Apple Pay Will Have Some Security Vulnerabilities

Apple Pay couldn’t have arrived at a better time; security breaches in major retailers appear almost daily in the news, and consumers are looking for a more secure way to pay. And while Apple Pay may address that need for many, there are still potential security breaches.

Security is a major part of Apple's marketing for Apple Pay. But one potential flaw in Apple Pay’s security is the Touch ID. After the release of the feature last year, the biometrics hacking team at the Chaos Computer Club showed the iPhones 5s was susceptible to hacking. As noted in DARKReading, the “CCC researchers demonstrated that an attacker with physical access to the phone could take a picture or scan fingerprints of the device’s owner and use that to create a mold of the fingerprint to launch an attack.” In theory, this vulnerability would pose a significant threat for Apple Pay users. A hacker who succeeds in thwarting the Touch ID would then have access to the stored credit cards.

The iPhone 6 is not immune to this form of hacking either, although the “iPhone 6’s fingerprint sensor is a bit more sensitive than its predecessor,” and therefore would require a more highly-skilled hacker to replicate the fingerprint, according to Security Today. The same article goes on to emphasize the additional security threat implied when a hacker is able to breach the Touch ID’s security—namely that he or she would then have access to the credit cards stored on the iPhone via Apple Pay.

Although the potential flaws in the Touch ID feature are nothing to be ignored, Apple Pay includes other security measures which go to great lengths ensuring the safety of credit card data. As noted in Fox News, EMV technology and token technology are both major features that secure payments via Apple Pay. Already in use in Europe, “EMV technology is at the heart of each Apple Pay transaction,” according to James Anderson, Group Head of Mobile and Emerging Payments at MasterCard. EMV secures Apple Pay by creating a unique string of numbers—a cryptogram—during a transaction. Someone trying to intercept a payment would be unable to do so because “they couldn’t generate a cryptogram to complete the transaction.”

Token technology, the other major security feature, creates a unique number that is bound to the iPhone. That is, “if someone hacks into the phone and successfully retrieves your 16-digit token, the hacker won’t be able to use that number to make purchases if they don’t have the phone itself.” So, even if someone were able to hack into an iPhone and retrieve that unique number, he or she would be unable to act on that information without the physical phone in hand.

Potential for flaws in security aside, Apple Pay is ultimately the most secure form of payment on the market. The benefit it brings in terms of security—especially when compared to traditional modes of payment or even existing mobile payment options - far outweigh the downsides. And, when paired with a secure point of sale system, Apple Pay will help ensure that credit card breaches are a thing of the past.

Christopher Ciabarra is the CTO and co-founder of Revel Systems.