How Apple Pay Could Rid Holiday Shopping Security Concerns
Could Apple’s nascent mobile payments system be a boon for retailers who have had their reputations tarnished by several high-profile customer information breaches over the past year?
A recent survey of consumers commissioned by CreditCards.com and conducted by Princeton Survey Research Associates International found that almost half of cardholding shoppers in the U.S. expressed some level of reluctance about visiting retailers that have previously experienced a data breach. However, the iPhone maker’s new mobile payments system could convince shoppers to return to those stores since Apple Pay features a cutting-edge tokenization technology that doesn’t share users’ actual credit or debit card numbers with merchants.
According to CreditCards.com’s survey of 865 American adults who have a debit or credit card, 45% of respondents said they would “definitely or probably” stay away from one of their regular shopping spots if the retailer had experienced a data breach. Another 16% said they “definitely would not return” to a retailer that had been hacked, while only one in eight respondents said that they were more likely to make purchases with credit cards this holiday shopping season.
While the survey didn’t name specific retailers, CreditCards.com noted that companies like Target, Home Depot, and Michaels have all experienced significant customer data breaches. According to a press release from Target, “names, mailing addresses, phone numbers or email addresses for up to 70 million individuals” may have been stolen in a data breach it experienced almost a year ago.
Although it’s understandable that consumers would be reluctant about reusing their credit or debit cards at stores that have already experienced a data breach, their card data may be just as vulnerable at retailers that haven’t experienced a large data breach. That’s because the security problem with credit and debit cards is a systemic issue that is not limited to just a few retailers.
As recently noted by NPR, credit and debit card data is especially vulnerable in the U.S. because of the antiquated system that is used to process transactions. When a consumer swipes a magnetic stripe card at a store’s register, the information is transmitted online in order to be authenticated. This system presents two major vulnerabilities. First, cybercriminals can easily counterfeit magnetic stripe cards with today’s personal computers. Second, by relying on an online verification system, a customer’s data is vulnerable to being intercepted every time a purchase is made.
While the U.S. continues to rely on magnetic stripe cards and an online verification system, most of the rest of the world has already adopted a chip card technology known as EMV. According to the Smart Card Alliance, an industry association pushing for the widespread adoption of EMV in the U.S., “EMV chip cards contain embedded microprocessors that provide strong transaction security features and other application capabilities not possible with traditional magnetic stripe cards.”
Most U.S. retailers’ systems should be upgraded to EMV-compliant point-of-sale terminals by October 2015. That is the date that many credit card companies will withdraw liability protection for card-present counterfeit fraud losses for merchants that have not upgraded their systems, according to the Smart Card Alliance. Unfortunately, even the implementation of new chip cards will only eliminate about 60% of the fraud, reports NPR.
While the EMV chip technology will presumably make it much harder to counterfeit cards, account numbers will still be transmitted over the Internet. “Unfortunately all we’re going to get in the near future is the not-quite-so-smart card,” National Retail Federation general counsel Mallory Duncan told NPR. “The problem is that the product itself is fundamentally flawed. You cannot secure a house of straw.”
However, it appears that Apple Pay allows shoppers to circumvent this fundamental flaw in the U.S.’s current credit and debit card system. As explained by Apple, Apple Pay doesn’t transmit your credit or debit card number to merchants during a transaction. In lieu of a card’s actual number, Apple Pay uses a “unique Device Account Number” that is “assigned, encrypted, and securely stored in the Secure Element, a dedicated chip in iPhone.” Additionally, every purchase is processed with a “transaction-specific dynamic security code,” a security measure known as tokenization.
Google Wallet, an Android-based mobile payments system similar to Apple Pay, also uses a tokenization process. “All of those potentially are much more secure for consumers than would be partially secure chip cards,” Duncan told NPR. With many consumers hesitant to visit stores that have already experienced data breaches, support for Apple Pay and other payment systems that rely on tokenization could be a way for affected retailers to win back reluctant shoppers. After all, a retailer can’t leak your credit card data if it never sees your actual account number or other card information.
Of course, retailers will have to implement support for Apple Pay and other mobile payment systems in order to advertise its security advantages. According to Apple, Target, Home Depot, and Michaels currently do not offer Apple Pay at their brick-and-mortar stores, although Target does allow users to make Apple Pay purchases through its app. Many other major retailers are already onboard with Apple Pay, including Bloomingdale’s, Macy’s, Office Depot, Toys ‘R’ Us, and more.
Adoption of Apple Pay will also likely become more widespread if retailers notice that many shoppers are using the system at competitors’ stores. If you’re looking to set up Apple Pay on your iOS-based mobile device, be sure to check out our Apple Pay installation guide.
While Apple Pay may be more secure than traditional magnetic stripe cards and even the next-generation EMV chip cards, the recently rolled-out mobile payments system has not been entirely free of snafus. According to CNET, a glitch in Bank of America’s technology was causing Apple Pay users to be double-charged for purchases made with Bank of America cards. However, Bank of America is working on fixing the glitch and will refund any affected customers, according to a spokeswoman cited by CNET. Other consumers have noted minor issues with making in-app purchases with Apple Pay.
A few technical hiccups during the launch of a new payments system is to be expected, and they are fairly inconsequential compared to the peace of mind that Apple Pay’s security features could offer to consumers who are worried about having their card data revealed by hackers this holiday shopping season. For this reason, retailers that have already adopted Apple Pay could see a bump in sales from security-conscious shoppers this holiday season. And shoppers who use Apple Pay can enjoy the holidays with the traditional dreams of sugar plums, rather than the nightmares of credit card fraud.
Follow Nathanael on Twitter @ArnoldEtan_WSCS