Several Minnesota companies backing Apple Pay — is it safe?

apple.com

Apple jumped into the stagnant mobile payments field with this week’s announcement of “Apple Pay.”
 
Among the players that will be ready upon its October launch are three companies with a large footprint in the Twin Cities: US Bank, Wells Fargo and Target, with all keeping an eye on using the technology to increasing customer convenience.
 
“We learned about the opportunity to be part of this right when Apple Pay launched,” Target spokesman Eddie Baeb said. “It just sort of aligned perfectly with the changes around mobile commerce and online shopping that make them easier and more seamless.”
 

Both US Bank and Wells Fargo plan to make their debit and credit cards available for use wherever merchants offer contactless payment terminals. Target will take advantage of Apple Pay online and through its iPhone app, but has no current plans to integrate it into brick-and-mortar stores.
 
Mobile payment systems are not new. Products from Google, Square, and PayPal all exist to perform transactions similar to Apple Pay offerings. But by and large, these companies have failed to entice consumers to ditch the plastic, in part because the technology is in few phones and many payment terminals either don’t accept the technology or have it turned off. Apple is trying to change that by getting assurances from 220,000 stores that Apple Pay will be accepted, including McDonalds, Walgreens and Whole Foods.
 
With mobile devices increasing drawing attention—a 2013 Internet trends study by Kleiner Perkins Caufield Byers found that people check their phones 150 times per day on average—some think mobile payments are simply the next obvious iteration.
 
“Human interaction has been affected by mobile,” said Dominic Venturo, chief innovation officer for payments at US Bank. “If I’m already using my mobile device for all sorts of features throughout the day, doesn’t it seem like a disconnect to not be able to make a payment on it?”
 
Twin Cities BusinessStill, security concerns loom, especially after several high-profile security breaches both locally and nationally with Target, Supervalu, Dairy Queen and Home Depot among the businesses affected in recent months. Apple had its own security snafu recently, where hackers were able to take advantage of a loophole in the company’s iCloud system that resulted in several celebrities’ nude photos spread across the web.
 
Perhaps because of that, Apple is marketing Apple Pay’s security features prominently, including the fact that it won’t track or store any transaction information. Card numbers are never stored on the device or shared with merchants —instead, a “device account number” accompanies a unique-to-each-transaction “dynamic security code.” Apple touts the technology’s security advantages over plastic, too: Apple Pay means you never have to show an actual card, which means name, card number and security code are safely private.
 
Corporate analysts are divided on the prospects of mobile payments, with some concerned that consumers will need convincing their data is safe. Others believe Apple has the marketing prowess to pull it off.
 
At launch, Apple Pay will only be compatible with the just-announced iPhone 6, iPhone 6 Plus and the Apple Watch.

This article is reprinted in partnership with Twin Cities Business.

Comments (5)

  1. Submitted by Pat Berg on 09/12/2014 - 09:36 am.

    Apple trying for a monopoly

    The idea that an Apple product (the iPhone) is required to use this payment method is nice tor Apple, but not so much for anyone who has no interest in either a smartphone nor in one made by Apple.

    In addition, there ARE some security concerns, regardless of Apple’s marketing hype. Here’s one article written by someone who’s outlined some of these security concerns:

    http://www.tomsguide.com/us/apple-pay-security,news-19492.html#apple-pay-security%2Cnews-19492.html?&_suid=141053232855806312683538239914

    • Submitted by Brian Scholin on 09/14/2014 - 07:51 am.

      Monopoly?

      Being first to develop a market doesn’t give you a lot of choice. You have to be a monopoly until number two comes along. Of course other phones will be able to participate, if this concept survives, as will other devices of some form. The originator always has the most say in how it all works, but if Apple Pay’s ecosystem is going to work well, everyone will be able to participate. The first contributes the most, and reaps the early advantage. That’s Apple’s niche.

      • Submitted by Pat Berg on 09/14/2014 - 05:40 pm.

        How do you know?

        How do you know other phones will be able to participate? Doesn’t seem like that would fit Apple’s marketing plans at all.

        And why should a smartphone be required at all just to buy things? Pretty sweet deal for the smartphone makers. Not so sweet for those who can’t handle the inflated monthly smartphone bills if all they really want or need is a regular old phone (in the event that a time would come that this payment method would ever supplant card-based methods).

  2. Submitted by Chris Williams on 09/12/2014 - 10:24 am.

    Nude Loophole

    Keep in mind that the nude “hacking” incident was accomplished by clicking on “Forgot Password” and then answering the three security questions correctly – which allowed access to the account. Sarah Palin’s Yahoo email was “hacked” the same way.

    When your security questions are routinely things like: Street you grew up on, Model of First car, Name of favorite pet, Mother or father’s middle name, College you graduated from, etc, etc, it’s pretty easy for someone determined to eventually find a way in.

    The takeaway here, is make sure to not only have a strong password, but to have well chosen security questions too so someone can’t easily guess their way in. It doesn’t matter if your password is strong if I can see the answers to your security question answers by looking at your bio on Facebook.

  3. Submitted by Todd Hintz on 09/13/2014 - 01:57 am.

    PCI

    I’m not sure this product is ready for prime time yet. I get to work with PCI compliance (Payment Card Industry) at my job and we’ve been waiting for tokenization for a long time. It takes the card information away from the merchant, eliminating a big point of entry for hackers.

    But the iPhone 6 method takes a picture of your card, which, as Pat and Chris pointed out, just ain’t that secure. Plus I would be very leery of lost or stolen phones, which is already a big problem. How do you prevent a thief from cleaning out your account before you can get the phone deactivated?

    It seems to me like Apple hasn’t thoroughly thought through all aspects if this process and the potential gotchas. I’ll sit on the sidelines and wait for this one to bake in a little longer.

Leave a Reply