The Providential Apple Pay


ISACA-Logo

Kris SeeburnApple introduced its new Apple Pay, which allows Apple users with enabled devices, such as the iWatch, to use their devices to check out at participating vendors. The announcement was well received by the industry and industry analysts.

Despite the increased attention to security issues of the payment card industry, people seem to agree that the concept from Apple of keeping your personal information secret and using a random or one time generated token seems providential.

It is too early to tell what impacts Apple Pay will have, but it will surely start the journey away from PCI DSS (Payment Card Industry Data Security Standard). The main players—Visa, MasterCard and American Express—have shown great support to ensure the service works and large retailers are also supporting this change. Mobile operators are also showing support and are devising new SIM cards for 2015.

So the question is—how secure are the devices involved with processing Apple Pay, including the wearable? Should we worry or not?

The iWatch and your iPhone will be available to use with Apple Pay using NFC (near field communication) technology, which already has its concerns. Apple has addressed some concerns by integrating its Touch ID fingerprint scanner and its Passbook ticket-buying app into Apple Pay. This new approach keeps personal information on the device—instead of moving account data into storage servers within easy reach of thieves.

What happens if you lose your iPhone or iWatch? Some argue that you could lose your wallet as much as one of these devices, however due to the potential to access an enormous amount of personal data, the security and personal information on these devices today is of greater concern.

Although Apple has tried to address security concerns there are still some legitimate questions from a normal user perspective. How does someone verify a legitimate Apple Pay terminal or application on their device? What security does the mobile network provide on their end?

As with all new features and technology, I would suspect that elite criminal hackers may already be identifying opportunities to steal identities and mass-harvest payment card information from this new service.

What do you think—will Apple Pay be secure? As auditors and security experts, where do we stand and how are we preparing for this technology?

Kris Seeburn

[ISACA]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.