/article-new/2014/10/touch_id_chase_hand-250x395.jpg?lossy)
Apple's new Apple Pay payment system has been designed to be ultra secure, taking advantage of existing NFC tokenization specifications to keep user payment information safe. Apple uses tokens, or unique Device Account Numbers, to replace card numbers and transactions are verified through both one-time use security codes and Touch ID.
Ahead of the launch of Apple Pay, The Daily Dot has spoken to several different banks working with Apple on the payments service, including Navy Federal Credit Union, USAA, Chase, and PNC, to get their thoughts on its security.
According to Navy Federal VP of credit cards Randy Hopper, the bank was "very excited" to see what Apple had developed, because it is "convenient, secure, and private." Apple's use of tokenization "addresses all points of weakness across the payment system."
USAA assistant vice president Vikram Parekh, meanwhile, said that the bank is confident enough in Apple Pay to assume all liability for unauthorized or fraudulent transactions, both in retail stores and for online purchases.
"USAA has a zero liability policy and members are never liable for any losses related to unauthorized [or] fraudulent activity, this does not change with Apple Pay," Vikram Parekh, Assistant Vice President at USAA Bank tells the Daily Dot.
"The bank has liability for any purchases made when Apple Pay is offered and used as the form of payment. This is true for both face-to-face and for "in-app" purchases," Parekh explains.
Both Chase and PNC offered similar statements, suggesting banks that have partnered with Apple feel that the payments system is secure enough for them to offer consumers the same protections they get with standard credit cards.
Apple Pay is "extremely secure" and "zero liability for fraudulent transactions still applies," said Chase spokesman Paul Hartwick, while Tom Trebilcock, vice president of digital at PNC Bank, pointed out that tokenization will protect consumers from "potential mass theft of credit and debit card information." Stolen credit cards and customer information have plagued millions this year, as major retailers like Target and Home Depot saw massive security breaches that compromised significant amounts of customer data.
"From Navy Federal's perspective we're excited about the whole tokenization process," Hopper says. "The whole process of providing a payment token as opposed to the financial account number actually reduces the risk to the system and to everyone participating in it, from the customer, to the retailer, to the payment networks, to the issuer, and to Apple."
Though Apple has said that it will not be able to see transaction information, several of the bank representatives that spoke to The Daily Dot have confirmed that they will be able to tell if a transaction has taken place using Apple Pay or a standard credit card, "because of the nature of the data" given to banks in the Apple Pay system.
Apple has plans to launch Apple Pay in October, through an update to iOS 8. iOS 8.1, which was seeded to developers earlier this month, already contains hidden Apple Pay setup and settings elements that will likely be unlocked before the software is released to the public.
There is no word of an official release date for Apple Pay, but Chase said its customers will be able to use Apple Pay when it launches, while USAA plans to begin offering Apple Pay on November 7. PNC and Navy Federal will support Apple Pay in the fall.
Top Rated Comments
(View all)Looking forward to being able to use it!
No, as I said in another reply, they do cover fraudulent charges with swiped cards, but with the new chip and pins, the merchants are responsible.
Assuming you're referring to the US, it's the other way around. If a customer has a chip-and-signature card, but the merchant runs the mag swipe, the merchant takes on the liability. If the customer has a chip-and-signature card, and the merchant runs it as chip-and-signature, the issuing bank takes on the liability. That gives the merchant an incentive to update their terminal to chip-and-signature.
If the bank does not issue a chip-and-signature card in the first place, the issuing bank will still have liability for all transactions. Of course, one would expect not many banks to leave themselves in that position.
(Also note that chip-and-signature is, unfortunately, not chip-and-pin -- which is the standard in Europe.)
With magnetic stripes, banks assume liability. With Chip and Pin, merchants have to assume liability. Chip in pin is incoming to the USA 2016, and merchants will be required to accept liability for fraud in this case.
I thought it was if the merchants did not upgrade to the new system, that they (merchants) would be responsible for fraudulent charges? Thus incentivizing merchants to upgrade.
Where are those Google Wallet apologists?
Right here. And I apologize for the Google Wallet.
(Disclaimer: I have no idea what that is.)
Where are those Google Wallet apologists?
Geez, can't let an Apple announcement go by without mentioning Android or Google.Fanboy much? Give it a rest, hero. No one mentioned them before you did.