The new payphone

From a consumer perspective, contactless commerce has become an efficient way to spend, and to avoid the risk of revealing your pin to neighbouring customers. However, as payment technology becomes more sophisticated, the security risks increase accordingly. Evolving from the physical security of loss and theft, the dangers of cyber payment lie within the Internet of Things. So when it comes to Apple Pay and contactless cards, is it a case of the lesser of two evils?

While the contactless card can be hacked with mobile card readers, unless shielded by a foil-lined wallet, the Apple Pay system is less vulnerable. Apple’s Near Field Communication (NFC) technology has a barricade of security to protect the user; a fingerprint biometric password is required with each individual payment to determine the identity of the payee, and to confirm consent for the transaction.

To calm fears of fraud and theft of personal information, the Apple Pay system substitutes the bank card number with a unique Device Account Number (DAN) which is stored in the Secure Element (SE) of the phone. Global Platform defines the SE as ‘a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data.’ This affords anonymity to the user, withholding bank details from the retailer and, consequentially, shielding the user from fraud. This does not mean however that the payment is untraced and lost in cyberspace; there is a transparent chain through a process of tokenisation, a dynamic security code unique to each transaction.     

Though Apple Pay is a cyber-fortress against fraud, it is inarguably an expensive way to pay. The loss of a smartphone not only leads to a now problematic phone call to the insurance company, but the loss of personal information, photos and contact details if the phone has not been backed up to The Cloud. Though with today’s technology-orientated society, the increased physical exposure of a smartphone through its being a payment system, is hardly conducive to a correlative increase in the chances of damage or loss.

The limits to contactless payment rose to £30 per transaction in autumn 2015, with discretion given to retailers to set their own minimum payment limits. However higher value contactless payments can be made, but require customer verification, which means the contactless card has already lost the race. Though the limits are intended to reassure those who fear card theft and rampant shopping sprees in their name, they can inhibit the verified shopper. Though the individual can always enter their pin; the old-fashioned way.

However Apple Pay still faces the more primitive problems of battery life, and the inherent problems that follow, with the inevitable return to a bank card or cash. Worries that NFC drains battery life further, an existing and prominent flaw of the iPhone, can be pacified in the knowledge that as the application is only used for distances no further than half a centimetre between the phone and the tag, the impact is not high. The NFC is also deactivated when the iPhone screen is locked.

Problematically for retailers, consumers’ concerns are addressed above theirs when it comes to NFC commerce. With only a DAN and dynamic security code supplied, the retailer has an assured payment and audit trail, but now has no means of data collection from their customers, with which to research their sales. They are also required to invest in new technology to host the contactless commerce system in order to not be left behind. Research in December, 2015 from EE reveals that 25% of shoppers abandoned sales due to the lack of card facilities, a risk that retailers will take if they do not keep up with the technological times.

Whether with contactless card or Apple Pay system, the more secure of the two seems to be Apple Pay. Despite its shortcomings in battery life, this technology enables consumers to safely and swiftly spend, whilst protecting their personal information. Though a phone is just as easily stolen as a card, and as cash itself, at least this way one can rest assured their transactions and card details will be safeguarded, and you can take that to the bank.