BLOG | Apple Pay uses the latest payment and security technology out there to make the most elegant and secure payment experience possible. MasterCard, Visa and American Express are the ones delivering the payment technology and infrastructure to make it all happen. Their worldwide payment networks facilitate (potentially) for a global roll out of the Apple Pay payment service. But, even more important, set the future standard for secure card payments regardless device or channel used.
Safety and Convenience no longer opposites
Providing a great consumer experience and safeguarding sensitive payment information were always seen as opposites. Simplifying card payments required concessions to the security of data, and more security negatively reflected on the consumer experience (picture in mind the need for 3D Secure passwords to combat online fraud but causing cart abandonment). It seems the global card schemes now have figured out, in cooperation with Apple, how to combine safety and convenience.
A Layered Approach to Security
From MasterCard's newsroom, we can derive that they use 3 layers of protection to secure Apple Pay payments. Important to recognise, these layers of protection will not only be eligible for Apple Pay payments, but will (probably) soon be the new security standard for card payments, regardless device or sales channel, worldwide. MasterCard refers to the following 3 layers:
Layer 1: EMV cryptology
The consortium of the 3 global card schemes, participating banks and Apple use the industry-standard EMV cryptology. EMV refers to Europay (now part of MasterCard), MasterCard and Visa (these 3 companies originally developed the EMV specifications back in 1994!).
EMV technology ensures the sensitive card information is stored in a smart chip (instead of magstripe). The EMV chip, embedded in the iPhone 6, provides three key elements - it can store information, it can perform (cryptographic) processing, and it is able to store secret information securely (the 'Secure Element'). Thus, the EMV chip helps to validate if the legitimate card is used in the transaction and to store sensitive card data.
Validation requires involvement of the payment terminal. Upon entry or tapping the card (contactless payment), the terminal verifies if the card is authentic and created by an issuing bank. The chip does more, and can generate data to make every transaction unique, mitigating the risk of (counterfeit) fraud. Every transaction can then only be processed once, making repeated transactions by fraudsters virtual impossible.
Layer 2: Tokenization
The schemes have added an additional layer of security through 'tokenization'. This means that the number stored in the Secure Element in a consumer’s iPhone 6 is not the same number as on their card.
In the (unlikely) event that someone is able to pick up the data off of a transaction, they will get a 16 digit token number and a cryptogram (a long number unique to each transaction). If they try to use the 16 digit number without the cryptogram, the transaction will be rejected. The token can't be used for online purchases either. Fraudsters can not generate a new cryptogram without specific 'keys' safely stored in the Secure Element on the iPhone. In other words, they can not perform a fraudulent transaction, and the consumer's card data is kept safe.
Layer 3: Biometric Authentication
With the iPhone 6, Apple has made it possible to use fingerprint to authenticate for payments using Apple's Touch ID. It is the fingerprint recognition feature that allows Apple users to unlock their device, make payments in Apple's digital media stores, and now to confirm Apple Pay payments. Those shoppers that do not prefer to use Touch ID can revert to using a passcode.
Ingredients for Success
With the layered approach to ensure card data is securely stored and made useless in case of theft (whether it is only the card data or the iPhone), provides great ease to mind for future iPhone 6 shoppers. Both in-store, paying contactless, and for in-app purchases. Add to that the option to automatically send over the shopper's shipping and billing details, and shopping and paying has never been so easy and secure. Powered by 3 global payment processing companies and Apple, one might say that future looks bright for Apple Pay and card payments.