Design Thinking is an iterative, five-stage process that puts the focus back on the user, from start to finish. Here are the five steps...
Why Apple Pay is the Most Secure Form of Payment
Fumbling with a bunch of credit cards and a wallet is a hassle. Who wouldn’t prefer to just use their phone or smart watch for transactions? But are we giving up security in the name of convenience?
I don’t think so. Not only is Apple Pay convenient and easy to use, you will not find a more secure form of credit card payment today—period.
There are four basic things to understand about Apple Pay’s security:
- What happens when you link a credit card to Passbook?
- What is the secure element?
- What happens when you make a purchase?
- Is any of your financial data stored in the cloud?
Linking Your Credit Card to Passbook
The foundation of Apple’s security lies in the secure element in the phone, and the way credit cards are authenticated when they are added to Passbook. The process of adding your credit card to Passbook looks like this:
- When you scan or manually enter your credit card into Passbook, Apple sends an encrypted message to the credit card networks (Visa, Mastercard or American Express), who in turn pass it on to the credit card issuer.
- In this message is a request for a token and a cryptogram, which makes the iPhone the token requester (I’ll talk more about tokens and cryptograms later, but for right now, it’s important to know that the iPhone requests the tokens).
- The credit card issuer sends back a token and cryptogram, making the issuer the token provider (this is also important). Therefore, the issuers are responsible for the security of the token and cryptogram.
- The secure element on the iPhone is the only thing that stores the token and cryptogram. These items are not stored on Apple’s servers. The secure element is the only thing that contains this data. And because the data there is not actually your credit card number, you don’t have to cancel your credit card if you lose your phone. You simply disable your phone.
- The last four digits of your credit card are the only thing in Passbook that resembles your credit card. This is to help distinguish the credit cards in Passbook; if you’re like me and have two cards from the same bank, you need to see the last four digits.
The fact that the credit card issuers are the token provider is important because at no time does Apple create, contain or store the token. The onus and liability is completely on the credit card issuer.
Additionally, the token and the cryptogram are not just encrypted versions of the credit card number. They are actually completely separate data. Therefore, the token and cryptogram cannot be decrypted to reveal your actual credit card number.
The Secure Element (and Tokens)
So, how secure is the secure element, really? The secure element is a chip inside the iPhone 6 and 6 Plus where the token and cryptogram are stored. The software accesses this hardware only when you link a credit card to Passbook or a transaction is being made. The data on the chip is never passed to the software for use within the operating system, which is where breaches normally occur. If someone were to hack your operating system, there would be no way to extract the financial information.
The token stored on the secure element is unique to your device, not just a replacement of your credit card number. Tokens are meaningless mathematical strings, which cannot be decrypted back to an account number. Furthermore, they’re useless on their own because they require both the device and the cryptogram to work. Only the token provider can map the token back to the account, and as I mentioned earlier, Apple cannot do this. The token isn’t stored in Apple’s servers anywhere—it is stored only on the secure element in your phone.
Making a Purchase with Apple Pay
When you make a purchase with Apple Pay, Touch ID is required as part of the authentication process. The biometrics of touch ID are not completely 100% secure, as we’ve seen in the past few months. However, it is still leaps and bounds ahead of any signature or PIN-based user authentication. I would rely upon my fingerprint over a PIN any day.
When you make a purchase:
- The NFC reader recognizes the NFC chip in your iPhone 6 or 6 Plus. The secure element then sends the token and cryptogram to the retailer.
- The cryptogram is sent to the credit card network, which determines whether it is authentic. If so, it then sends the token to the authorizing bank (the credit card issuer), which decrypts the token.
- The bank recognizes the token it established when you linked your credit card to Passbook. It authorizes the transaction and sends back the authorization to the retailer.
The cryptogram is a layer of security in which part of it is dynamically created per transaction; it links the token to the device and that particular transaction. Tokens can never be used without an accompanying cryptogram and the cryptogram ensures that the token can only be used from the device in which it was originally linked.
The important fact here is that the retailer never has possession of your actual credit card number in any part of the transaction. That is a distinct difference from the credit card magnetic swipe we have today, where the exact credit card number is unmasked and sent directly to the retailer’s point-of-sale system. This is the weak point where hackers have intercepted credit card numbers at Target, Home Depot and others.
Apple does not store your credit card number in the cloud during any part of linking your credit card or making a transaction. The only thing stored is the token and that is stored in the secure element. This is a distinct difference between Apple Pay and Google Wallet. Google actually stores your credit card number in order to facilitate the transaction. The authorization of the transaction first hits their servers, is decrypted, and then goes to the bank that issues the credit card. Google also requests and stores your Social Security Number when setting up Google Wallet.
With Apple Pay, the only party to actually store the credit card number and associated token is the credit card issuer themselves.
Safe Financial Data
Credit cards with magnetics strips are the least secure form of payment. There are many tech companies vying to replace your old credit card, but if we’ve learned anything from the recent data breaches, it’s that we should not trust a payment solution that decrypts and stores our account numbers in a server that can be compromised by hackers.
While banks still hold this information, the responsibility for storing our financial data should be on the banks, and not with tech companies or retailers. Apple Pay does just that.