Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security, payments experts talk Apple Pay

Al Sacco | Oct. 24, 2014
Three security and payments industry experts discuss the pros and cons of Apple's new iPhone-based contactless payment system, Apple Pay.

"Attackers will have a harder time monetizing stolen personal details than credit card numbers -- particularly from offshore," Pearce says. "It's difficult to see how Apple Pay could be worse than aspects of existing payment systems, even if done terribly." 

Apple-Only and Limited Merchant/Bank Support
Apple operates a closed ecosystem for it products, for the most part, and Apple Pay is no exception to the rule. To use it, you must have a new iPhone.

"The requirement for an Apple device is a blessing and a curse for a technology [like Apple Pay]," Pearce says. "It both guarantees a number of devices in the hands of desirable customers, possibly helping to reach critical mass for takeoff -- but it also means many people who prefer Android [or another platform] will be out of luck." 

In addition, a lack of employee training on Apple Pay at retailers could negatively affect the customer experience, according to Peter Olynick, card and payments practice lead with Carlisle & Gallagher Consulting Group, a management-technology consulting firm.

"You don't have sufficient merchant acceptance. It's hit or miss whether or not a random store you go into will be able to support it," says Olynick. "Because of that, the people who work at the stores, they aren't used to it. Training at the clerk level is not high enough."

Apple's closed approach could also ultimately hurt its ecosystem and stunt Apple Pay's growth in the long run. 

"Apple Pay is dedicated to a single platform," Olynick says. "If [Apple] really wants it to be a ubiquitous payment vehicle, its has to open it up to more devices, as opposed to only allowing Apple users to use it." 

Pearce suggests Apple's approach could lead to security issues as well. "While monocultures are good for fast growth, if something goes wrong in widely used technologies it can have a huge impact -- as Heartbleed and Shellshock demonstrated," Pearce says. " If a problem is found in Apple Pay several months from now, it could affect many millions of people."

Just as Apple Pay itself is limited to new iPhone users, it's also restricted to a relatively small set of leading U.S. banks and financial institution.

"If you can't, or don't want to, have an account with one of them, then you are locked out of this secure ecosystem until, and unless, small banks and credit unions offer it," Pearce says. 

Even the big banks place restrictions on the kinds of cards they support, resulting in fragmentation. For example, American Express supports Apple pay for personal and small business accounts, but not for its corporate cards.

Apple Pay a Significant Target for Bad Guys
Apple Pay could make iPhones more attractive to thieves, Orozco says. Users should be more conscious of security, and always use a screen lock and enable remote wipe features.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.