Wednesday, October 11, 2017

Apple Pay for Better Security

Over the last year I've had several opportunities to drive to remote parts of Oregon. Often we stop by a local grocery / convenience store to pick up groceries or a snack. These stores are small and often with a single check out lane and a very quaint atmosphere of old-time store goods.

A bit of fun for me is to walk up to the credit card reader which usually has the icon for near field connectivity (NFC) and I surreptitiously use my Apple Watch with Apple Pay enabled to quickly pay for groceries without taking out my credit card. The cashier gets flummoxed and wonders what happened, and I show them my Apple Watch with my card image and they laugh.



What is sad is that Apple Pay works "out of the box" at most of these remote grocery stores but it doesn't work at many of the large retailers in the city. Instead of encouraging Apple Pay or similar google technologies, the retailers want to control the experience and the data and so they turn off this feature. You have the unfortunate alternative of putting your credit card in the chip reader and waiting for 5-10 seconds which slows the line for the whole process. Worse than the inconvenience is the fact that Apple Pay is much more secure than any card reader - Apple Pay doesn't provide your "real" credit card to the store, instead it uses a "token" for the transaction.

From a WSJ article titled "Is Apple Pay Riskier or Safer than a Credit Card",
Apple Pay, Samsung Pay and Android Pay are far more secure than traditional credit cards because they rely on virtual account numbers and create unique security codes, or tokens, for each transaction, payment experts say. Those encrypted tokens are verified by card issuers such as Visa or Mastercard before a transaction is approved.
Add to that the fact that Apple and Samsung Pay require fingerprint verification, and you have a system that is “very secure, and much more secure than the cards we’ve been carrying around in our pockets,” said James Wester, a research director at IDC Financial Insights.
It is very frustrating that a technology that works "out of the box" at a remote grocery store is not utilized by a major retailer who has suffered a highly public consumer security breach like Target. I hope that more people try to use this sort of payment technology, whether it is via Apple or Android, and complain to retailers when they put up barriers to implementation.

Cross posted at Chicago Boyz

No comments: