Will Apple Pay pave the way for more secure mobile payments?

Pay, Apple's latest innovation
Pay, Apple's latest innovation

Even before the release of the iPhone 6, the rumour mill had been in overdrive on what we could expect from the device's new features and functionality.

One of the most significant announcements to have been made at last week's event was the launch of Apple Pay: a new mobile payments service using NFC to enable contactless payments.

Although mobile contactless payments hold the promise of greater convenience with quick and easy 'wave and pay' transactions, they have not, to date, reached mass appeal.

The big question, now, is can Apple succeed where others have failed and take contactless payments from a niche service to more mainstream adoption?

At the heart of the issue, and probably one of the most important factors in determining if it will catch on, is the security of the system.

This is because retailers in particular have been a prime target for cyber criminals with POS systems proving to be a valuable commodity, and malware targeting credit and debit card readers or cash registers, steadily on the rise.

The cyber-attacks on US retail giants Target, Neiman Marcus and Michaels Stores - which involved malware on POS systems - had a profound impact on sales and consumer confidence in the safety of credit-card information at POS terminals.

Of course, Apple don't have control over POS systems, but its new mobile payments should provide reassurances for consumers, as it uses a new approach which would mean that it is harder for criminals to perpetrate the kind of widespread data breaches we've seen this year.

From the first analysis of Apple Pay, it appears that Apple is attempting to revolutionise payment methods into a far more secure and transaction-specific system which could only benefit the retail industry and users.

The critical difference here is that it uses "Secure Element," an encryption method to protect payment information, using a one-time payment number. Personal Credit Information is not transferred in the transaction, instead a transaction code is sent to the bank which uses an algorithm that tells the system where money needs to go.

If we add the extra stage of security in fingerprint recognition, this is a very powerful and secure change in transmitting PCI data. It's an approach which could even put pressure on banks to change the way a standard debit or credit card transaction takes place and to change their security protocols.

From what we know so far, and the workflows that Apple is proposing with the Device Account Number being used alongside a transaction-specific dynamic security code, this looks like a significant advancement in securing mobile payments.

The trade-off between security and ease-of-use for consumers has always been a challenging balance to strike. It could just be, that with this latest innovation, Apple has been able to blaze a new trail in the evolution of safer payments, pioneering a more secure method as transactions are not creating re-usable data

Time will tell if consumers are now ready to swap cash and cards for mobile payments; that said, adoption rates for NFC payments are rising and the addition of mobile payments by Apple - which has a loyal base of customers - looks set to shake things up further.

Closer assessment of the security will of course have to wait until the phones are fully in use and theory is put into practice.

What we do know is that with Apple's announcement that security and privacy are core to this service, we should anticipate a robust system that can protect consumers and their data as fully as possible.

  • Nick Pollard is Senior Director of Professional Services, Guidance Software