Apple Pay may be the most successful mobile payment solution in terms of widespread adoption. It will only work with the iPhone 6 or newer, because older models lack the necessary NFC equipment. If you already have an iPhone 6, though, you only need to use the pre-installed Passport app. There are simple, on-screen instructions for adding a debit or credit card. You can even add all of your UNITED SA cards!
Apple Pay and other, similar services use a process called “tokenization” for their security. In the simplest possible terms, tokenization is the use of a non-secure bit of data to stand in for a secure one. It’s like arcade tokens. The secure data is the quarter, which you exchange at a machine for a token. That token then tells the arcade machines that you have a quarter to play. The game machine never sees the actual quarter, but accepts the token that stands in for it instead.
Apple Pay works the same way. The app creates a token – a random series of numbers – that corresponds to your account, along with a one-time security key. It transmits that data to the payment terminal. The payment terminal transmits that token to the “token vault,” a secure database that links these tokens to the actual accounts. The token vault connects the token to the real account, provided the security key is correct. That token vault then transmits a charge directly to the linked cards, while returning a verification of funds to the payment terminal. With Apple Pay, the token vault is hosted at the payment processor, so the point of sale terminal never even sees your card information.
This is different from a swiped or keyed transaction. Ordinarily, the terminal reads your credit or debit card information directly and transmits it to the payment processor. This means your card’s information is stored in three different places. Any one of those could be the site of a data breach. In fact, one of the major recent data breaches, Home Depot, was caused by a bug in the point of sale terminal.
With Apple Pay’s tokenization, your information is seen only by the payment processor and your financial institution. That’s fewer points of failure along the information chain. And that makes your transactions more secure. Apple has gone to great lengths to ensure that the token interaction takes place at payment processors, removing its own servers from the process as much as possible.
Importantly, this means that Apple itself has no idea what purchases you’re making. It can’t track your behavior based on your Apple Pay transactions. For fans of internet privacy, this has to be good news.
There are other layers of security involved in Apple Pay and similar services. For starters, the apps won’t work unless your phone is unlocked. Given the fingerprint reader technology in most modern smartphones, that’s an added layer of protection between a potential thief and your data.
The biggest downside of this level of security is the cost involved in implementing it. Because of Apple’s insistence that the token interaction not use its servers, some payment processors have been reluctant to add the additional security. This has slowed the expansion of Apple Pay technology, and is part of the reason only about a third of retailers accept the service.
In sum, Apple Pay’s tokenization system is an efficient, secure way to pay. By using modern technology and the latest in encryption protocols, Apple Pay is able to keep your data more secure and private than ever. You can feel confident using Apple Pay anywhere you’d pay with your credit or debit card.