Apple wants you to believe it will protect your credit-card numbers better than it protected nude celebrity photos.
Apple on Tuesday unveiled a new payment system, called Apple Pay, that promises to securely hold customers' credit-card data. The announcement came just days after an embarrassing breach of celebrities' iCloud accounts that ended with their nude photos plastered all over the Internet.
At an event in Cupertino, Calif., to announce Apple Pay, new iPhones and the Apple Watch, executives took pains to assure customers that they could make payments with their new iPhones without fear that hackers could steal their information.
"Security is at the core of Pay, but so is privacy. We're not in the business of collecting your data," said Eddy Cue, Apple's senior vice president of Internet Software and Services, in charge of iCloud.
Apple Pay will be available on Apple's new phones and watch. Customer credit-card data will be encrypted and stored on what Apple is calling a "Secure Element Chip." After that, payments will involve a one-time payment code. Customers will pay using Touch ID by touching the new iPhone's home button.
Some observers noted the awkward timing of Apple pledging to store more sensitive customer data just days after the celebrity-hacking news.
Apple can't keep J Lawrence's pics safe, how the hell are they going to keep our money safe? Apple Pay is scary.
— Mike Modney (@mikemodney) September 9, 2014
Apple Pay released directly after the iCloud hack... Bad timing.
— Noel Lyons (@noel_lyons) September 9, 2014
Still, Apple's payment technology could eventually prevent the kinds of credit-card breaches that have recently hit Home Depot, Target and other retailers, said Rick Dakin, CEO of Coalfire, a cyber risk management firm.
"The number one reason hackers are going after merchants is you're presenting credit cards at the point of transaction," he said. "In the future, that's not going to happen."
But Dakin said consumers "should have minor concerns" with Apple Pay because the company still hasn't independently tested its security.
"Until the whole ecosystem is in place, you don't really know where the flaws are in that system," he said. "Apple needs to certify and validate that it has been independently tested, and so far it hasn't."
Mike Park, managing consultant at Trustwave, a cybersecurity firm, said "we cannot say with certainty" that mobile payment systems are more secure than credit cards.
"However, as with any new addition or feature to a platform, even ones meant to enhance security, this expands the overall attack surface, making it attractive for criminals looking for vulnerabilities to exploit," Park said.
Photo courtesy of Engadget
Apple Pay will come as a free update to iOS 8 in October and will work with American Express, MasterCard and Visa. There are currently around 220,000 merchants that accept so-called "contactless" payment systems like Apple Pay, and Apple is working with several major retailers like Walgreens, Target, Whole Foods, Macy's and more, to expand that number.