How Apple Pay Affects Online Security

Apple Pay, the new way to pay unveiled by Apple this fall and launching today, promises to revolutionize the way we pay for goods by eliminating credit cards and allowing customers to pay with their phones.

Along the way, Apple officials promise, transactions will be made more secure and hackers will have a harder time nabbing customers' personal profiles and stealing their identities, or worming their way into accounts.

Get LifeLock protection now.

But how does this work? And will Apple be able to deliver on its promise?

According to Apple's website, Apple Pay allows customers to pay by simply holding their iPhones near a card reader with a finger on the phone's Touch ID. Touch ID was first released with Apple 5s last year, according to It allows consumers to unlock their phones and buy things in iTunes and the App Store with technology in the home button that identifies a person's fingerprint. Now customers can use that same technology to buy things at stores like Macy's, Target and more.

Security experts are excited because Apple Pay uses a new technology called "tokenization." According to Tom's Guide, tokenization has been "long desired by the payment-card industry." With tokenization, the merchant never receives a customer's credit card number. Instead, the number is replaced with a one-time string of mostly random data, which cannot be used by a hacker to make future purchases, Tom's Guide reported.

Tom's Guide said that tokenization is more secure than current credit cards, as well as the security chips and PIN numbers that are commonly used with European credit cards. Following major security breaches at giant retailers like Target and Home Depot, that's welcome news to many.

At Forbes, Dave Lewis writes that for Apple's new technology to be successful — despite its tighter security — it must become widely accepted by both shoppers and retailers. While similar efforts like Square Wallet and LevelUp didn't take off, Lewis wrote that with iPhones already commonplace, the technology has a strong chance of becoming successful.

In addition, Apple reports, the company does not save customers' transaction information. If an iPhone is lost or stolen, consumers can use Find My iPhone to make sure nothing is accessible on the phone, or wipe all data completely off of it.

Still, problems are expected. USA Today quoted Tom Gorup, security operations center manager with Rook Security in Indianapolis.

"Attackers and researchers will poke and prod at this implementation until a hole is found," Gorup said.

In addition, Tom's Guide wondered if iPhones' new capabilities would make them more valuable for thieves to steal. Rubber fingerprints can easily fool Touch ID, Tom's Guide reported. While Find My iPhone can erase the phone's data, it can only do so if the phone is connected to a Wi-Fi signal. That doesn't happen if the phone is off, in airplane mode or dropped into a radio-proof bag, which is available at many computer parts stores.

Finally, Tom's Guide wondered if the security breach in Apple Pay would be in the way the phone sets up accounts in the first place: with a photo of a credit card taken by the phone, numbers plainly visible to anyone who hacks in.

"The young celebrities who took nude selfies, only to have them revealed en masse less than two weeks ago, can tell you just how secure photographs taken with an iPhone are," the Tom's Guide story read.

4 Million Members and Counting


"I almost lost my job because someone used my driver’s license and received 8 violations."
- Casey S.


"All of my personal information, even my social security card, was taken."- Jamie A.

It only takes minutes to sign up.

Start Your Membership