How secure is Apple's new payment system "Apple Pay"?

From 20th October 2014 (local time), Apple will launch a new mobile payment system "Apple PayWe will start offering the service in the USA. Although it is a system that allows easy credit settlement with touch once in cooperation with Touch ID, it is said that "how much safety is taken into consideration" is a news site of Apple productsTUAWIt is summarized by.

Apple Pay: An in-depth look at what's behind the secure payment system | TUAW: Apple news, reviews and how-tos since 2004
http://www.tuaw.com/2014/10/02/apple-pay-an-in-depth-look-at-whats-behind-the-secure-payment/


Apple's mobile payment system "Apple Pay" will be made available by applying iOS 8 software update distributed on iPhone 6 and iPhone 6 Plus. Apple Pay reads the credit information registered in the iTunes account at the first access, encrypts it for processing and sends it to the credit card network. After that credit information will never be sent to the terminal or Apple's server, but a "token" is adopted that is a unique authentication system that enables mobile payment without saving credit information.


Token is a 16-digit unique number including the last 4 digits of the credit card number randomly generated when Apple Pay is first started. The generated token is "Secure elementThe token is stored as a substitute for credit information at the time of settlement, which is an international standard of IC cardEMVA mechanism that enables settlement.

By adopting tokens, credit information can be removed from the settlement environment, so it is also expected to eliminate risks such as card skimming. Since the token number does not contain intrinsic information associated with credit information, it is totally useless if a competent hacker or cryptanalyst obtains a token number.

BySean MacEntee

In addition, Apple Pay uses "token" necessary for decrypting credit card informationsecurity code(CVV) "and" cipher that identifies the device "are automatically generated and sent to the credit card network. The token can not be used without encryption, and the cipher identifies the device where the token is stored. Also, since Apple Pay performs fingerprint authentication with Touch-ID, there is no need to set a one-time password. With multiple security systems, we are realizing a more secure payment system than traditional credit card transactions.

Although Apple Pay's service provision in Japan is not decided at the time of article writing, Tom Noyes, a former executive of a credit card company posting a serial article on mobile payment, said, "Apple Pay sets EMV settlement In my opinion, Apple Pay is the world's most secure payment system, "he says after Apple Pay announced. TUAW says, "It is still unknown how Apple Pay will be accepted by consumers, but it will be a more secure payment system for credit card users."