How secure is apple pay?

Posted on

Depending on who you talk to, Apple’s launch of its mobile payments platform Apple Pay on Tuesday was either an innovative kickstarter to an industry struggling to reach critical mass, or an uninspiring riff on pre-existing technology that’s unlikely to move the industry’s proverbial needle

But regardless which camp turns out to be correct, there is one aspect of Apple Pay that many agree the consumer tech giant has gotten right: Security.

Apple didn’t spend much stage time explaining the tokenization process that underpins Apple Pay, but the method is seen as one of the most secure and fraud-proof payment mechanisms available.

When CEO Tim Cook touted Apple’s new mobile payments service as “easy, secure and private,” he was at least partially addressing public concerns over the company’s security infrastructure in light of recent high-profile hacks.

And while Apple Pay has yet to be put to a real-world test, some security experts–despite generally praising Apple’s move as a step in the right direction–have already identified some potential risks inherent in the system.

“If correctly implemented it could add security benefits, but there could also be some gaping security flaws,” said Chris Carlis, a security consultant for Trustwave. “We will see how it survives the initial contact with the enemy. .. It’s not going to be a magic bullet that fixes fraud and security.”

Tim Cook announces Apple Pay during an Apple special event at the Flint Center for the Performing Arts on September 9, 2014 in Cupertino, California.

And while Apple Pay has yet to be put to a real-world test, some security experts–despite generally praising Apple’s move as a step in the right direction–have already identified some potential risks inherent in the system.

“If correctly implemented it could add security benefits, but there could also be some gaping security flaws,” said Chris Carlis, a security consultant for Trustwave. “We will see how it survives the initial contact with the enemy. .. It’s not going to be a magic bullet that fixes fraud and security.”

 

This device-only account number is then stored in a new encrypted chip in the iPhone 6 and the iPhone 6 Plus called the “secure element.” (The Apple Watch will also have a secure element chip that will be used to store the device account number when used with an iPhone 5, iPhone 5S and iPhone C).

This is significant because the secure element is actually in the device and not stored on Apple’s servers, said Rick Dakin, CEO and chief security strategist of Coalfire, an IT data security firm.

spurce:http://www.cnbc.com/id/101992749#.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s