best payment method? Many have weighed in on this and I have read up the security implementation in iPhone6 and having some idea of how end-to-end security is implemented (I was the Storage architect in an Encrypted device company with claims to have never been hacked), I would say that if a certain set of conditions are satisfied, which I will list momentarily, it can claim to be better than its peers. While Paypal is not a competitor for this, certainly the Credit card companies and Google Wallet have some catching up to do. First let us list the vulnerabilities in Credit Cards that are being exploited by hackers...

In order for a system to be secure, encryption and authentication modules have to be built using standards that have not been cracked. For instance, the AES-256 (Advanced Encryption Standard-256 bit) is one such encryption standard and any hardware built (and approved by standards bodies) using this can be deemed secure. Similarly authentication (the process of proving your identity) if based on the SHA-256 standard (Standard Hash Algorithm 256 bit) with Salt, is deemed safe. Some sites claim that they have cracked SHA-256 but it needs to be verified. Perusing some of iPhone6 features I can only surmise that Apple is indeed using some sort of Hash algorithm to save not only the fingerprint but also the Credit Card number details that a user would have entered into Apple Passbook. For all transactions, this hash value (and not the card number itself) is used and hence the claim that Apple does not store your Credit Card number in their server. Rather they store it in encrypted form on the phone itself. If implemented correctly, it is secure. Now let us try and see how iPhone gets around the shortcomings of a Credit Card based payment system.



Lost iPhone
Use Find my iPhone app to put your iPhone in Lost Mode and you can wipe your iPhone completely, a la IronKey.
Sensor error
If TouchID malfunctions, you are locked out. You may have to put your iPhone in Lost Mode.

Apple Pay still needs a lot of plumbing at the Point of Sale(POS) terminal end. It assumes that POS terminals are set up to read encrypted data from a Near Field Communications device (such as the iPhone) and transmit the information in its original encrypted form to the Bank that issued the Credit Card. The server at the Bank and the encryption chip on your iPhone will then have to communicate and establish a secure link (I am guessing PKI) into which the POS terminal will have to tap in to enter amount/ product code etc. Apple has announced the availability of Apple Pay by October but I am sceptical.

Security is only as strong as the weakest link and till the details of encryption and authentication algorithms used and their robustness is known, the jury is still out on whether it is secure. Admittedly it will be better than the credit card based transactions but there is room for improvement.

Add comment

Security code

Visit Betfair Review

Log In or Sign Up

Log in with Facebook

Forgot your password? / Forgot your username?