sciencetech-blog

comments

If Apple has its way, you can soon do away with your wallet and instead tap your phone to pay for shopping.

The group's Apple Pay wallet, launched yesterday, aims to replace cards with a system that uses the Passbook credit card-storage app and fingerprint ID security system.

But just a week after attackers penetrated iCloud to steal naked celebrity photos, security firms have warned that more testing needs to be done on Apple Pay before shoppers can trust it with their payment details.

The group's Apple Pay wallet, launched yesterday, aims to replace cards with a system that uses the Passbook credit card-storage app and fingerprint ID security system. Tim Cook presented the Apple Pay at the company's launch event in Cupertino yesterday

Apple Pay is designed to let iPhone 6 and 6 Plus owners use their smartphones to pay for purchases at shops as well as online via apps. The service will also be available on Apple Watch.

The system works using a technology called near-field communication (NFC), which allows mobile phones to communicate with other devices at close range.

Users will pay by holding a phone close to a contactless reader with their finger on the touch ID fingerprint system. The Cupertinpo-based firm says it's easier and more secure than using a credit or debit card.

One of the major security concerns is in the way Apple will let people add a different credit card to their phone, so it can be used instead as the one the company has on file.

Apple Pay is designed to let iPhone 6 and 6 Plus owners use their smartphones to pay for purchases at shops as well as online via apps. The service will also be available on Apple Watch (pictured)

To add a card, a user will take a picture of it with their iPhone and send it to an Apple data centre.

There it will be verified it with their bank before it gets added to the user's  Passbook.

However, it is unclear how the image is stored securely on the phone and how it is transmitted to prevent a criminal from intercepting it public Wi-Fi.

Security experts are concerned this could be a major flaw in the system. 'Storing it on your phone in some readable format would be a pretty juicy target,' Christopher Carlis, security consultant at Trustwave told CSO online.

Other experts are warning that its flaws won't be found unless testing is done outside of Apple labs.

'It still won't be perfect,' Tom Gorup, security operations center manager with Rook Security, told USA Today.

'Attackers and researchers will poke and prod at this implementation until a hole is found,' he said.

'With strong evidence suggesting that mobile wallet security is still a major concern for many consumers, the tech giant's days of being questioned about security – especially where a new payment system is concerned – are far from over,' said Theresa Jameson, Senior Analyst, Consumer Payment.

'Apple will need to demonstrate that it can be entrusted with the security of a payment system.'

Apple addressed security concerns Tuesday, saying Apple Pay is even safer than using a plastic card.

Eddy Cue (pictured), Apple's senior vice president of Internet software and services, said credit card information will be stored on the phone via a secure chip and payments will use a one-time security code

Eddy Cue, Apple's senior vice president of Internet software and services, said credit card information will be stored on the phone via a secure chip and payments will use a one-time security code.

The Find My iPhone service can erase the data if the phone gets lost or stolen - cancelling a card will not be necessary.

The service will be able to store Visa, MasterCard and American Express credit card information.

'A cashier doesn't see your name, credit card number or security code,' when you pay with Apple Pay, Cue said. He also said Apple won't track people's financial data.

'Apple doesn't know what you bought, where you bought it or how much you paid,' he said. 'That transaction is between you, your merchant and your bank.'

Contactless payment isn't new: Retailers like Starbucks and McDonald's already have their own contactless payment system in stores, and Apple Pay is similar to Google Wallet, which is available on Android smartphones and iPhones.

Some of the largest retailers are not participating. Wal-Mart said it has no plans to participate. Amazon.com did not respond to a request for comment. And Target said it is currently participating only via its app

But Apple Pay adds some security features and makes a digital wallet option more accessible for iPhone users.

The service will be available beginning in October. Retailers will need to invest in updating their cash registers and point-of-sale units.

Apple said shops like Macy's and Bloomingdales, drugstores including Walgreen's and Duane Reade, and other stores including McDonald's, Staples, Subway and Whole Foods are participating in Apple Pay.

But some of the largest retailers are not participating. Wal-Mart said it has no plans to participate. Amazon.com did not respond to a request for comment. And Target said it is currently participating only via its app.

Ernest Doku, technology expert at uSwitch.com said: 'Let's hope Apple Pay works better than the tech giant's first live event screening'. Pictured is Tim Cook at yesterday's event yesterday

Gartner analyst Avivah Litah said the payment system will only succeed if major retailers get behind it. Apple's security features are a plus for merchants, but it's not clear if that will be enough.

'It's 50-50 if merchants will get on board,' she said. 'The security aspects are attractive, but it's not clear if the security features alone are going to be enough of a selling point.'

IDC analyst James Wester said the move is in some ways Apple playing catch up to Google Wallet, but that the system uses Apple's fingerprint technology is a plus.

'It's not that different than what other mobile wallets have done,' he said. 'The important part is that it's Apple. We've been waiting for them to get into this.'

Ernest Doku, technology expert at uSwitch.com said: 'Let's hope Apple Pay works better than the tech giant's first live event screening, which prompted some serious Twitter rage.'