Tech News

Just how secure is Apple Pay? Uh oh.

(Tech News) With Apple Pay being a key feature of the new Apple devices, consumers begin to wonder, just how secure is the Apple Pay feature?

Published

6 years ago

October 26, 2014

Jennifer Walpole, Sr. Staff Writer

applepay

All hail the Apple Pay system

One of the best features of the new iPhone is the Apple Pay system. It allows iPhone 6 users to take a picture of their credit cards, verify the numbers, and add them in to their Passbook so they can use these cards at a later time.

This is also supposed to allow the user to pay without ever providing the business with their credit card number. But, they seem to have forgotten that not every one will use this feature as intended. Some people may scan a credit card and begin to use it without the cardholder’s permission.

Read also: Comparing cloud storage services’ cost, size, and security

Consumer Reports (CR) actually gave this potential problem a test drive. Glen Derene, from CR, scanned and verified a few credit cards that were in his name and then proceeded to add two of his CR co-worker’s cards (presumably with their knowledge).

It looked like it was going to work, at first, but when prompted to verify by email, text, or a customer service call, using it would be difficult. This two-step verification system would require access to the cardholder’s email, phone, or the ability to answer security questions with customer service.

However, if you think about this in terms of theft, it becomes a bit worrisome.

Why this is so worrisome

Say you leave you purse at a restaurant and do not realize you have left it until you are almost home; if someone were to take it, they would more than likely have access to your phone and your credit cards. Theoretically, someone could add and verify your cards, since they likely have your phone from your purse. If you enable the passcode feature on your phone, this would of course, slow any thieves down a bit, but it is still a bit worrisome.

According to CR, Apple Pay works by a process known as credit/debit card provisioning. “You aim the camera of an iPhone 6, 6 Plus, or one of the new iPads at a credit card and the device reads the card number, customer name, and expiration date off the face of the card, then encrypts that data and sends it to Apple’s servers.

Apple then displays any terms and conditions to which the card-issuing bank needs the customer to agree. Once those terms and conditions are agreed to by the end user, the Apple Pay servers send information from the device (which can include the last four digits of the phone number and location information) and info from the user’s iTunes account to the bank for verification.

No additional verification needed

When Derene attempted to add his wife’s card, it was added with no additional verification necessary. She knew he was attempting to use it, but he was not an authorized user on the account.

Derene stated, “that was unexpected, since it is my wife’s private card, and she has never authorized me as a user. Also, that card isn’t associated with our family iTunes account. In fact, I have no current financial relationship with Citibank at all,” and yet he was allowed to fully use her credentials as if he had the actual card in his hand, making several purchases.

Derene did reach out to Citibank to ensure this was not just an unfortunate glitch, and was told sine he had all the vital information, including the same verified address, the system assumed he was authorized. He also reached out to other financial entities involved with Apple Pay, and no one really wanted to provide much detail about how provisioning works. Not too comforting considering the amount of damage that could be done, should your credit card information fall into the wrong hands.

In defense of Apple Pay

In defense of Apple Pay, there have been instances were credit card information has been stolen through air waves, as well as, several cases of major corporations’ data files being hacked.

Basically, your credit card information has the potential to be stolen any time you use it, but if you use Apple Pay, you may want to take a few extra steps to ensure it stays a little bit more secure: enable a pass code, make sure your credit card fraud alerts are enabled so you know if your card has been used, and regularly check your statements to ensure all purchases were made by yourself or an authorized user.

But, they do need to mandate a two-step verification regardless of whether or not your possess all the “correct” information.

0 Shares

Related Topics:Apple Pay rfid wireless payment

Up Next

Signet concept could be mail shipping’s first major innovation in years

Don't Miss

How UX design can help make sense of Big Data

Jennifer Walpole, Sr. Staff Writer

Jennifer Walpole is a Senior Staff Writer at The American Genius and holds a Master's degree in English from the University of Oklahoma. She is a science fiction fanatic and enjoys writing way more than she should. She dreams of being a screenwriter and seeing her work on the big screen in Hollywood one day.

26 Comments

wonderYrednow

October 26, 2014 at 11:14 pm

Or maybe using the fingerprint pass code on the iPhone 6 would slow down potential thieves.

Of course, if you cut off your finger and left it in your purse….well, that would speed things up for the thieves.

Reply
jmmx

October 26, 2014 at 11:17 pm

Interesting article with some good points.

I do have some issues with this:

“Say you leave you purse at a restaurant and do not realize you have left it until you are almost home; if someone were to take it, they would more than likely have access to your phone and your credit cards. Theoretically, someone could add and verify your cards, since they likely have your phone from your purse.”

First – if you lose your cards than you have problems Apple Pay or not.

More importantly, Apple Pay usually works with Touch ID. TID requires you to have a passcode. Assuming your their does not know your passcode then he is locked out of your phone.

If you get all the way home before realizing you lost your purse, the first thing to so would be to get on your computer, and use Find mi iPhone to deactivate it, then call the credit card companies to notify them.

If you lose your physical cards to thieves, you will always have problems. If you did not have your cards with you because you knew you had your iPhone, will that certainly would be better.

Reply
- Michael Long
  
  October 27, 2014 at 9:54 pm
  
  “More importantly, Apple Pay usually works with Touch ID. TID requires you to have a passcode. Assuming your their does not know your passcode then he is locked out of your phone.”
  
  It doesn’t usually work with Touch ID, it requires it. You can’t use Apple Pay on a device without a passcode set and Touch ID enabled. Disable Touch ID and/or the passcode, and you lose the ability for the system to access the encrypted token in the Secure Enclave.
  
  Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 2:26 pm

I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.

Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.

Reply
rolandestrada

October 27, 2014 at 4:29 pm

The final answer is very secure.

Reply
Michael Long

October 27, 2014 at 9:51 pm

This has to be the stupidest article I’ve ever seen. If a woman leaves her purse behind with a bunch of credit cards in it… SHE’S ALREADY LOST THE CARDS!

Further, you just need to jot down the numbers to steal them. The phone’s not needed at all.

But since you seem to think that they’re equally insecure, let’s try this. We both go to a seedy bar. You leave your wallet with credit cards behind, and I’ll leave my Apple Pay-enabled Touch ID protected iPhone behind.

We then wait to see whose card numbers get stolen first, and whose appear second (if at all).

Reply
Alfiejr

October 28, 2014 at 4:07 am

anyone that doesn’t have Passcode turned on is an idiot begging to be ripped off. not to mention TouchID makes Passcode drop dead easy to use and airtight (don’t insult us with James Bond latex finger mold scenarios – damn few of us are international spies) for Apple Pay devices.

the CR guy got his wife’s card to work because the accounts’ address was the same. so Citibank was sloppy – drop them. but i got separate email notices for each credit card i scanned in – all my own. Chase was not sloppy – use them.

Reply
rolandestrada

October 28, 2014 at 4:15 pm

Research is critical when writing articles like these. It’s easy to get clicks with inflammatory headlines. But when the facts fall down in the main article trouble ensues. Take a look at the flack of over CurrentC’s 2015 rollout of its’s payment system. CurrentC is the reason behind CVS and other merchants banning Apple Pay and Google Wallet as forms of payment. Even though some of these merchants have had NFC payments enabled for some time.

These merchants have banned NFC not because it is inherently insecure but because they have contractual obligations with CurrentC.

There are two good articles on this subject – John Gruber at Daring Fireball and Josh Costine at Tech Crunch. It’s a follow the money scenario.

Reply
rolandestrada

October 28, 2014 at 5:46 pm

If you have doubts about Apple Pay security versus CurrentC, go take a read of Nick Arnott’s post on iMore. CurrentC as a story is exploding all over the net. Will it cause CurrentC to implode before it actually launches? One can only hope. Take a look at the one star reviews of CurrentC on the iTunes app store. Hilarious!!.

Reply

Tech News

How to personalize your site for every visitor without learning code

(TECH NEWS) This awesome tool from Proof lets you personalize your website for visitors without coding. Experiences utilizes your users to create the perfect view for them.

Published

15 hours ago

March 3, 2021

Natalie Gonzalez, Staff Writer

What if you could personalize every step of the sales funnel? The team over at Proof believes this is the next best step for businesses looking to drive leads online. Their tool, Experiences, is a marketer-friendly software that lets you personalize your website for every visitor without coding.

Using Experiences your team can create a targeted experience for the different types of visitors coming to your website. The personalization is thought to drive leads more efficiently because it offers visitors exactly the information they want. Experiences can also be used to A/B test different strategies for your website. This could be a game changer for companies that target multiple specific audiences.

Experiences is a drag-and-drop style tool, which means nearly anyone on your team can learn to use it. The UX is meant to be intuitive and simple, so you don’t need a web developer to guide you through the process. In order to build out audiences for your website, Experiences pulls data from your CRM, such as SalesForce and Hubspot, or you can utilize a Clearbit integration which pull third-party information.

Before you go rushing to purchase a new tool for your team, there are a few things to keep in mind. According to Proof, personalization is best suited for companies with at least 15,000 plus visitors per month. This volume of visitors is necessary for Experiences to gather the data it needs to make predictions. The tool is also recommended for B2B businesses since company data is public.

The Proof team is a success story of the Y Combinator demo day. They pitched their idea for a personalized web experience and quickly found themselves funded. Now, they’ve built out their software and have seen success with their initial clients. Over the past 18 months, their early-access clients, which included brands like Profitwell and Shipbob, have seen an increase in leads, proposals, and downloads.

Perhaps the best part of Proof is that they don’t just sell you a product and walk away. Their website offers helpful resources for customers called Playbooks where you can learn how to best use the tool to achieve your company’s goals be it converting leads or engaging with your audience. If this sounds like exactly the tool your team needs, you can request a demo on their website.

Tech News

3 cool ways bug-sized robots are changing the world

(TECH NEWS) Robots are at the forefront of tech advancements. But why should we care? Here are some noticeable ways robots are changing the world.

Published

7 days ago

February 25, 2021

Anais Dersimonian, Staff Writer

Bits of robots and microchips changing the world.

When we envision the robots that will (and already are) transforming our world, we’re most likely thinking of something human- or dog-sized. So why are scientists hyper-focusing on developing bug-sized (or even smaller!) robots?

Medical advances

Tiny robots could assist in better drug delivery, as well as conduct minor internal surgeries that wouldn’t otherwise require incisions.

Rescue operations

We’ve all heard about the robot dogs that can rescue people who’ve been buried beneath rubble or sheets of snow. However, in some circumstances these machines are too bulky to do the job safely. Bug-sized robots are a less invasive savior in high-intensity environments, such as mine fields, that larger robots would not be able to navigate without causing disruption.

Exploration

Much like the insects after which these robots were designed, they can be programmed to work together (think: ants building a bridge using their own bodies). This could be key in exploring surfaces like Mars, which are not safe for humans to explore freely. Additionally, tiny robots that can be set to construct and then deconstruct themselves could help astronauts in landings and other endeavors in space.

Why insects?

Well, perhaps the most important reason is that insects have “nature’s optimized design”. They can jump vast distances (fleas), hold items ten times the weight of their own bodies (ants) and perform tasks with the highest efficiency (bees) – all qualities that, if utilized correctly, would be extremely beneficial to humans. Furthermore, a bug-sized bot is economical. If one short-circuits or gets lost, it won’t totally break the bank.

What’s next?

Something scientists have yet to replicate in robotics is the material elements that make insects so unique and powerful, such as tiny claws or sticky pads. What if a robot could produce excrement that could build something, the way bees do in their hives, or spiders do with their webs? While replicating these materials is often difficult and costly, it is undoubtedly the next frontier in bug-inspired robotics – and it will likely open doors for humans that we never imaged possible.

This is all to say that in the pursuit of creating strong, powerful robots, they need not always be big in stature – sometimes, the tiniest robots are just the best for the task.

Tech News

4 ways startups prove their investment in upcoming technology trends

(TECH NEWS) Want to see into the future? Just take a look at what technology the tech field is exploring and investing in today — that’s the stuff that will make up the world of tomorrow.

Published

1 week ago

February 22, 2021

Desmond Meagley, Staff Writer

Big companies scout like for small ones that have proven ideas and prototypes, rather than take the initial risk on themselves. So startups have to stay ahead of technology by their very nature, in order to be stand-out candidates when selling their ideas to investors.

Innovation Leader, in partnership with KPMG LLP, recently conducted a study that sheds light onto the bleeding edge of tech: The technologies that the biggest companies are most interested in building right now.

The study asked its respondents to group 16 technologies into four categorical buckets, which Innovation Leader CEO Scott Kirsner refers to as “commitment level.”

The highest commitment level, “in-market or accelerating investment,” basically means that technology is already mainstream. For optimum tech-clairvoyance, keep your eyes on the technologies which land in the middle of the ranking.

“Investing or piloting” represents the second-highest commitment level – that means they have offerings that are approaching market-readiness.

The standout in this category is Advanced Analytics. That’s a pretty vague title, but it generally refers to the automated interpretation and prediction on data sets, and has overlap with Machine learning.

Wearables, on the other hand, are self explanatory. From smart watches to location trackers for children, these devices often pick up on input from the body, such heart rate.

The “Internet of Things” is finding new and improved ways to embed sensor and network capabilities into objects within the home, the workplace, and the world at large. (Hopefully that doesn’t mean anyone’s out there trying to reinvent Juicero, though.)

Collaboration tools and cloud computing also land on this list. That’s no shock, given the continuous pandemic.

The next tier is “learning and exploring”— that represents lower commitment, but a high level of curiosity. These technologies will take a longer time to become common, but only because they have an abundance of unexplored potential.

Blockchain was the highest ranked under this category. Not surprising, considering it’s the OG of making people go “wait, what?”

Augmented & virtual reality has been hyped up particularly hard recently and is in high demand (again, due to the pandemic forcing us to seek new ways to interact without human contact.)

And notably, AI & machine learning appears on rankings for both second and third commitment levels, indicating it’s possibly in transition between these categories.

The lowest level is “not exploring or investing,” which represents little to no interest.

Quantum computing is the standout selection for this category of technology. But there’s reason to believe that it, too, is just waiting for the right breakthroughs to happen.