Apple Pay Could Be a Credit Card Security Game Changer

NEWS ANALYSIS: Apple introduces some much-needed improvements in how payments are handled over payment card networks, boosting security and privacy.

Apple Pay

To absolutely no one's surprise, Apple announced the iPhone 6 on Sept. 9 in the usual over-the-top event, complete with a short concert by legendary rock band U2. There are actually two versions of the iPhone 6, the standard one and the 6 Plus, which has a larger screen, better battery life, and some features such as optical stabilization for the camera.

The new iPhone is probably the biggest departure from its predecessor of any iPhone. Besides having a new and faster processor, the 6 comes with more memory on most models, better mobile radios, better WiFi, a better camera, a more flexible user interface, and even a one-handed keyboard reminiscent of the one on BlackBerry 10 devices.

But the most significant improvement to the iPhone's user experience comes from a feature you can't see and which may be more important than any of the others. That new feature is Apple Pay.

While Apple Pay is a wallet app, the differences between it and other digital wallets is significant. In addition to being supported by MasterCard, Visa and American Express, Apple Pay effectively virtualizes your credit cards so that the merchant never gets the number. Instead it stores an encrypted version of the card using a chip called the Secure Element.

The way it will work when it starts operating in October is that consumers will take a photo of their credit cards using the iPhone 6 camera. The first card becomes the default payment card, but any number of other cards can be added as well. The iPhone will let them make a payment using Near Field Communications (NFC) and a wireless enabled card reader, of which there are many.

The important part is that the merchant gets the credit authorization and the charge goes through while the credit card number is never provided. Instead, Apple creates a single use number just for that transaction. The merchant doesn't keep the number and neither does Apple. Because the card number is created for each transaction, it wouldn't matter if they did keep the number—it still couldn't be used.

Furthermore, the details of the transaction don't go to Apple, so the company has no idea what was bought or how much was paid. Apple Pay also works for online transactions with a variety of vendors, including Target and Uber, although obviously NFC isn't part of those payments.

By now you're probably saying to yourself, "Hey—that Home Depot breach never could have happened with this!" and if you did say that, you'd be right.

For consumers using the Apple Pay system, there is little chance that their payment card information would be stolen. For merchants, this is a plus because it dramatically reduces the risk of data loss—not that the data can't be lost, but because it won't matter after the transaction is complete.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...