I read a recent New York Times article mocking Apple’s new Apple Pay system; Apple is promoting the convenience of the new system (something the Times article quite humorously calls into question), but there’s also a considerable security component to Apple’s new offering, which is something that’s been sadly lacking on credit-based transactions, at least in the U.S.
I’ve written articles in the past on the topic of credit card security and the Payment Card Industry Data Security Standard, particularly in regards to security breaches at big-box stores such as Marshall’s and Target that potentially compromised the privacy and security of millions of credit and debit card holders. In light of yet another breach – this time, Home Depot – I found Apple’s timing to be apropos.
Traditional “stripe and sign” transactions only require a signature in order to complete a sale. Even if the physical card isn’t stolen, just having access to the card number, expiration date and security code allows criminals to make purchases online or over the telephone, potentially racking up thousands in debt before the theft is discovered and the card cancelled. Swiping a card’s magnetic strip onto a card reader or hacking into vendors’ customer databases allows more technologically savvy thieves to commit fraud on an unprecedented scale. Many European card issuers have adopted a “Chip and PIN” technology that requires the user to enter a PIN in order to complete a transaction, thereby making it harder to hack consumer data. While the magnetic strip can be copied, the card can’t be used without the PIN.
Apple Pay (from what I can gather) goes a step further by replacing the traditional credit card number with a randomly generated token. Tokens are generated on a per-transaction basis, making them essentially worthless to would-be hackers. Moreover, the consumer’s actual credit card data never needs to reside on the vendor’s POS system. Apple’s system may face problems gaining consumer acceptance because a large part of the burden of adoption lies on the consumer.
It’s been pointed out more than once, however, that Apple has a knack for creating products that no one knew they wanted… until Apple invented them. In any event, whether it’s Chip and PIN or tokenization that ultimately wins the day, it’s comforting to know the problem of credit card fraud is being addressed, albeit slowly. It’s been said that pain is often the catalyst for change. Maybe enough pain’s been felt that things are starting to change.