The COVID-19 pandemic has made many people favor contactless payments over cash. More and more people are using their iPhones to carry out contactless payments using Apple Pay. But can you really trust it? After all, you can never be too cautious when it comes to protecting your financial information.
Here’s what you need to know about Apple Pay, and whether it’s secure enough for you to link your credit or debit card to your iPhone.
What Is Apple Pay?
Apple Pay is a digital payment system that allows users to purchase items or transfer money using their Apple devices linked to their credit or debit cards. This beats having to carry around cash or debit and credit cards since your iPhone or Apple Watch can make all contactless payments.
Apple Pay is currently available in more than 20 countries and is located in the Wallet app of any Apple device—including iPhones, iPads, Watches, and Macs.
Does Apple Pay Store Your Credit Card Details?
How does Apple Pay work? When you first set up a card with Apple Pay, it asks you for your card number, expiration date, and CVV code to verify the card with your bank. This is only a one-time thing for authentication, and the details aren’t stored with Apple. So Apple Pay doesn’t share these details when you’re making a transaction.
Instead, it uses a process called “tokenization”, which creates a unique one-time passcode every time you do a transaction.
In addition, Apple Pay also requires additional verification, such as Touch ID or Face ID before completing a purchase. In this way, it can often protect your financial information better than credit cards.
Apple doesn’t store or have access to the original credit, debit, or prepaid card numbers that you use with Apple Pay. Since your card information is not stored on your devices or Apple’s servers, none of this information is shared with the retailers.
The contactless payment system also prevents your information from being swiped by a skimming device.
Apple Pay itself doesn’t have any spending limits; however, shops and retailers may impose a contactless limit which is usually dependent on the individual countries’ laws. For example, you may need to provide a signature for purchases over $50 in the USA when using Apple Pay.
Similarly, the general limit for Apple Pay transactions in the UK is £100 (GBP). Apple maintains a complete list of possible limitations per country which you can go through.
Is Apple Pay’s Express Transit System Secure?
No payment system is 100 percent safe, and each has its own vulnerabilities and flaws. With that considered, Apple Pay is still pretty safe.
However, some researchers from the University of Birmingham and the University of Surrey discovered a potential flaw in Apple Pay’s VISA Express Transit system.
The Express Transit system allows users to pay for transport systems without authenticating the payment using Face ID or Touch ID as they would normally do for any other transaction. This is meant to reduce times tapping in or out of transit gates. To do this, all you need to do is tap your device to the contactless reader, which automatically authenticates the payment.
The researchers were able to trick the iPhone into thinking it was communicating with a transit gate when it was actually a payment reader used by shops. This was done by identifying a unique code broadcast by transit gates or turnstiles, which was then used to interfere with the signals between the iPhone and a shop card reader.
Interestingly enough, the flaw was only found on VISA cards set up with Express Transit mode. Researchers warned the issue could be exploited to make transactions from an iPhone inside someone’s bag or pocket without their knowledge.
The researchers say they approached Apple and Visa with their concerns, but the problem has not been fixed at the time of writing. Visa’s view is that this type of attack was “impractical”:
“Variations of contactless fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world”.
Apple’s view on the case was similar:
“We take any threat to users’ security very seriously. This is a concern with a Visa system but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place”.
There is no evidence to say that this method is being used in the real world by criminals to make unauthorized payments or scam consumers.
What Do Banks Say?
Banks have generally reaffirmed their faith in Apple Pay, with many having public web pages to support the payment system.
Barclays, an international bank based in the UK, says that Apple Pay is very secure as it uses a unique Device Account Number. However, it further recommends keeping your card protected by choosing a device passcode that only you know and storing your fingerprint within Apple Pay.
How to Keep Your Apple Pay Safe
Apple Pay is a highly secure payment method for in-store, in-app, and online shopping. But even its advanced data security approach won’t be effective if you don’t use common sense and remember the best practices around financial transactions.
Never transfer money to unknown websites or make payments at suspicious Point of Sale (POS) facilities. And always double-check payment amounts before tapping your device. This should help you keep your money safe, and allow you to make the best of contactless payments.
In the case that you feel that you have been scammed or an unauthorized amount has been deducted from your account via Apple Pay, make sure you confirm this from the Wallet app transaction list, and then contact your list to get the transaction canceled.
Is Apple Pay Secure?
Apple Pay is one of the newer contactless payment technologies, and it makes sense that some may be skeptical about its safety. We feel that the system is very safe, and this has been proved by the eagerness of banks to embrace the technology and Apple Pay expanding to many countries around the world.
Other Wallet activities such as Apple Cash have also been proven to be safe.
Much of Apple Pay’s security depends on how you use it. So focus on using it with caution, consciousness, and care, and you should be alright.
No matter how secure Apple Pay is, you should still disable it if your iPhone or Apple Watch goes missing.
About The Author