Apple Pay, Tokenization And Security: How To Stay Safe With The Wallet Of The Future
2/1/2017 1:53:00 PM
The Apple company has always been innovative. Apple is now capitalizing on new technology with their own payment system: Apple Pay. Apple Pay takes advantage of two developments in payment infrastructure to save you time: near-field communication (NFC) and token encryption.
Apple Pay may be the most widely accepted mobile payment solution. It only works with the iPhone 6 or newer. If you already have an iPhone 6, you can use the preinstalled Passport app, following the on-screen instructions for adding a debit or credit card. You can even add your PLCU card!
Apple Pay and other, similar services use a process called “tokenization” for their security. Tokenization is the use of a non-secure bit of data to stand in for a secure one, like arcade tokens. The secure data is the quarter, which you exchange at a machine for a token. The arcade game never sees the quarter, but accepts the token in its stead.
Apple Pay works the same way. The app creates a token – a random series of numbers – that corresponds to your account, along with a one-time security key. It sends that data to the payment terminal which transmits that token to the “token vault,” a secure database that links these tokens to the actual accounts, connecting them if the security key is correct. That token vault then transmits a charge directly to the linked cards, while returning a verification of funds to the point-of-sale terminal. The token vault is hosted at the payment processor, so the payment terminal never sees your card information.
This differs greatly from a typical transaction. Ordinarily, the terminal reads your card information and transmits it to the payment processor. Consequently, your card’s information is stored in three places, any of which could be the site of a data breach.
With Apple Pay’s tokenization, your information is safer because it’s only seen by the payment processor and your financial institution. Apple has ensured that the token interaction takes place at payment processors, removing its own servers from the process.
This means that Apple itself doesn’t know what you’re buying and can’t track your behavior through your Apple Pay transactions.
There are other layers of security involved. For starters, the apps won’t work unless your phone is unlocked. Given the fingerprint-reader technology in most modern smartphones, that’s another protective layer for your data.
The downside of this level of security is the cost involved. Because of Apple’s insistence that the token interaction not use its servers, some payment processors have been reluctant to add the additional security. This is part of the reason only about a third of retailers accept the service.
In sum, by using modern technology and the latest in encryption protocols, Apple Pay can keep your data more secure and private than ever.