Is Apple Pay Safe?

Apple Pay is a mobile payment system used by approximately 45.4 million users in the United States. An Oberlo article predicts that number will reach around 56.7 million in 2026.

Key points to remember

  • Apple Pay is definitely safer than cash and has more security features than credit cards.
  • Some security features, such as two-factor authentication, are optional.
  • A complicated password is always a good idea.

As for whether it is safe or not, Apple Pay is definitely safer to use than cash. And, it should be safer to use than plastic, as long as the account owner enables all of its security features.

Apple Pay security features

Apple Pay can be used to complete a transaction at any merchant, online retailer, or app that accepts it. Moreover, it allows users to send and receive money from other users through messaging.

Each transaction incorporates a number of security measures:

  • It uses Near Field Communication (NFC), a chip-based technology that communicates with a card reader without needing to touch it. The card remains in your wallet.
  • In order to complete transactions, the user can use two-factor identification, including fingertip or face identification as well as an access code. The use of fingertip or face ID is optional.
  • Apple advises its customers to choose a complex password. It can’t stop you from using your cat’s name as a password, so this security tip, like two-factor authentication, is voluntary.
  • The merchant never receives your original card account number. (Apple doesn’t have access to it either.)
  • A tokenization method is used to process transactions. That is, a unique encrypted code is created for one-time use. This code, and not your account number, is transmitted to authorize the transaction.
  • If the user suspects that the account is no longer secure, Apple Pay can be disabled through the iCloud system.

Apple promises never to share card information on its cloud. While this means users must manually enter their card information into each device, it adds to the security of the service.

What could go wrong?

Needless to say, Apple Pay and its competitors face a constant onslaught from hackers eager to scale its security walls. So far, these attempts appear to have revealed vulnerabilities created by users but not by Apple.

A report indicates that Wi-Fi hotspots can be used to intercept and reuse encrypted transaction data.

An unconfirmed report claims that Apply Pay could facilitate the exploitation of stolen identities. In other words, a criminal could simply load stolen information, including credit card numbers, into an iPhone and go shopping. (That would actually be the responsibility of the bank that issued the stolen card, not Apple.)

A white hat attack

Another unconfirmed report claims that “white hat” hackers were able to infect a device with malware and then intercept payment data as it was entered by an iPhone user and sent to the Apple server. This could only be done on a “jailbroken” iPhone, that is, with software that had been tampered with.

Another report claims that Wi-Fi hotspot users are vulnerable to hackers who can intercept and reuse the cryptogram used to enable an Apple Pay transaction. Yes, the cryptogram is supposed to be usable only once, but apparently some merchants allow them to be used more than once. Another example of an error that exploits flawed use of the Apple Pay system.