Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple Pay security: We find out if there are any risks using Apple Pay

Nik Rawlinson | June 26, 2015
Apple Pay arrives in July - here's what you need to know.

Using Apple Pay in a real-world setup requires you to hold your iPhone or Apple Watch against the shop's contactless card device (you can't use an iPad in store). If you're using the Watch, you then press the side button twice to authorise the transaction or, if you're using the iPhone, you enter your passcode or use Touch ID to scan your finger.

As passcodes can now comprise more than just four digits, they're more secure than using a regular PIN, which has only 10,000 possible combinations if you include 0000.

Fingerprints offer even more protection. The likelihood of finding two people with the same pattern of loops and whorls stands at around one in 64,000,000, which means you're about four times as likely to win the National Lottery as you are to have a fingerprint that matches anyone else - and the chance of ever meeting that person... Well, it's unlikely and it's even more unlikely that they will get hold of your iPhone.

Fingerprinting isn't a precise science, though. Speaking to the Daily Telegraph in 2014, Mike Silverman, who rolled out the Metropolitan Police's first automated fingerprint detection system, explained that the process of identifying a print is more complicated that we might imagine. "No two fingerprints are ever exactly alike in every detail, even two impressions recorded immediately after each other from the same finger," he said. "It requires an expert examiner to determine whether a print taken from crime scene and one taken from a subject are likely to have originated from the same finger."

This has led to some miscarriages of justice when experts have declared two different prints to match, so it's perhaps fortunate that the detection performed by your iOS device is entirely driven by algorithms and doesn't rely on the skill of a trained eye.

Hack protection for Apple Pay

Apple Pay can also be used to buy products and services inside an app, but not currently over the web.

The fact you need to authorise the transaction before it can complete - and that your card details are never involved in the process - protects you from drive-by NFC hacks.

The Near Field Communication system is designed to connect quickly and easily to nearby devices, such as contactless card readers, with which it can share data. This has led some to posit that it would be possible to wave a card reader against your pocket and process a transaction automatically. This is exactly how NFC-based transport tickets work, allowing you to open a platform gate by tapping your card on a reader without entering your PIN.

We can't vouch for the security of every NFC-enabled device, but the checks and controls built into Apple Pay make this kind of attack all but impossible, as you'd have to physically authorise the transaction, and therefore be aware of it taking place.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.