This article is more than 1 year old

Your security is just dandy, Apple Pay, but here comes Android

Sometimes a token gesture is a good thing

That which doesn't pwn me can only make me stronger

US network security firm FireEye however is backing Apple Pay as a "safer, more secure payment system than traditional credit cards".

Unlike a traditional credit card, a new string of numbers is created for each NFC purchase, in lieu of transmitting the user’s card information. "This security element makes it extremely difficult for hackers to use a stolen number for any other purposes," according to FireEye.

Memory scraping malware such as BlackPOS or Dexter offer a means for crooks to swipe payment data from compromised point-of-sale terminals, the tactic used in high-profile breaches against US retailers such as Target. NFC payments thwart such tactics, according to FireEye.

"[Traditionally] merchants accept the liability of holding and processing the credit card number. However, with NFC payments, skimming credit card data is much more difficult using current hacker techniques, because a card is not swiped during the transaction and there is no way to introduce a skimmer to capture the magnetic credit card data," it added.

"Additionally, this would also mitigate the threats from memory scraping malware such as BlackPOS or Dexter that are hitting retailers today," it added.

Other side of the pond

Apple Pay's contactless payment service has been in use in the US since October 2014. Backers hype it up as a technology that will revolutionise the way UK consumers pay for goods on the high street.

Users will no longer need to carry a credit or debit card, as payments can be made directly from their mobile device. The technology is marketed as offering a seamless, frictionless payment experience to consumers.

Dr Felicity Hardley, senior lecturer of marketing at Westminster Business School, said Apple Pay could potentially become the UK’s preferred contactless payment method, boosting sales in iDevices in the process.

"The launch of Apple Pay could dramatically accelerate the use of contactless payments by consumers and could increase sales of iPhones and the Apple Watch," Hardley enthused.

However, some security experts, even those won over by the concept of contactless payments, fail to see Apple Pay as compelling.

Independent IT security consultant Paul Moore (one such critic) noted: "I'd rather de-couple my payment card from a mobile device. It's safer IMO. ‪#ApplePay‬ doesn't solve a problem I don't have."

Martyn Osborne, ‎chief product officer of global solutions at retail IT services provider PCMS Group, argued the Apple Pay launch won't have much immediate effect on UK retailers.

“If you look past all the marketing hype around the launch of Apple Pay in the UK, we can remind ourselves that there is nothing new about contactless payment," Osborne said. "Indeed, many UK retailers now offer it as an option on purchases under £20 already."

"The arrival of Apple Pay will not cause too much additional work for retailers from a technical point of view as long as their payment system is flexible and can be enabled to process Apple Pay transactions," he added.

"Aside from the fact that consumers will be using their smartphone to swipe the contact point, rather than a debit or credit card, the process is roughly the same, and the technology behind it fairly straightforward," Osborne concluded.

Some payment security experts warn that interchange fees mean Apple will struggle to replicate its US success in the UK.

“The UK launch will boost the payments industry as a whole, but however cool the technology, it will take years to reach anything near mainstream adoption," said Rich Wagner, chief exec and founder Advanced Payment Solutions, and an advisory board member of the Emerging Payments Association.

“However, it’s worth noting that Apple’s margins will be far lower in the UK than in the US, due to the huge discrepancy in interchange fee rates between the two continents. This reduces the commercial opportunity for Apple Pay in this market," he warned.

Ian Hermon, mobile payments specialist at Thales e-Security, noted that the launch of Apple Pay is likely to boost adoption of mobile payments, but accompanied by a "significant rearrangement behind the scenes as card schemes and issuing banks grapple to establish new relationships, security approaches and commercial models".

"The launch will cause further momentum in an already extensive contactless NFC terminal infrastructure in the UK; a further endorsement of the established payment rails and EMV infrastructure," Hermon added.

"This will likely lead to an uptick in adoption of mobile payment technology, and consequently, Apple will find itself in a constant battle to balance user convenience with ensuring security is factored in from the start," he said.

"This simply has to be a number one priority if consumers are going to put their trust in mobile payments. With that in mind, it is encouraging to see tokenisation at the heart of the security agenda, which will help issuers with payment channel separation and also protect the merchant in the event of a data breach,” he added.

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like