Recently, it seems almost every week there is a new data breach at a particularly large retailer. If you’ve ever used a credit card at the store, a slight panic sets in that your information could have been stolen. You enroll in the free credit protection service provided and you continue to shop at the affected stores, paying with your credit and debit cards.
The continued use of credit cards with minimal privacy contemplation raises some questions about how we, as consumers and increasingly tech savvy individuals, take steps to protect our identity online and in traditional brick and mortar stores. Are we not as concerned as we should be about our personal information being exposed or hacked into? Have we become too accustomed to the convenience of the stores we frequent? Or do we think it is all out of our control? After all, your credit card details weren’t stolen from Target or Home Depot because you left your card on the checkout counter or the floor. The store’s records were hacked into and your information was compromised.
With the rollout of Apple Pay this past week, Apple offers a new innovative solution to privacy concerns when it comes to handing a retail clerk or waiter your credit card. In other respects, Apple Pay raises lamented concerns about the power and information stored on your smart phone.
Apple’s successful past innovations lead people to instinctively believe that if it’s an Apple product, it will be successful. After all, Apple has that way of telling you what you need or want before you even realize what it is that you actually need or want. You may have been skeptical at first, but now you could not imagine living without your iPhone or even your iPad. Eventually, you catch on and buy what Apple tells you to buy.
The recent celebrity nude photo leak through Apple’s iCloud has been the blemish on Apple’s security record. While it has not scared some consumers away from embracing the new technological innovations, it is evidence that not all systems or carriers are exempt from data breaches. In a somewhat untimely fashion given the recent hacks, Apple Pay’s launch sets the stage for some of your most confidential information to be stolen: your credit card details. It adds one more element of your identity to the small black rectangle you never leave the house without. Just one breach into Apple’s system could lead a sophisticated hacker straight to the source of essentially all of your personal data.
However, many stand behind Apple and insist that Apple Pay is the safer way to perform credit card transactions. Apple boasts on its website that its “breakthrough contactless payment technology and unique security features built right into the devices” will revolutionize the way we view and perform point of sale transactions. Instead of handing your credit card with your name and account number visibly shown over to the store clerk, Apple Pay enables purchases to be made with an iPhone Touch ID fingerprint. To add credit card details to an Apply Pay account, you can manually enter the information or simply take a picture of the cards you want to use. Those account numbers are “never shared by Apple with merchants or transmitted with payment.” Apple has created a new system where a “unique Device Account Number is assigned, encrypted, and securely stored in the Secure Element, a dedicated chip in iPhone.” When you make a purchase, the Device Account Number and the transaction-specific dynamic security code processes the payment instead of transmitting your personal credit card numbers.
Believing that these new innovations will keep your personal data safer requires that you first feel comfortable providing Apple with your fingerprint, credit card details, and purchase history. Many, who have already entrusted so much information within their iPhones, find no problem supplying even more information. Others still have concerns about losing their devices and all of their personal information. Questions have also been raised regarding what Apple does with the information it collects.
Apple, true to its forward thinking business model, has already considered these fears and provided solutions to calm users’ nerves. Find My iPhone enables users to suspend their Apple Pay accounts or wipe clean their devices by putting their phones into Lost Mode. If consumers recognize their phone has been lost or stolen and are able to quickly react, they do not have to worry as much about their personal details being compromised. Find My iPhone should also lead the owner to the location of the lost or stolen iPhone. Even if a thief or hacker does capture your phone and access your details, the codes used to make purchases are only used once. After they have been used for a transaction, they become worthless and cannot be used for another purchase. Apple additionally insists that it does not save any transaction information made while using Apple Pay. The purchase history can be viewed by the user on the device, but Apple cannot view the purchases.
Apple intends to project a seamless purchase process with Apple Pay where cards are never exchanged or even taken out of a wallet. Already partnering with some major credit cards and retailers, Apple persuades by using the force of many. Consumer confidence in the safety and privacy of Apple Pay may be increased because reputable credit cards and stores are ensuring that shoppers can use Apple Pay with the cards they already have at the stores they already shop. Retailers just need to be equipped with near field communications (NFC) point-of-sale terminals to accept the Apple Pay transaction.
Even with Apple’s proclamations that no personal data will be stored or even accessible to anyone but the owner, Apple Pay still raises concerns. How sure can we be that our information is really protected and not stored? If the government requests information from users’ Apple Pay accounts, will Apple then be able to access the data? The recent revelation regarding information storage by the NSA has made questions like these more plausible.
Regardless of any security concerns that may exist, users are continually more willing to store personal information on their devices. Smart phones are beginning to know users better than they know themselves. Fingerprints, text messages, emails, schedules, flights, and now credit card information can all be inserted and saved on the iPhone. Perhaps it is Apple’s innovative reputation that subtly coerces users to provide this information without dwelling on data breach concerns. After all, Apple is not the first tech company to develop and deploy a payment application for phones. However, Apple is the first major company to gain fast and widespread support from consumers and compatibility from banks, credit card companies, and retailers. Google introduced a similar mobile payment system called Google Wallet in 2011, but skeptical consumers and wireless carriers caused the app to have minimal impact on mobile payments.
Many predict Apple Pay will be the new way we make purchases in stores, restaurants, and through online websites and apps. We may eventually be shocked at the archaic ways we once paid for items by either using cash or handing a stranger a plastic card with a name and account information printed on the outside for everyone to see. Others continue to raise privacy concerns and compatibility issues with retailers and banks. Bank of America’s accidental double charge of payments made through Apple Pay might be a glimpse into some of the glitches that still need to be fine-tuned. As with many technological innovations, only time will tell if Apple Pay will be a success and contribute to a major change in our social norms.
Christina Batog is a second-year law student at Benjamin N. Cardozo School of Law and a Staff Editor of the Cardozo Arts & Entertainment Law Journal.
