Apple Pay will let you buy a coffee at Costa, open the gates on the London Underground, and settle your bill for a cheeky Nando’s with nothing more than a tap of your iPhone or Apple Watch on a regular contactless reader. You can also use it in apps and some websites to pay for downloads, tickets, and physical products scheduled for delivery.
Is Apple Pay safe?
The short answer is yes. Apple wants us to think of its payment gateway the same way we think about PayPal or Visa. After all, it’s only through gaining our trust that it will win our custom, and without our custom it won’t earn commission from retailers.
To that end, Apple's spent a lot of time and money on making things secure. It’s edging us all towards using six digit passcodes rather than four, and the only iOS devices through which you can authorise a payment are those with NFC (Near Field Communication) and the device-unique Secure Element chip built in. So, if you don’t have an iPhone 6, 6 Plus, iPad Air 2, iPad mini 3 or Apple Watch, or a newer device, you’ll have to upgrade – or stick to alternative payment options.
- Your card details are never shared by Apple when you use Apple Pay, so making purchases with your iPhone, Apple Watch, iPad and Mac is actually a safer, more private way to pay.
- When you set up Apple Pay your card number is never actually stored on your device or on Apple's servers, so when you pay, your card numbers are not shared by Apple with the merchants.
- Apple also doesn’t keep any transaction information so it can't be tied back to you. You can view your most recent purchases in the Wallet app on your iPhone or Watch, but that’s as far as it goes.
It's a safe and secure way to pay, but we look at Apple Pay Security in more detail below...
How does Apple Pay work
It's also worth mentioning that Apple has a strong record when it comes to payment systems. Even the biggest payment platforms suffer compromises from time to time, but Apple has built up customer trust when purchasing through iTunes and the App Stores.
Apple hasn't been immune from security problems, admittedly, with the nude celebrity photo leak from iCloud recently put at its door. (The company did claim that this was the result of a targeted attack on password and usernames, mind you, rather than a failure of iCloud's security systems.) But even if some pundits felt its initial response to the leak was lacklustre (or even victim-blaming), it then responded by insisting that security will be beefed up in iOS 8: pushing two-factor authentication and sending additional security warnings. Apple is taking security seriously.
Incidentally, Tim Cook pointed out that the system Apple Pay is proposing to replace isn't exactly super-secure itself, since it's easy to lose a credit card or have it compromised.
"This whole process is based on this little piece of plastic," he said. "And whether it's a credit or debit card, we're totally reliant on the exposed numbers and the outdated and vulnerable magnetic strip. Which, by the way, is five decades old. And the security codes, which aren't that secure."
We address this concern in still more detail in separate articles: Here are the security questions raised by Apple Pay and Apple Pay's security pros and cons.
Can anyone get your card details from Apple Pay?
Your credit card number isn't given to the merchant. What you're doing, rather, is creating a device-only account number and storing it in the secure element. "You use a one-time payment number and a dynamic security code," said Eddie Cue.
The secure element is a hardware component - a chip inside the iPhone 6 and iPhone 6 Plus where sensitive data can be stored. Secure element is a generic term for protected memory on smart cards, and the data on the secure element isn't even accessible to iOS (it's only accessed via a random code during the transaction). Hackers wouldn't be able to get hold of your credit card details if they hacked your phone. And it's apparently able to sense if someone is dismantling the phone in an attempt to access the data on the secure element.
When you add a credit or debit card to Apple Pay, Apple encrypts the whole process from end to end, wrapping up the card details in a unique identifier before handing it over to your card operator.
Assuming you're credit-worthy, the operator sends back an authorisation key that's stored in the Secure Element in the iOS device or Watch. Secure Element, is an industry standard chip, so you're not relying on just Apple to maintain the technology, and because each one is unique to the device in which it resides, it reliably ties your device to your account. That way, the card processor knows exactly whose account to debit without passing your details over the network again or handing them to the retailer itself.
So essentially the actual card details aren't available to anyone to steal from your iPhone or during the transaction.
Is using Apple Pay on the high street safe?
So, the transaction is secure in transit as it’s effectively useless data, but that’s only half of the equation. Apple has also come up with a way to keep the physical interaction between your device and the reader safe, too.
Using Apple Pay in a real-world setup requires you to hold your iPhone or Apple Watch against the shop’s contactless card device (you can’t use an iPad in store). If you’re using the Watch, you then press the side button twice to authorise the transaction or, if you’re using the iPhone, you enter your passcode or use Touch ID to scan your finger.
As passcodes can now comprise more than just four digits, they’re more secure than using a regular PIN, which has only 10,000 possible combinations if you include 0000.
Fingerprints offer even more protection. The likelihood of finding two people with the same pattern of loops and whorls stands at around one in 64,000,000, which means you’re about four times as likely to win the National Lottery as you are to have a fingerprint that matches anyone else - and the chance of ever meeting that person... Well, it's unlikely and it's even more unlikely that they will get hold of your iPhone.
Fingerprinting isn’t a precise science, though. Speaking to the Daily Telegraph in 2014, Mike Silverman, who rolled out the Metropolitan Police’s first automated fingerprint detection system, explained that the process of identifying a print is more complicated that we might imagine. "No two fingerprints are ever exactly alike in every detail, even two impressions recorded immediately after each other from the same finger," he said. "It requires an expert examiner to determine whether a print taken from crime scene and one taken from a subject are likely to have originated from the same finger."
This has led to some miscarriages of justice when experts have declared two different prints to match, so it’s perhaps fortunate that the detection performed by your iOS device is entirely driven by algorithms and doesn't rely on the skill of a trained eye.
Hack protection for Apple Pay
Apple Pay can also be used to buy products and services inside an app, but not currently over the web.
The fact you need to authorise the transaction before it can complete – and that your card details are never involved in the process – protects you from drive-by NFC hacks.
The Near Field Communication system is designed to connect quickly and easily to nearby devices, such as contactless card readers, with which it can share data. This has led some to posit that it would be possible to wave a card reader against your pocket and process a transaction automatically. This is exactly how NFC-based transport tickets work, allowing you to open a platform gate by tapping your card on a reader without entering your PIN.
We can't vouch for the security of every NFC-enabled device, but the checks and controls built into Apple Pay make this kind of attack all but impossible, as you'd have to physically authorise the transaction, and therefore be aware of it taking place.
How is the Apple Pay transaction authorised?
Once your code or finger are recognised, Apple Pay sends your card provider the key from your Secure Element, plus the amount you’re spending and the merchant identifier, which is a double check, unique to that outlet, that ensures only they can receive the payment.
The retailer doesn’t need to see your card details, and neither Apple nor your bank gets to find out what you’re buying, so either half of the transaction is kept secret from the party who has no need to know about it.
If I lose my Watch or iPhone can someone make purchases?
If you lose Watch or iOS device, putting it into Lost Mode through Find my iPhone suspends the key stored in your Secure Element so nobody can make purchases on your account.
And despite all this, if you still fall foul of a scam – which will almost certainly be a case of human error – the most you can lose in the early days is a paltry £30.
How to secure Apple Pay if your phone is stolen
If the iPhone is lost or stolen you can use Find My iPhone to suspend all payments from that device. There's no need to cancel the credit card, because the number isn't stored on the device, as we already mentioned - we can thank tokenisation for that.
Could a hacker steal my credit-card details from the iPhone?
Apparently not. As a security measure, the credit card details aren't actually stored on the iPhone, or on Apple's servers. (It may be worth mentioning that Google Wallet works differently: Google keeps your card details on its servers.)
Apple says the payment network or issuing bank will provide a Device Account Number, using a technique called tokenisation: replacing a sensitive piece of data with a random piece of data that typically has the same format. Tokenisation reduces or removes the need to update existing systems that require a credit-card number, without exposing the real number to theft.
But here's one last word on security. One site reckons that Apple Pay and other electronic wallet technologies are actually making it easy to commit credit-card fraud. It reports that criminals are bypassing the security checks by using the old-fashioned fraud method - buying hacked credit-card details - and then setting these up on an iPhone's Apple Pay system, which then allows them to pay for goods without any identification checks beyond the fingerprint - which won't be a problem, because it's the fraudster's phone, even though it's not his credit card.
Obviously this is hardly Apple's fault, nor is it really a new problem - it simply makes the fraud process slightly smoother for criminals who have already got their victim's credit-card details. Read more details for yourself here.
If I'm hit by fraud on Apple Pay, will I be liable for any losses?
The situation should remain much the same as when using credit or debit cards on their own. In its guide for merchants, Apple explains about fraud liability:
"Will I [the merchant] be liable for fraud on Apple Pay transactions?
"Apple Pay transactions are treated in the same way as your current credit and debit transactions. You'll have the same liability rules applied to Apple Pay transactions."
Regulations in the UK dictate that cardholders are not held financially liable for any fraud on their cards, "provided you have not acted fraudulently or without reasonable care (e.g. you haven't written down your PIN and haven’t disclosed it to someone else)", and this will apply under Apple Pay too.
Payments made using Apple Pay in a shop are classified as card-present transactions, by the way. Payments made using Apple Pay within apps are card-not-present transactions. This has some ramifications in terms of liability if something goes wrong, but either way it shouldn't be you picking up the tab.
What about privacy - can I be tracked if I pay using Apple Pay?
Apparently not. Eddie Cue insisted: "Security is at the core of Apple Pay; but so is privacy. We are not in the business of collecting your data." (Was that a shot at Google?)
When you go to a shop, Apple doesn't get to know what you bought, how much you paid for it, or any other personal details. The guy behind the counter doesn't get to see your name or your credit card number - all of which are potential weak spots of the current system, under which cards are occasionally cloned and ripped off.