How Apple Pay Might Lead The Way In The Battle Against The Card Fraud EpidemicMay 12, 2015
Online shopping is becoming increasingly popular due to people leading busier lifestyles and the rise of online “warehouses”, which are creating a one-stop shop for many, if not all, of our shopping requirements. The ease of completing the weekly food shop from the sofa, and browsing for that all important outfit across hundreds of stores at just the click of a button is all too tempting.
However, nothing is ever easy and with such ease and flexibility comes a certain amount of risk.
Recent reports suggest that that there has been a dramatic increase in the number of businesses being hit by card fraud – with the latest statistics suggesting that 67% of fraud is online and a further 19% is via phone or mail. In March this year it is approximated that British businesses were hit hard by fraud (1 in every 20 seconds) and unfortunately of those targeted it seems to be small businesses that are bearing the biggest brunt of the fraudulent activity.
Goods are being purchased using stolen credit cards, which leaves the targeted business at a huge loss; even though there are substantial technical measures in place to combat fraud, such as online authentication passwords, pin codes etc. it seems that these measures are still not enough. Time and time again fraudsters are still managing to break through all of the barriers that businesses and individuals are putting in place to protect themselves.
The latest introduction into the world of technology comes from tech giant Apple. They have recently introduced “Apple Pay” to the world with claims that it will vastly improve people’s and businesses’ payment security, stating on their website: “Apple Pay protects your personal information, transaction data, and credit and debit card information with industry-leading security.”
So how does Apple Pay work?
Rather than re-inventing the wheel, Apple have gone through the process of identifying the weaknesses shown in many of the current payment systems and processes and have ended up providing their solution, Apple Pay, that will not require a complete overhaul of users’ systems.
The three key components of Apple Pay are:
1. Data protection
Apple’s payment system makes use of encryption, as well as tokenization. This both protects user data and also reduces the transmission of sensitive data down to only one occurrence (instead of multiple instances)
2. Device authentication
Every single transaction going through Apple pay is provided with a unique value. This value ensures that only the authorized device can be sending the specific data in the transaction.
3. User authentication
In order to complete a new card registration, Apple requires each user’s bank to have an additional user authentication system in place. This helps to prevent unauthorised card registrations. On top of this additional authentication, Apple Pay also requires Tough ID authentication (fingerprint). This helps make transactions through a stolen phone extremely difficult.
When adding a card to Apple Pay, all information is encrypted and sent across to Apple’s servers. The data is then decrypted, your payment network is determined and then all the data is re-encryption using a key that can only be unlocked by your payment network. For the card registration to be authorised your bank must then receive a certain amount of unique data, such as your device info, your location and the time you have added the card. Once your bank receives all of this data from Apple, it will approve (or reject) your card registration.
Upon approval, your bank will create a Device Account Number, which is then encrypted and sent back to Apple. This number cannot be decrypted by Apple; it is instead assigned to your device’s Secure Element (the chip within your device that stores all of your payment information). This data is isolated, which means it is not stored on the Apple servers or in iCloud. This number adds additional security to transactions because it is entirely unique to your device and therefore cannot be used on a magnetic strip card, via the telephone or via an online transaction.
The use of Apple Pay’s “unique device identifier” and “dynamic cryptograms” means that even if a payment token has been stolen, it still can’t be used to make a payment. A fraudster will not be able to use the token since it has to come from the device that it has been registered to. The additional fingerprint authentication provides yet another layer of security, so in the case that the device is also stolen, access will still be denied, as the Touch ID will not match.
So what should you do if you lose your device?
First things first, you should always make sure the Find My iPhone app is enabled. This will enable you to suspend your Apple Pay remotely by selecting the “Lost Mode” feature, should you ever lose your device. This means you won’t have to cancel your credit or debit cards, so saves you a lot of time and stress.
Find my iPhone also enables you to completely remove the Apple Pay function on your device by simply using the erase my device feature. Alternatively if you have an iPhone 6, iPhone 6 Plus, iPad Air 2, iPad mini 3, and/or the Apple Watch, you can also visit settings in iCloud.com to remove the ability for the devices to process payments using your cards. Of course, you can also contact your bank to remove (or suspend) transactions from the cards that you have connected to Apple Pay.
Although the technology that Apple is using for Apple Pay, such as tokenization, are by no means new concepts, Apple’s implementation is very different and what makes Apple Pay stand out and ultimately make people feel a lot more secure.
As we move into an era where the use of mobiles to make payments becomes more proliferate and these types of security become the norm, credit card fraud as we currently know it, should see a huge reduction.
There is, of course, a level of responsibility from each merchant to provide a good level of security to their customers and ensure that they are utilising the highest security software possible. With the likely rise of different software types, based on Apple Pay leading the way, there will soon be enough choice available to ensure anyone who offers online, phone, mail or mobile payment options can protect the details of their customers and drastically reduce attacks of credit card fraud.
These enhanced security measures will surely provide online shoppers with a welcome level of comfort, encouraging more expenditure and thus increasing income and profit margins for merchants, as well as credit card suppliers.
As with many new technologies, it does seem that the most beneficial and significant impacts from Apple Pay’s new standards will be seen in years yet to come. This new technology, and the introduction of similar products, should reduce the need for further security software for card users and should also reduce fraudulent attacks on the seller.
We have seen no silver bullet for fighting the great card fraud epidemic just yet, but who knows what Apple Pay could lead to!