Starting today, millions of users are on the payroll of Apple. Paying is possible at participating merchants who own NFC-enabled cash registers – or on websites with Apple Pay signs.
NFC stands for Near Field Communication. This transmission standard is widely used internationally. Data is exchanged contactless by means of electromagnetic induction.
Tim Cook: “The customer is not the product”
The basis of NFC is RFID (Radio Frequency Identification). This technology uses radio waves to interact with the reader at the cash register and a passive transmitter or receiver (transponder) that identifies and authenticates the paying customers.
But how confident can you as a customer be that your data is in good hands with Apple’s mobile payment solution?
Apple has the highest standards of security. First of all, the corporate philosophy of the group applies, which Apple CEO Tim Cook repeats mantra-like for every suitable occasion. Keeping users’ lives private is top priority at Apple, as it is “a fundamental human right.” Apple has no commercial interest in data: “The customer is not the product.”
Also interesting: “The problem is the highly fragmented mobile payment market”
The security principles of Apple at Apple Pay
Apple will also adhere to these principles at Apple Pay to ensure security:
- Apple Pay does not store the card number on the device or even on Apple servers.
- Merchants you buy will not see the card number when paying.
- Individual data of a transaction, for example about purchases, are not stored by Apple. Conclusions on the purchasing behavior are therefore not possible.
- The payment itself is not authorized with a (by professionals to cracking) PIN number, but via fingerprint or face recognition (Face ID).
- If you lose your iPhone, it’s not possible for the finder (or the thief who stole it) to use iPhone to pay.
What to do if device loss?
Nevertheless, as an Apple Pay user, you should have the cards blocked or removed from Apple Pay should you lose the device.
Prerequisite for disabling Apple Pay is to have “Find My iPhone” turned on. In case of loss, the device can then be remotely set on the computer via the corresponding Apple website in the “lost” mode. The cards themselves do not need to be blocked in this case. They are withdrawn from circulation by the card issuer, ie removed. If the device then re-emerges, Apple Pay will simply re-enable.
The second way allows you to disable payments made with Apple Pay-based payment cards through Apple’s ID account page. The classic way is of course a call to your card issuer, he may lock the cards please.
Google is interested in the data
Other providers are taking similar paths when it comes to security like Apple. Google Pay from Google also does not save the credit card data on the (Android) device. Even traders get no access, because Google uses a token that turns the actual map data into a large number series. The token is disabled in the event that the Android smartphone is lost. Thus, the cards themselves do not have to be blocked by you as a user.
Unlike Apple Pay, however, Google is definitely interested in the user’s usage behavior. While Apple generally refrains from evaluating such data as described, Google has acknowledged that the data would be evaluated, but according to the specifications required by the Data Protection Regulation. One can believe that, but it can not be checked in individual cases. It is therefore important to trust Google at this point.
Garmin Pay promises the highest safety standards
As an alternative to Apple Pay and Google Pay, the company Garmin, provider of smartwatches and sports watches, has recently started talking to its own payment solution Garmin Pay.
There is the official theme, you take the security of customer information in payment transactions very seriously. Garmin Pay also relies on the tokens and promises that the card data will “neither be stored on the Garmin servers nor land at the dealership”.
Samsung Pay still not available in Germany
Of course, Apple’s biggest competitor in the smartphone sector is also involved in the mobile payment business. Samsung calls its own solution Samsung Pay. The service started in South Korea in August 2015.
After the US (September 2015), launches followed in 18 other regions or countries. While Samsung Pay can be used by our Swiss neighbors since May 2017, there is still no official start date in Germany.
Residual risk remains
Despite all efforts for security, residual risks still remain with electronic payment systems. Hackers were able to demonstrate with great effort that data from paying customers could be tapped over a distance of 50 meters. Everyday scenarios are not thankfully. Nevertheless, a highly regarded report, prepared under the guidance of the scientist Siamak Solat of the Sorbonne University in Paris, concludes:
“The result (the review of major electronic payment systems) shows that all types of electronic payment systems have some important shortcomings and weaknesses in terms of security, privacy of users, anonymity and performance It is crucial to understand the current level of security of financial transaction systems to build on and further improve all the necessary features to achieve a secure and reliable payment system. “
Also interesting: cash republic Germany