Tech News
Just how secure is Apple Pay? Uh oh.
(Tech News) With Apple Pay being a key feature of the new Apple devices, consumers begin to wonder, just how secure is the Apple Pay feature?
All hail the Apple Pay system
One of the best features of the new iPhone is the Apple Pay system. It allows iPhone 6 users to take a picture of their credit cards, verify the numbers, and add them in to their Passbook so they can use these cards at a later time.
This is also supposed to allow the user to pay without ever providing the business with their credit card number. But, they seem to have forgotten that not every one will use this feature as intended. Some people may scan a credit card and begin to use it without the cardholder’s permission.
Consumer Reports (CR) actually gave this potential problem a test drive. Glen Derene, from CR, scanned and verified a few credit cards that were in his name and then proceeded to add two of his CR co-worker’s cards (presumably with their knowledge).
It looked like it was going to work, at first, but when prompted to verify by email, text, or a customer service call, using it would be difficult. This two-step verification system would require access to the cardholder’s email, phone, or the ability to answer security questions with customer service.
However, if you think about this in terms of theft, it becomes a bit worrisome.
Why this is so worrisome
Say you leave you purse at a restaurant and do not realize you have left it until you are almost home; if someone were to take it, they would more than likely have access to your phone and your credit cards. Theoretically, someone could add and verify your cards, since they likely have your phone from your purse. If you enable the passcode feature on your phone, this would of course, slow any thieves down a bit, but it is still a bit worrisome.
According to CR, Apple Pay works by a process known as credit/debit card provisioning. “You aim the camera of an iPhone 6, 6 Plus, or one of the new iPads at a credit card and the device reads the card number, customer name, and expiration date off the face of the card, then encrypts that data and sends it to Apple’s servers.
Apple then displays any terms and conditions to which the card-issuing bank needs the customer to agree. Once those terms and conditions are agreed to by the end user, the Apple Pay servers send information from the device (which can include the last four digits of the phone number and location information) and info from the user’s iTunes account to the bank for verification.
No additional verification needed
When Derene attempted to add his wife’s card, it was added with no additional verification necessary. She knew he was attempting to use it, but he was not an authorized user on the account.
Derene stated, “that was unexpected, since it is my wife’s private card, and she has never authorized me as a user. Also, that card isn’t associated with our family iTunes account. In fact, I have no current financial relationship with Citibank at all,” and yet he was allowed to fully use her credentials as if he had the actual card in his hand, making several purchases.
Derene did reach out to Citibank to ensure this was not just an unfortunate glitch, and was told sine he had all the vital information, including the same verified address, the system assumed he was authorized. He also reached out to other financial entities involved with Apple Pay, and no one really wanted to provide much detail about how provisioning works. Not too comforting considering the amount of damage that could be done, should your credit card information fall into the wrong hands.
In defense of Apple Pay
In defense of Apple Pay, there have been instances were credit card information has been stolen through air waves, as well as, several cases of major corporations’ data files being hacked.
Basically, your credit card information has the potential to be stolen any time you use it, but if you use Apple Pay, you may want to take a few extra steps to ensure it stays a little bit more secure: enable a pass code, make sure your credit card fraud alerts are enabled so you know if your card has been used, and regularly check your statements to ensure all purchases were made by yourself or an authorized user.
But, they do need to mandate a two-step verification regardless of whether or not your possess all the “correct” information.
Tech News
How to safeguard your small company’s data without distrusting staff
(TECHNOLOGY) Even a tiny company has valuable data that can be stolen from inside – without adopting a policy of distrust, you can take preventative action
Tech News
Twitter bid on hold, Tesla stock plummets: What’s next for Musk?
(SOCIAL MEDIA) The surprising bid of $44B coming in for Twitter from none other than Elon Musk is now on hold and Tesla stock is down. Is Musk in hot water?
In the largest corporate privatization deal in U.S. history, Twitter has accepted Elon Musk’s offer to buy 100% of Twitter for 44 billion.
Musk plans to privatize the company and do away with ads, a nearly 5-billion-dollar revenue source for Twitter, which accounts for 90% of their total income. Musk’s plan to do away with ads was nothing short of strategic. Musk is a free speech absolutist – or someone who believes that free speech should be unrestricted at all costs.
Advertisers are the main reason speech is restricted on social media platforms. For social media giants like Facebook, Instagram, and Twitter who rely on advertisers buying space on their platforms, as well as sponsored content, to make most of their profits eliminating this revenue stream is not a decision that should be taken lightly. Without these restrictions or community guidelines, advertisers would not advertise on social media, and the sites could not generate much of their revenue.
But, when your pockets run as deep as Musk’s, I suppose revenue doesn’t particularly matter.
Some changes Musk plans on making are as follows: He claims, that despite the lack of advertisements, he will quintuple Twitter revenue by 2028. He plans on doing this while cutting Twitter’s reliance on ads to less than 50% of the total revenue. He also plans on growing the platform’s user base. He claims by 2025 there will be 69 million users on Twitter (however, considering 69 is his favorite number I’m not sure if this is accurate or another one of his famous trolling stunts). He also plans on offering a paid service, Twitter Blue, which will allow users to customize their Twitter experience for only $3 a month.
However, advertising is not the only hurdle to free speech on a social media platform.
Now Musk will face a barrage of questions and restrictions from government watchdogs, regulators, and activists. Twitter could even end up being banned in other countries if Musk attempts to skirt regulations. Musk wants to strip back content moderation rules and stop the censorship of new organizations; he has also not answered questions about how he plans to go about this, only stating that he’d only allow free speech that “matches the law”.
However, several European countries are changing their laws. New laws in the United Kingdom and The European Union (which comprises 27 European countries). The EU, for example, has enacted the Digital Services Act and The Digital Markets Act which aims to create a safer digital space, while protecting the rights of users and leveling the playing field for businesses. These acts extend to social media. The acts, in part, heavily fine companies that refuse to curtail illegal content on their platforms. However, as of May 9th, 2022, EU Industry Chief, Thierry Brighton, met with Elon Musk in Texas and they have reached an agreement regarding free speech and The Digital Services Act. Yet, the pair has not gone into detail about what exactly their agreement entails. When asked, Musk simply stated that it “totally aligned with his thinking”.
Musk may have circumvented the largest spanning cyber laws, but that does not mean he’s out of the woods regarding governmental regulation of Twitter around the world.
Now, the decision for Musk to purchase Twitter, and go public was a polarizing one and was met with mixed reactions. People did not hold back, and many roasted Musk for his decisions.
Some of my favorite reaction tweets are:
Okay, but they make a good point. He’s been heralded as a “Real-life Tony Stark” and there’s nothing technically stopping him from being Iron Man.
Live your dreams I guess, Elon.
Sure some people are disgruntled by the whole ordeal, but there’s really not a way to boycott this. In fact, the user base is only projected to grow for Twitter, with Elon at the helm.
And, in true Musk fashion he trolled Twitter users, critics and fans by tweeting a series of Tweets detailing which companies he was going to buy next.
Musk then said would buy America’s most popular fast-food chain, and fix the most common complaint. I have to admit, I kind of want him to follow through on this one.
First, he threatened to buy Coca-Cola and put the cocaine back in, referring to the inception of the popular soft drink, when it first contained cocaine.
Lastly, the new Twitter CEO threatened to shut down the entire platform altogether, so that all the users go outside.
UPDATE:
As of Friday the 13th (spooky), Musk announced his Twitter bid of 44 billion dollars is currently on hold.
He claims he still plans on following through with the acquisition, and he will owe Twitter a one-billion-dollar breakup fee if he does not follow through. However, if he can afford to spend 44 billion on a social media website, I have to assume one billion dollars isn’t much of a deterrent for him. The bid could be on hold for multiple reasons.
He could be trying to negotiate a better price for Twitter, the deal could be falling apart or he could simply be walking away. One issue is that he was going to borrow against his smart car company, Tesla, but Tesla stock has been plummeting as of late. A part of me wonders if this is some kind of bizarre stunt in order to get media coverage and attention prior to unveiling a new concept at either Tesla or SpaceX. After the frenzy the news of Musk purchasing Twitter has caused, the deal may not even go through, and once again, the future of Twitter remains uncertain.
Tech News
How to audit your site to really make sure it’s built for visitors, not for YOU
(ENTREPRENEUR) As a business owner, you may find yourself taking a more “set it and forget it” approach to your website, but this isn’t getting you visitors
-
Business Entrepreneur1 week agoEntrepreneurs face higher rates of mental illness [part one]
-
Business Entrepreneur1 week agoMany entrepreneurs facing mental health issues don’t get help [part two]
-
Business Marketing5 days agoThe use of offline marketing can still be advantageous in a digital world
-
Business News3 days agoHow to apply to be on a Board of Directors
-
Business Finance1 week agoFollow these 7 steps to get outstanding invoices paid to you ASAP
-
Opinion Editorials2 days ago3 reasons to motivate yourself to declutter your workspace (and mind)
-
Tech News2 weeks agoSometimes tech is a sight for sore eyes – others it’s the cause of them
-
Business Entrepreneur2 days agoHaving client difficulties? Protect yourself with an exit strategy clause
wonderYrednow
October 26, 2014 at 11:14 pm
Or maybe using the fingerprint pass code on the iPhone 6 would slow down potential thieves.
Of course, if you cut off your finger and left it in your purse….well, that would speed things up for the thieves.
jmmx
October 26, 2014 at 11:17 pm
Interesting article with some good points.
I do have some issues with this:
“Say you leave you purse at a restaurant and do not realize you have left it until you are almost home; if someone were to take it, they would more than likely have access to your phone and your credit cards. Theoretically, someone could add and verify your cards, since they likely have your phone from your purse.”
First – if you lose your cards than you have problems Apple Pay or not.
More importantly, Apple Pay usually works with Touch ID. TID requires you to have a passcode. Assuming your their does not know your passcode then he is locked out of your phone.
If you get all the way home before realizing you lost your purse, the first thing to so would be to get on your computer, and use Find mi iPhone to deactivate it, then call the credit card companies to notify them.
If you lose your physical cards to thieves, you will always have problems. If you did not have your cards with you because you knew you had your iPhone, will that certainly would be better.
Michael Long
October 27, 2014 at 9:54 pm
“More importantly, Apple Pay usually works with Touch ID. TID requires you to have a passcode. Assuming your their does not know your passcode then he is locked out of your phone.”
It doesn’t usually work with Touch ID, it requires it. You can’t use Apple Pay on a device without a passcode set and Touch ID enabled. Disable Touch ID and/or the passcode, and you lose the ability for the system to access the encrypted token in the Secure Enclave.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 4:29 pm
The final answer is very secure.
Michael Long
October 27, 2014 at 9:51 pm
This has to be the stupidest article I’ve ever seen. If a woman leaves her purse behind with a bunch of credit cards in it… SHE’S ALREADY LOST THE CARDS!
Further, you just need to jot down the numbers to steal them. The phone’s not needed at all.
But since you seem to think that they’re equally insecure, let’s try this. We both go to a seedy bar. You leave your wallet with credit cards behind, and I’ll leave my Apple Pay-enabled Touch ID protected iPhone behind.
We then wait to see whose card numbers get stolen first, and whose appear second (if at all).
Alfiejr
October 28, 2014 at 4:07 am
anyone that doesn’t have Passcode turned on is an idiot begging to be ripped off. not to mention TouchID makes Passcode drop dead easy to use and airtight (don’t insult us with James Bond latex finger mold scenarios – damn few of us are international spies) for Apple Pay devices.
the CR guy got his wife’s card to work because the accounts’ address was the same. so Citibank was sloppy – drop them. but i got separate email notices for each credit card i scanned in – all my own. Chase was not sloppy – use them.
rolandestrada
October 28, 2014 at 4:15 pm
Research is critical when writing articles like these. It’s easy to get clicks with inflammatory headlines. But when the facts fall down in the main article trouble ensues. Take a look at the flack of over CurrentC’s 2015 rollout of its’s payment system. CurrentC is the reason behind CVS and other merchants banning Apple Pay and Google Wallet as forms of payment. Even though some of these merchants have had NFC payments enabled for some time.
These merchants have banned NFC not because it is inherently insecure but because they have contractual obligations with CurrentC.
There are two good articles on this subject – John Gruber at Daring Fireball and Josh Costine at Tech Crunch. It’s a follow the money scenario.
rolandestrada
October 28, 2014 at 5:46 pm
If you have doubts about Apple Pay security versus CurrentC, go take a read of Nick Arnott’s post on iMore. CurrentC as a story is exploding all over the net. Will it cause CurrentC to implode before it actually launches? One can only hope. Take a look at the one star reviews of CurrentC on the iTunes app store. Hilarious!!.