Tag Archives: Apple Pay

Three reasons to be happy that Apple Pay has arrived in the UK

I’ve long been a fan of Apple Pay and the fact that it is finally available in my homeland, the UK, is a good thing.

While most Americans are still using credit card magstripes to make payments, a few early adopters have been using Apple Pay since it was released around a year ago in the US. I am one of them, and I have to admit I’m impressed.

First and most obviously, there’s the convenience of being able to make small purchases quickly and easily using just my phone. No more digging around for my wallet or cash but a quick bleep and I’m done.

Next is the security. Paying with Apple Pay isn’t just convenient but secure as well. When you hover over the contactless payment point, you use the Touch ID to authenticate the transaction, making it much more secure than the contactless credit and debit cards already in use in the UK which have no authentication at all and can be used by anyone for small purchases.

Touch ID

 

Apple Pay also helps protect your privacy thanks to Apple’s Unique Device Account Number. A system specifically designed for Apple Pay, using a Unique Device Account Number means that Apple never needs to transmit or share your actual card or banking details with the merchant. This adds a significant layer of protection for your payment data.

 

Apple Pay Diagram

Image source

 

For more information on how mobile payments work check out this blog from my colleague Judith Bitterli and these three trends from Charlie Sanchez.

In You can follow me on Twitter @TonyatAVG and find my Google+ profile here.

What does iOS 8 mean for privacy?

Apple just released the next version of its mobile operating system, iOS 8, to the world for all devices from the iPhone 4S and newer. iOS 8 introduces many new bells and whistles including mobile payments on the iPhone 6 and 6 Plus, health data, and many other features. While it will take a little while to get used to and notice everything new, we wanted to let you know of the improvements in privacy and security being made in this new mobile OS.

With a big push into wearable computing and health information on your devices, the need for improved privacy and security may be at an all-time high. The three main areas of concern we look at to see how well Apple is keeping up their privacy and security standards would be Apple Pay, device settings, and general data protection.
 

Apple Pay

Apple Pay may be the biggest news outside of the Apple Watch to be released in quite a while for Apple. Not only are they now enabling every new smart phone user to pay at over 220,000 brick and mortar stores with their phone, but they hope to do so in a much more secure manner

With Apple Pay, you are enabling your phone to act as a payment service that connects to your credit card or bank account. Apple Pay actually takes this a step further and never stores your credit card information on the devices or servers, but rather generates one-time tokens that connect to your account each time you pay. This means that you’re never actually providing your real credit card details at the point of purchase, helping protect you from fraud.

 

Device Settings

Device settings have been mostly minor updates from one version of iOS to the next, and although the changes may seem small they can help put the privacy control back in consumer’s hands. In iOS 8, there are three updates that users should be aware of in the settings: default search engine, location data, and your contact list.

Apple is introducing a new option for default searches to satisfy the privacy conscious crowd, using DuckDuckGo. DuckDuckGo is a privacy oriented search engine that doesn’t collect information on your search terms or build a profile to target advertisements at you. In fact, the search engine doesn’t even keep track of what websites you visit through your searches. This enables the DuckDuckGo to provide the most private search in a consumer friendly manner. The one downside to DuckDuckGo is that your searches will not be tailored to you; so finding what you want may take a little bit longer.

Location data has always been one of two options prior to iOS 8, either always on or always off. With the introduction of iOS 8 however, there is now a new option to allow apps to only access your location while the app is running. This could prevent rogue apps from collecting and storing data about your location at any time of the day. This setting is configurable through the Location tab in the Privacy section of the settings app, although it does require apps to accept this as an option.

Finally, your contact list contains some of the most personal and private data you might have on your phone. There have been many examples of apps uploading and saving your contacts to their servers, and this was in part due to an all-or-nothing model for accessing contacts.

Contact information is necessary for sharing with friends, finding people to connect with, and other useful tools on your device, but it’s definitely not always needed in its entirety. For this reason Apple is now introducing better developer controls so that apps can request only certain parts of your contact list, such as just email addresses, or even search and get a single contact at a time. This benefits the user as they won’t need to hand over all of their data to every app, but rather only give away the information that is needed.
 

Data Protection

iOS 8 brings a large push towards health data and wearable computing to your devices. While these are great new tools, they also generate a lot of sensitive, personal information about you. To help keep this data safe, Apple is creating a protected, centralized location that requires specific access before apps can read the data. This allows you to control who you share it with.

Outside of data that devices are tracking on us, Apple also taken steps to prevent third parties from tracking you based on your device. One of the most common ways companies would put together a profile on users was to associate behaviors, such as apps used or websites visited, to a MAC address which is a unique string that each device has. This address acted as the key that put all the pieces of data together. Starting in iOS 8, your MAC address will become randomized whenever you are connecting to new Wi-Fi spots or apps are requesting your information. This should help make sure you stay more anonymous in the online ad tracking world.

Apple has made a great start protecting your data from hackers, trackers, and government agencies, but we need to remember that much of the control is in our own hands. It is highly recommended to set a unique password for each service you use, enable 2-factor authentication when you can, and pick obscure and hard to discover security questions to back up your account. One of the biggest vulnerabilities to our privacy is ourselves.

 

Check out our twitter account at @AVGFree or follow us on Facebook at facebook.com/AVG to stay up to date with all the latest privacy and security news around Apple and other popular companies. If there is anything in particular you want to see more of, leave us a comment below or at one of our social media accounts.

Image courtesy of iosmedya.com

Apple Pay and The New World of Mobile Digital Credit Cards

Amid the extravaganza of the Apple Watch and iPhone product launch this week, Apple also unveiled Apple Pay – a new mobile digital payment system, which is being touted by some as death for the “plastic” credit card.

By registering your MasterCard, Visa, and American Express cards to your Apple Pay wallet through iTunes, you will be able to use your Apple devices (the newly announced iPhone 6 and forthcoming iWatch) to make easy and secure mobile payments to merchants.

The payment system uses a one-time transaction-specific dynamic security code –meaning your actual credit card number never gets transferred to the merchant and reduces the chance of fraud. You can hear immediate analysis from our Tony Anscombe on Bloomberg TV here.

Lots of information around implementation remains to be seen. However, the Apple pay system does boast early support by major credit card companies and banks.

Apple is using short-range radio waves technology known as NFC (near-field communication), in both its smartwatch and the new iPhones in support of the application. NFC has been a feature in many other smartphones (including by Google) but has failed to take hold to date. Market researcher Gartner estimated NFC was used for just 2% of total mobile payments last year, though expected to nearly double to $8.2 billion this year. Up until now, analysts say banks couldn’t see a business case for NFC instead of simply issuing their own smart cards.

Smart cards aka EMV cards (an acronym for Europay MasterCard and Visa) are revamped credit cards with microchips that store your data on the card. This approach also limits the retailer from holding your data; data resides on your card and the embedded microprocessor chip encrypts transaction data differently for each purchase.

The catch with the chip cards, until now, is that most retailers don’t have the technology for them yet…But that is also expected to change quickly. Walmart is already there.  Major retailers like Target and Home Depot have announced plans to roll out the EMV payment systems. I just received replacement Amex card with the EMV technology.

(BTW, in other related news, Home Depot revealed this week that its payment systems had been hacked, possibly compromising customer data over its 2,000+ outlets in the U.S and Canada. This is potentially a bigger data breach than the one that unfortunately befell Target last December.)

There is also added incentive for EMV adoption: in October 2015, new standards will go into effect, changing how liability falls between credit-card issuers and retailers. While EMV compliance won’t be mandatory, liability for fraud will fall on the party that hasn’t upgraded their systems. You can read more about EMV and the upcoming so-called “liability shift” here.

In the meantime, what can you as a consumer do to keep your credit data safe?

Here are a few recommendations:

  • Report lost cards or discrepancies immediately.
  • Review your account often.
  • Keep your receipts, and match them against your credit card statement.
  • Shred your statements.

 

And what if you are a business owner? You should familiarize yourself with EMV, and the upcoming standards, and if possible, look to upgrading to a credit-card machine that is EMV capable.  (You can also take AVG’s data security Health Check to make sure you are on top of your responsibilities in the case of any data compromises.)

We in the industry are working to evolve data security and make it better.  In the meantime, as a consumer, an owner or an operator, stay alert and protect yourself.

One thing is for certain, we are on the verge of a whole new era of credit card security risks.

 

****

On a separate note: Congratulations to Megan Smith on her appointment as the US  CTO. Bravo!