Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Apple Pay's weakest link

Kenneth van Wyk | May 27, 2015
The mobile payment service remains solid, as long as banks beef up their card-registration procedures. But what weakness will fraudsters take advantage of next?

Banks haven't been talking about this publicly, so there's no way to know which banks' cards have had problems. But you just have to go back to the idea about the weakest link. I have to suspect that it's largely the ones whose card installation processes have weaker identification and authentication procedures that have had the most trouble. And that's easily fixable. Since implementation procedures are up to the banks, I expect that more of them will adopt stronger authentication processes before long.

All in all, I'm still optimistic about Apple Pay's security. I'll still choose it over mag-strip plastic. During the recent spate of compromised Starbucks accounts, I was cautiously optimistic that my account wouldn't be among those affected. Why? Because I use Apple Pay for reloading my Starbucks card, via the service that Starbucks recently added to its iPhone app. Turning on that feature in my Starbucks app keeps my credit card account data off of Starbucks's back-end servers, so I'm confident I won't be among the victims of these attacks.

Further, the banks themselves are confident that the tokenization architecture that Apple Pay uses is indeed a strong link in the chain. That piece of the chain remains unbroken.

So the real question we should be asking is, "What's the next weakest link?" In other words, if all the Apple Pay banks implement strong identification and authentication into their processes, what will be the next link of the chain to be broken? The fraudsters aren't going to give up, after all. I don't know the answer to that question, but I sure hope that all the network-level communications between an iPhone and the point-of-sale terminals are strongly encrypted, with equally strong mutual authentication between both endpoints.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.