NFC technology isn't new; it's used to make mobile payments from Android phones with apps like Google Wallet and Softcard. But Apple's mobile wallet might be more secure than those other options, according to Martin Ferenczi, the North American president of Oberthur Technologies, a French electronics security company. [Top Ten Disruptive Technologies]
Apple Pay uses a security protocol — known as the EMV standard — that other mobile wallets don't use, Ferenczi told Live Science. The credit card companies Europay, MasterCard and Visa first developed this standard in the 1990s and it's widely used in Europe, as well as other parts of the world.
Credit cards that use the EMV standard are equipped with microchips that store sensitive data. These so-called chip-and-PIN cards are considered more secure than the "magstripe" credit cards used in the United States because card numbers and transaction details are encrypted before being sent to a merchant's computer, or point-of-sale terminal.
In the case of Apple Pay, EMV takes the form of a process known as "tokenization," according to John Shier, a security advisor with computer security company Sophos.
"Once you enroll a card, [Apple] doesn't actually store the card number itself on the device or on its own servers," Shier told Live Science. "They store a digital representation, or token, which is a 16-digit code that is meant to represent your card within the 'secure element' of the iPhone itself."
The secure element is a microchip located inside the phone that's distinct from the phone's regular memory, according to Shier. It's not backed up to the cloud, Shier said, which means you don't have to worry that your real credit card numbers will be stolenif someone hacks your iCloud account.
When you make a payment with Apple Pay, the merchant receives your device token, as well as a unique code that is generated for the specific transaction. Both of these codes are also shared with the other parties involved in the payment process, such as banks, credit card companies or third-party processors.
The fact that none of these parties ever see real card numbers is good news for consumers, according to Shier. It means that if a merchant falls victim to a data breach, customers who paid with Apple Pay are much less likely to have their card numbers stolen.
"Our hope is that Apple will transform the industry," said Ferenczi, whose company is also investing in EMV and NFC-enabled technologies. "What's happening with chip technology, including Apple Pay, is that dynamic data is being transmitted. And if that data is taken, it cannot be reused."
However, the fact that Apple's new mobile wallet is likely more secure than your typical credit or debit card doesn't mean it's totally secure, according to Shier.
"The people behind [data] breaches and fraud still want to make money after Apple Pay comes out. So the idea that it's going to solve all of our problems is a bit of a pipe dream," Shier said. "But it is a step in the right direction."
source: livescience.com by Elizabeth Palermo