Did Apple Just Improve Card Security?

Which side are you on?

The universe these days seems to be split into Apple lovers and Apple haters. The lovers anxiously awaited Apple’s annual model change, wondering what they were going to do to save us from that most dreaded of modern conditions: gadget deprivation. Everyone knew the iPhone 6 would come in two models, both with larger screen sizes, so they patiently endured Tim Cook’s late-night TV commercial spokesman imitation, waiting for the inevitable, “But wait, there’s more!”

They were not disappointed. I’m not talking about the ridiculously overpriced watch — logic says half the population have stopped using watches because their cell phones are good enough, but who said gadget freaks were anything approaching logical? If any company has made a living proving that, it’s Apple.

I’m talking about Apple’s new payment system, ApplePay. (Apparently, iPay, or iAnything has now gone the way of Steven Jobs, its creator. Now it’s AppleAnything.) Apple’s new iPhone and watch incorporate near-field communication (NFC). That in itself could not possibly be news — my ancient Blackberry, soon to be retired, had NFC before anybody knew what to do with it, so this is Apple catching up with the rest of the world, not leading the way.

But, like many things in life, it’s not what you have, but what you do with it, that matters. And this is why ApplePay may be the next iTunes — something everybody uses, pouring big bucks into the company with a bite missing in its logo.

What is NFC?

Don’t feel bad if you thought it stood for “Not For Cheap”; you wouldn’t be the only one. Near-field communications allows two NFC-equipped devices to exchange data without a physical connection, like with a cord.

You might ask, so what’s so new about that? Haven’t we had Bluetooth since the previous millennium? Yes, we have; but if you’ve ever paired two Bluetooth devices, you know the “Make device discoverable … search for the device … enter passcode” shuffle each and every time. NFC doesn’t require any of that, making it much more suitable for something like payment.

The other attribute that makes NFC so desirable is the fact that the devices have to be very close together, an inch or less, for communication to happen. Would you feel comfortable walking into a Target, knowing they have Bluetooth cameras capturing all your bank account information for their hacker friends? Didn’t think so.

The next NFC benefit is it uses far less power than Bluetooth. It’s nice to know you can do an entire day’s shopping with your cellphone before its battery needs a recharge.

The final benefit this technology brings to payment processing is security.

Security, a la ApplePay

What jumps out at you when you hear or read about ApplePay is the way they are putting this new technology to use: When you make a payment with your phone, none of your card information is given to the retailer. So, no matter how heavily Target gets hacked, if you pay with ApplePay, they won’t have any of your information to hack.

Here is what happens: The cashier rings up the total. Then, you simply hold up your phone to an NFC payment terminal. In a split second, the terminal tells your phone the amount. Your phone (or watch) takes that information and reads a secure chip (hardware, not software or data) with all your cards and their balances.

The chip approves the transaction and computes a unique transaction code, specific only for that transaction. Then your phone transmits only that unique, one-time code back to the terminal. No personal data, no drivers license, no address and, most importantly, no card or account information reaches the merchant.

That whole process takes less than a second.

Because the merchant never receives anything identifying you in any way, they can’t ever have any data about you which crooks can steal and use for some form of identity theft.

What, you might ask, if you forgot your phone on the counter (like I’m prone to do) and someone scooped it up and started buying up the whole store? See that thumb in the picture? The payment transaction only works if the thumb on the sensor matches your thumbprint.

Compatibility

Apple had a choice with their new technology. Had they gone the PayPal route, they could probably have become a very significant player in the $11 trillion payment-processing market. Instead, they chose to keep the user experience as simple as possible, with as little change as possible. ApplePay integrates seamlessly with your existing accounts and relationships. You don’t have to apply for any new accounts or change any of the accounts you already have.

The way they do it is you take a photograph of your card with the on-board camera. Apple then uses that image to verify your account with your bank. Once the card is confirmed, it gets added to something akin to a personal electronic wallet. Before you pay, the app will display all your cards and then (just like in real life) you pick the one you want to use, and voila!

Will It Work?

The idea of a “swipe” means of fast payment has been around for a while. You might recall Mobil’s Speedpass, launched in 1997, which allowed you to pay for your gas by simply swiping a little dongle attached to your key chain. That relied on radio frequency security, which was proven not to be so secure. Now Speedpass customers have to enter their zip code as an additional layer of security, defeating the goal of speed and convenience.

What sets Apple’s proposed system apart is its reliance on your thumbprint. On the face of it, it doesn’t look like crooks will easily be able to break that code.

It’s a sad commentary on the human race that no attempts at preventing dishonesty have proven to be foolproof. Technology relying on biological data like iris patterns or fingerprints appear promising. Of course, the downside is now there is even more of your personal information stored on some Big Brother’s computer. (Does anyone else find it a bit ironic that Apple put themselves on the map with the famous 1984 Super Bowl ad deriding Big Brother, and now they are Big Brother?)

My wife and I have gone to cash for most of our purchases. Unfortunately, there are still more than a few places where a card is necessary equipment; so as an alternative strategy, cash doesn’t cover all situations. And so it happened that my bank (Key Bank) called me last week to ask if I bought gas in Mexico. Whenever we travel internationally, I call them ahead of time to give them approximate dates and destinations. They know that, and they’re able to spot the fraud right away. Thankfully, it cost me nothing and I received a new card less than a week later.

Still, it would be nice to know there’s a new level of security making it harder for identity thieves to perpetrate their fraud. The competitive market being what it is, I suspect it won’t be long before every maker of smartphones and smartwatches implements some form of bio-security in a fast and easy-to-use package. Will it be perfect? Is anything? Even cash has its drawbacks, so to expect perfection is unrealistic. Billions of transactions are made every day. The proper question is: Will this be an improvement? It sounds like it will … and any improvement in security can only be welcome.

Will this make me toss my ancient Blackberry? (I know that marks me as a cheapskate dinosaur. So fire me. Haha!) Maybe I’ll wait to see if someone does something as good for a lot cheaper. I’ve never been disappointed doing that.

How about you? Will this make you get a smartphone (or smartwatch) e-wallet?