Is Apple Pay Secure? – Platform Security and Privacy Overview | Hacker Noon

Apple Pay is a mobile wallet for Apple devices and is an easy way for users to make purchases in stores, applications, and on the web. It allows users in the U.S to send and receive money to friends and family using the Apple Pay feature in iMessage. In order to use Apple Pay, you must have a passcode on your device. Apple does not retain your full account number or any transaction information – all of your transactions stay between you and the merchant. Apple Pay uses multiple layers of encryption to protect your credit card information.

image

Jessica Truong Hacker Noon profile picture

Jessica Truong

Interested in security? Follow along for content within Cybersecurity

Remember, nothing is 100% safe from fraud. As we know from my previous piece where I compared Apple vs Microsoft, Apple has a reputation for their security. Apple makes it clear that Apple Pay utilizes built-in security features to help protect your transaction and personal information. In this article, we will go in detail as to Apple Pay’s security and privacy and answer the question, is Apple Pay secure?

Table of Contents:

  1. What is Apple Pay?
  2. Is Apple Pay Secure?
  3. Apple Pay Vulnerability
  4. How to Make Apple Pay Even More Secure
  5. Final Thoughts: Is Apple Pay Secure?

What is Apple Pay?

Apple Pay is a mobile wallet for Apple devices and is an easy way for users to make purchases in stores, applications, and on the web. It allows users in the U.S to send and receive money to friends and family using the Apple Pay feature in iMessage. It is a popular feature that Apple has implemented to make it convenient for their users. 

Is Apple Pay Secure?

image

Apple Pay creates a unique token each time you use it to prevent merchants from getting your actual credit card number. It uses security features that are built-in to the hardware and software of your mobile device to protect your transactions. In order to use Apple Pay, you must have a passcode on your device. 

When you use Apple Pay, Apple does not retain your full account number or any transaction information – all of your transactions stay between you and the merchant. Your card information is not stored on any of Apple’s servers or your own device. Apple Pay’s contactless system prevents your card information from being swiped by a skimming device. 

Apple Pay is designed to protect your personal information and doesn’t store your credit/debit/prepaid card numbers. They make it difficult for someone to steal your device to make purchases because the application requires you to verify your identity by using either Touch ID, Face ID or your passcode. Apple Pay uses multiple layers of encryption to protect your credit card information. 

So, the answer to our question is yes. Apple Pay is secure as long as you are using it properly and know what you can do to ensure your security.

Apple Pay Vulnerability

On October 1st, 2021, cybersecurity researchers disclosed an unpatched flaw in Apple Pay that allows attackers to make unauthorized Visa payments with a locked iPhone. All the attacker needs is a stolen iPhone that is powered on. Attackers are able to do this by taking advantage of the Express Travel mode in the device’s wallet. Express Travel is a feature on the iPhone and Apple Watch that allows users to make quick contactless payments without having to unlock their mobile device, open an application or provide a passcode. 

How To Make Apple Pay Even More Secure

image

Apple Pay already has a variety of built-in security features but that doesn’t mean that you can’t do more to keep your data safe. These are a few tips that you can follow to make Apple Pay even more secure and safe.  

Do not share your passcode. Your passcode may be an alternative way to verify that you are the one making the purchase. Make sure that your passcode is not easy to crack and to not share it with others. 

Do not allow others to add their biometrics onto your device. Permitting friends or a significant other access to your device may not be the best idea. If the friendship or relationship goes south, they can easily get into your phone and make a purchase.

Do not add cards on an unsecure Wi-Fi Network. Public networks are not safe and are easy targets for hackers. They can eavesdrop on the information you send from your device to a website and may even attempt to manipulate you into sending your credit card information to them. This is why it is better that you add your card information to Apple Pay on your home network. 

Act immediately if you have lost your device. If you have misplaced your device or it has been stolen, do not assume that your password will protect a hacker from gaining access to it.

As soon as you realize that your device is lost or stolen, place your device in “lost mode”. This will remotely lock your device, track its location and display a customized message on the lock screen when someone powers the device on. 

Keep your phone up-to-date. Make sure that you are using the latest software version on your device.

Enable two-factor authentication. You should enable two-factor authentication whenever you can as an extra layer of protection. 

Final Thoughts: Is Apple Pay Secure?

Yes, it’s secure, but I want to reiterate that doesn’t mean it is immune from cyber threat attacks. There is always more that can be done to ensure its security. 

Your card details are only stored on your phone and not on Apple’s servers. Remember that a unique code is generated whenever you make a purchase and that the merchant does not know your credit card number. Even if a hacker wanted to steal that unique code they wouldn’t be able to use it to make a purchase. Apple Pay requires either your passcode, Touch ID or Face ID as an extra layer of security before a purchase can be made. 

Tags

Join Hacker Noon