Questions unanswered: Is Apple Pay secure enough to calm privacy fears?

Apple Pay has been touted as one of the most secure methods of cashless payments, outdoing standard credit-card and chip-and-PIN payments used in India and other countries outside the US.  However, the payments are still going to be wireless, which has left many wondering if Apple has done enough to secure Apple Pay.   The new phones and the Apple Watch are equipped with NFC for tap-and-pay services. The NFC chip inside the devices transmit payment information between the merchant, buyer and the bank, which is authenticated by a PIN. But Apple adds a layer of security here. Each transaction including the card details is substituted by a unique code to make sure the true details are never shared with the merchant, which means there’s nothing to steal at the seller’s end.   But in an interview with Gizmodo , experts from Kaspersky Labs said, “If criminals get to the unique numbers used in the iPhone secure element they might be able to initiate some fake transactions. Just as ATM skimmers help crooks suck money out of people’s bank accounts by intercepting credit card numbers, NFC skimmers could snatch the unique Apple Pay codes.” They also added that it all comes down to implementation details, which are not available at this time.   What if I lose my iPhone? At the Apple event, Apple Senior Vice President Eddy Cue promised that “if your iPhone is lost or stolen, you can use Find My iPhone to quickly suspend payments from that device.” However, Find My Phone can only work if the lost iPhone is connected to the Internet on a cellular or Wi-Fi network.   Though uncommon, transactions authenticated using TouchID can be fabricated by stolen fingerprints as well.   Luckily for those using Pay via the Apple Watch, there’s a nice trick to protect data from theft. The watch can tell when it’s being worn and when it has been taken off, and it needs a code when you first put on the watch. This means the thief will have to know your watch’s security code to be able to use it for fake payments. Even so, that’s not the biggest obstacle in the way.   Security at the seller’s end Apple has added Pay services to 220,000 merchant locations in the US including – Walgreens, DuaneReade, Marcy’s, Subway and McDonald’s to name a few. Apple has entrusted these partners with the brand-new payment system, who will also need to take measures to ward off potential data breaches. Washington Post has listed some of these stores including Staples and McDonald’s that have recently been hacked.   Apple also announced that shopping apps such as Uber and Groupon will have Apple Pay added for faster transactions. However, it has not given us any details about how it plans to secure these apps that could become possible targets of malware.   Much of what actually what happens during Apple Pay transactions are unknown as of now, so it will take some time before we truly know how secure it is. While Apple has made it look pretty robust during the announcement, recent episodes of data breaches question if Apple has really done enough to keep our money safe. When the nude photo leak incident took place, hackers had apparently compromised some iCloud accounts. But with Apple Pay, Apple has promised that it doesn’t keep an information on its servers, so a similar attack would be unlikely.