On Tuesday Apple showed off a killer new app for the iPhone 6: the ability to use your phone like a credit card to pay for things.
How safe is that?
After all, only a week ago Apple’s iCloud was implicated when nude photos of celebrities were leaked online. Apple said its cloud servers themselves weren’t hacked, but it also admitted that “certain celebrity accounts were compromised.”
There’s been lots of theories as to how the hackers compromised those accounts, and if Apple shoulders some responsibility. Apple IDs seem to be easy to crack if you have the right tools.
So what has Apple done to ensure it can keep your credit card safe should you choose to turn your phone into a credit card?
There are several answers.
No. 1: Apple is not using iCloud to store your credit card numbers at all. They are stored encrypted, in a special highly secure spot on your phone:
With Apple Pay, instead of using your actual credit and debit card numbers when you add your card, a unique Device Account Number is assigned, encrypted and securely stored in the Secure Element, a dedicated chip in iPhone. These numbers are never stored on Apple servers.
No 2: Apple isn’t storing details about your purchases, either.
Apple Pay does keep a list of your most recent purchases in the Passbook app, however. Passbook does save some data to iCloud by default. It’s not clear if the data about your purchases will be stored on iCloud, but Apple isn’t collecting transaction details like your credit card.
No 3: Apple Pay is only available on the iPhone 6 and is tied to the fingerprint scanner.
In an interview with the Wall Street Journal, CEO Tim Cook said celebrities’ iCloud accounts were compromised when hackers correctly answered security questions and were able to get their passwords that way, or when they were tricked into revealing their user IDs and passwords in other ways.
The fingerprint scanner gets rid of the need for a password. While security researchers have been able to hack the fingerprint scanner, it’s a fairly involved process, not something a hacker can pull off from afar.
No 4: Your iPhone never even gives the store your actual credit card number.
That could be safer. Just this week Home Depot admitted that hackers planted malware at its stores and were able to steal credit card info that way, as people used cards to pay for things.
With Apple Pay, Apple says:
… when you make a purchase, the Device Account Number alongside a transaction-specific dynamic security code is used to process your payment. So your actual credit or debit card numbers are never shared with merchants or transmitted with payment.