Apple Pay was just released in the UK, much to the excitement of the Brits, It’s been just a few weeks, so results are still preliminary. But you know who’s going to absolutely heartbroken? Cyber criminals. Normally, this group loves it when a new technology arrives. It’s typically their opportunity to exploit security weaknesses and make a clean getaway with private information – and money.
But Apple Pay does a lot to keep payments secure so customers don’t have to worry. In fact, Apple Pay’s a more secure way to make credit card payments than any other method. Don’t bother watching demos on this – they don’t give you the specifics of what it does. We give you the low-down on how it works: *Apple Pay uses a cryptogram, with the added security of tokenization *With EMV cards (such as debit and credit cards), the EMV chip and POS sale terminal create a cryptogram attached to the purchaser’s personal account. This cryptogram then gets sent back to the card’s issuer, and they process the transaction. The card issuer also holds responsibility for the cryptogram’s security. Apple Pay uses encrypted cryptograms, and a token too. UK’s major card networks, Visa, Mastercard, and American Express, will dynamically generate a random 16-digit token that appears exactly like a credit card number. Whilst it looks like a credit card number, a token is actually completely useless. It works perfectly well for legitimate business transactions, but it can’t be used for fraudulent purposes. Tokens also cannot be decrypted because encryption isn’t even part of the process to create them. They’re not mathematically generated, so there are no master key hackers who could steal tokens and link them to credit card numbers. You could hand a list of tokens to talented hackers, and they would be unable to do anything with it. And tokens only work when they have an associated cryptogram. Apple Pay stores the cryptogram and token on a separate secure chip (the “Secure Element”) within the iPhone that’s dedicated to payment security. When a consumer wants to make a purchase, Apple Pay asks whether they would like to pay. The consumer’s fingerprint scan is the only way to authenticate the transaction, all of which make it near impossible for someone else to do it, other than the consumer themselves. *Credit card information never gets revealed during the payment process* During the entire transaction process, no credit card data of any kind ever gets stored on the iPhone or Apple’s servers. This even includes encrypted data. The same goes for merchants, who also never store or transmit any credit card data. Remember, all credit card data is protected by a token. So man-in-the-middle attacks, where hackers secretly relay information while two legitimate parties are passing information to one another, are now impossible. And credit card skimming is now put to an end, because the merchant never encounters any credit card information. In addition to all that security, Apple Pay dynamically generates a CVV code – just like the three-digit code you see on the back of your credit card. iPhone owners can also temporarily suspend a token if their smartphone gets stolen, which makes Apple Pay inoperable until they recover their phone. Sounce :: LinkedIn-- Author : Geraldine Critchley -- You received this message because you are subscribed to the Google Groups "NFORCEIT" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send an email to [email protected]. Visit this group at http://groups.google.com/group/nforceit. For more options, visit https://groups.google.com/d/optout.
