Apple Pay's launch will impact mainstream payments market but how?

Security at the core

Nearly two weeks ago at an event in California, Apple showed off the latest iterations of its smartphone range, the iPhone 6 and the iPhone 6 plus, alongside the widely expected introduction of the company's first foray into the wearable tech market, the Apple Watch.

Amongst all of this excitement, however, many commentators feel that the real game-changing announcement could be that of Apple Pay, a new feature which will enable iPhone users to retain financial information on their phones in order to make in-store purchases. This feature isn't expected to be rolled out in the UK until 2015.

Apple Pay - the payment gatekeeper?

Contactless payments are already firmly in the mainstream, with all card operators now pushing contactless chip-and-pin cards. Mobile payment is also in use, with many other device manufacturers utilising NFC payments. This technology has been around for a while though, and as of yet has not taken off. This is mainly because it is inconvenient and costly to implement at the point of sale, and perhaps perceived as less secure by the customer.

Although other device manufacturers are utilising NFC, Apple has always had a knack of bringing previously unknown technologies into the mainstream, so the tech giant will be hoping that now it has endorsed NFC, it'll become the payment gatekeeper.

The new Apple Pay feature has been receiving support from the payment industry, although it remains to be seen how and if it will be widely adopted by users. Having said that, positioning their device as a payment/purchases gateway, and therefore gatekeeper, is a very smart move by Apple, and is similar to how they were able to make iTunes and the iPod such a successful pairing in the music industry.

We are very interested to see whether Apple will continue to apply a "walled garden" model. Which card issuers will be accepted into Apple Pay and which won't? What criteria will be applied to make the selection?

It will also be interesting to see what the implications for merchants will be in terms of costs and risks of fraud and theft, as well as how / if these will be passed to the customers. It could be some time until we discover if Apple Pay is utilised in the mainstream payments market, but we look forward to seeing how it compares to existing competition in the market.

Apple Pay - security heaven or security burden?

When it comes to security considerations, we believe that any errors in the implementation of Apple Pay, especially with regards to the contactless feature, will surface pretty quickly. Furthermore, we expect 'evil maid' attacks, whereby the attacker can physically target a device multiple times, and 'replay' attacks against the fingerprint sensor to become a real threat in the near future.

Whether Apple Pay is more secure than traditional methods of payment also remains to be seen. Intuitively speaking, the more complex the solution, the larger the so-called 'attack surface.' There will be a biometric sensor, a secure data store and a secure means of communication, and they will all have to work together flawlessly to keep any attacks at bay.

If this high-profile launch does not go to plan, either due to lack of security – or lack of interest, it could set the payments industry back several years. Moreover, if, as Apple seems to suggest, customers will store credit card information tied to their various accounts within the iPhone 6, that device has just become a very tempting target for any criminal.

Catalin Cosoi is Chief Security Strategist at security firm, Bitdefender.

Tags