Payment security bods: Nice pay-by-bonk (hint: NO ONE uses it) on iPhone 6, Apple

Retailers won't lose sales 'cos they can’t take mobe payments

NFC applications

Apple's confirmation that the iPhone 6 will enable contactless payments via NFC has received a broadly positive reaction from security firms and payment-processing vendors.

Apple said it wouldn't access any payment data, so the transaction would take place between a user, bank and retailer. ‪This privacy, along with ease of use, are among the main selling points for the Apple Pay technology.

More than ‬220k merchants that accept contactless payments will accept Apple Pay. Visa and Mastercard will also support the technology, which is due to be rolled out initially in the US. The technology is compatible with the upcoming Apple Watch as well as the iPhone 6 and iPhone 6 Plus.

Dave Hobday, managing director of payment processing outfit Worldpay UK, said the Apple's introduction of the technology was a shot in the arm for "pay by bonk". He added that retailers have invested heavily in contactless payment technology despite the fact that consumer demand has so far been weak.

"If the iPhone 6 lives up to the hype, it could take a whole swathe of consumers one step closer to ditching their wallets, but things won’t change overnight," Hobday commented. “Retailers should be looking to boost investment in new payment readers when it’s clear customers are ready to use them en masse. We’ve seen a 248 per cent increase in contactless payments since 2012, but it has taken eight years to get to a point where consumers are comfortable enough to really start using the technology."

He added: “There’s no doubt Apple has the clout to change consumer behaviour, but we’re not yet at the stage where retailers will lose a sale because they can’t take mobile payments,” he concluded.

Worldpay are the UK’s biggest payment processing company and work with thousands of businesses, SMEs and sole traders.

Mark Bower, VP product management at data encryption and tokenisation vendor Voltage Security, said Apple's announcement underlined the "need for the payment world to move on from vulnerable static credit card numbers and magnetic stripes to protected versions of data – tokenised payments".

He explained: "Through the use of this data-centric security strategy, Apple Pay reduces risk of data breaches and credit card theft where it is supported. However, the world today is still in an early adoption phase with regard to new payment methods and mobile wallets, and retailers still have to contend with EMV and mag-stripe data and advanced threats."

Payment card data breaches at retailers are at the top of the news thanks to the recently disclosed breach at Home Depot, which comes months after a similar breach at US retail giant Target.

Payments expert Avivah Litan of Gartner has a thoughtful article on whether Apple Pay will save merchants from data breaches. She's positive about the technology, particularly in the US where "Chip (EMV) cards will take at least five to seven years to become more or less ubiquitous… and merchants can’t wait that long to protect themselves and their card data."

"This is very exciting news and has the potential to change the payment landscape, at least in the US, where merchants are being breached every other day and are up to their eyeballs in security issues and expenses," Litan writes. "Apple can certainly ride the security wave and offer merchants and consumers more secure payments."

She added: "Google is likely to copy Apple on the security features and then will have to enlist their handset manufacturer partners to link NFC chips to the Google Wallet. Apple has it easier in this regard since they have a closed system – ie, they manufacture the handsets and the software that runs on them. But once Google gets in the game and Android phones are enabled with more secure payments, we may actually see mobile NFC payments catch on."

Er, you take a PHOTO for security? Nudie celeb hack, anyone?

Fujitsu was more cautious about Apple's mobile wallet payments technology than others, arguing that it had missed the chance to tie payments to identity-checking biometrics. Apple Pay uses near-field communication technology in conjunction with its Passbook app and Touch ID fingerprint reader, but this use of biometrics doesn't go far enough for Fujitsu.

"With the launch of the iPhone 6 and its payment capability, Apple has once again sent out a challenge to the industry – and this time it has the payments market in its sights," said Anthony Duffy , director of retail banking at Fujitsu UK & Ireland. "This sector, already undergoing massive evolution as internet and mobile payments take hold and new providers target perceived opportunities, will be revolutionised if Apple's mobile wallet grabs the public attention.

"At a time when many in the market are moving towards biometric for payments, Apple’s decision to go for NFC – a technology that up until now has struggled to clearly stamp its mark on the payments industry - is a bold one. While Apple’s implementation will undoubtedly help NFC recapture interest, the industry needs to keep working towards the adoption of more advanced payment technologies – such as biometrics – which will enable retailers and payment companies to provide a more secure service for their customers," he concluded.

Independent experts expressed mixed views about the technology. Security consultant Dave Whitelegg praised the combination of tokenisation and NFC in Apple Pay, while Brian Honan noted that the enrolment process involves taking a picture of a card, a possible security concern particular in the immediate wake of the recent celebrity nudie iCloud privacy leak.

Honan said: "To use Apple Pay you take a photo of your credit card to enrol it in the system. Hmm, Apple, photos and security ??? :)" ®

Sponsored: Becoming a Pragmatic Security Leader




Biting the hand that feeds IT © 1998–2019