The Security of Mobile Payments
Apple Pay vs. Google Wallet
Are mobile payment technologies safe? No system is fool proof but most companies are making an effort to encrypt, tokenise and authenticate user credentials before allowing transactions to proceed.
The most popular methods of mobile payment at the moment is well known competitors Apple and Google, presenting Apply Pay and Google Wallet.
Apple Pay is Apple's mobile payment system and uses near field communication (NFC). Apple Pay is available for iPhone 6 and iPhone 6 Plus. By using a form of tokenisation to protect consumer data, users send encrypted payment card details to Apple, which decrypts the data and identifies the card's payment network and then re-encrypts the data with a key only the payment network can use. Apple Pay allows customers to pay in store using their iPhone or Apple Watch to a contactless reader. It can be secured using the Touch ID fingerprint sensors in iOS devices to approve transactions.
Similar functionalities to Apple Pay, Google Wallet is Google's payment system. The NFC system allows users to store credit and debit cards as well as loyalty and gift cards. It is optimised for online and in-store payments. Google Wallet has a high standard of safety as it comes with a PIN you must enter to access your information on your mobile device and also has a login email and password you must use to access Wallet on the computer. Your debit card number is always hidden and is encrypted on the servers, as well as allowing you to disable your Google Wallet account remotely if you ever lose your mobile device.
The question usually asked by contactless card users is 'what happens if my card is lost or stolen?'. Not only the card issuers notice any unusual spending behaviours and put a stop on the card, but the thief is still able to make purchases up to £30 a time using the contactless function.
With Apple Pay, even if your phone was lost or stolen and even if the thief had managed to get past your lock screen password or fingerprint scan, fingerprint authentication would be required to verify every Apple Pay transaction. Not only that, but the Find My Phone function can also be deployed to remotely disable Apple Pay in case of loss, or wipe the device completely. When you add a card to your iPhone, the card number won't be stored on the handset, it will convert it into a unique Device Account Number (DAN) and this is how it's stored, in encrypted form, on the Secure Element (SE) chip on your iPhone.
The major difference between the two systems is that Apple Pay will have no access to the user's purchase information except for most recent purchases listed in Passbook, which also contains the user's credit card and bank account information. Whereas when Google approached banks and asked them to support Google Wallet, it explained that part of their support meant they would feedback data to Google information on the user's purchases as well as other personal data which may affect some people's decisions on using Google Wallet.
Of course hackers always seem to find a way, but it won't be easy for them. All of the major credit card companies, banks, and corporations are backing this new technology due to the virtual elimination of fraud. With all of the new layers of security vs. the venerable traditional plastic credit card, why wouldn't you adopt this easier, new way of payment?