The Security Features Behind Apple Pay

APPLE-IPHONE

Mobile payments haven’t quite caught on just yet. But if the record-breaking sales of Apple’s (NASDAQ:AAPL) newest phones are any indicator, they may be about to take off.

Apple Pay – the mobile payment system that will work on the company’s iPhone 6 and iPhone 6 Plus models – will enable users to store credit card information on their phone. Purchases can then be made by simply tapping the phone on the in-store terminal.

But given recent data breaches at retailers such as Home Depot and Target, many consumers are likely to be wary about whether the new technology will leave them vulnerable to hackers. Indeed, an Accenture report released last year found that 45% of survey respondents who do not make mobile payments said they were concerned because of security.

But despite hesitations mobile payments are likely to grow in popularity thanks to Apple Pay given the excitement over the new generation of phones. A record-breaking 4 million preorders were placed for the Apple’s iPhone 6 and iPhone 6 Plus. And though a 2014 Bain & Co. study found that only 3% to 7% of consumers currently use their phones to make in-store purchases, that figure doubled from 2012 to 2013. Additionally, an estimated 27% of shoppers were willing to try mobile payments.

When Apple Pay launches in October it will work with Visa, MasterCard and American Express credit and debit cards. Here’s a closer look at some of the security features behind Apple Pay:

1. EMV Technology

EMV technology, also called “chip and pin” technology, is already in use in Europe. (EMV stands for Europay, MasterCard and Visa.) It’s considered safer than the magnetic stripe technology currently used by U.S. credit cards, and EMV will be fully adopted in the U.S. by October 2015.

James Anderson, Group Head of Mobile and Emerging Payments at MasterCard, says EMV technology is at the heart of each Apple Pay transaction. When an Apple Pay user taps their iPhone on the terminal, the phone generates a unique string of numbers called a cryptogram. “If a fraudster were intercepting those transactions, they wouldn’t be able to use any of the data to generate a fraudulent transaction because they couldn’t generate a cryptogram to complete the transaction,” says Anderson.

2. Token Technology

Visa’s Jim McCarthy, whose team led the development of the Apple Pay technology, says Apple Pay actually takes EMV one step further thanks to its “tokenization” technology. So, instead of storing your 16-digit credit card number, the phone will store a unique number, referred to as a token.

“The number itself is bound to the device,” explains McCarthy, “so we know the token should be used by the device only.”

In short, if someone hacks into the phone and successfully retrieves your 16-digit token, the hacker won’t be able to use that number to make purchases if they don’t have the phone itself.

“They can’t log on to [an e-commerce] site and key enter it – it will be declined,” says McCarthy.

The other benefit of tokenization is that if you lose your iPhone, you don’t need to get a new credit card – you can simply turn off that token through the “Find My iPhone” tool, says Anderson. Then, when you replace your phone, you’ll be assigned a new token unique to that device.

3. Touch ID

The other big piece of the security puzzle is Apple Pay’s user identification. To go through with a transaction, an Apple Pay user will have to either use the phone’s “touch ID” feature or type in a passcode.

“You need the legitimate fingerprint to perform the transaction,” explains Anderson, who says the feature is very intuitive.

“As you’re tapping the phone on the terminal, it prompts you to put your finger on it. It reads very quickly, and then transmits very quickly. It’s another layer of security we built into the network,” he adds.

In short: Even if someone were to steal your iPhone, they wouldn’t be able to make purchases using the phone without using your fingertip, or figuring out your passcode.