M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.
Don't Risk IT
Will There Be Unforeseen Security Issues with Apple Pay?

Will There Be Unforeseen Security Issues with Apple Pay?

The iPhone 6's Apple Pay raises security questions about mobile payments. Learn what risks developers and IT consultants have when working with mobile wallets.

Wednesday, September 17, 2014/Categories: cloud-security

As news swirls that Dairy Queen and Home Depot's point-of-sale systems were hacked, Apple has announced its new mobile payment service, “Apple Pay,” claiming that it will replace outdated credit card payment protocol with a new, more secure option.

CEO Tim Cook's announcement had the usual Apple flair. Here was a service that was going to change the way Apple's 800 million users went about their day-to-day life. But how secure are mobile payments? If your clients are thinking about embracing mobile payments, what do you tell them?

Security flaws in mobile payment software you set up could lead to a lawsuit filed against your IT business. You need to understand the security issues with near field communication (NFC) and mobile payment technology – and what it means for IT contractor liability.

What Is Apple Pay and How Does It Work?

To use Apple Pay, iPhone 6 users will follow two simple steps:

  1. Tap their phone to a near field communication sensor at a cash register.
  2. Press their finger to iPhone’s fingerprint sensor to approve the transaction. By doing this, they'll send a payment to the business.

Easy enough, right?

This is only how the payment processing service works on the surface. When it comes to data security, you have to look at what's going on "under the hood." The good news is that the technology behind Apple Pay looks promising.

Tech Crunch explains how this new technology will work. Users register their credit card with Apple by entering its data and taking a picture of the card to verify it. The iPhone app Passbook keeps a user's cards on file.

The real security innovation is the way data is transferred between the phone and the POS system at the store. Credit card information is never transmitted. Instead, the phone sends a unique payment transaction ID and security code. The transaction ID is only valid for one use, preventing re-use by hackers.

Right now, POS systems store card data and PINs with each swipe. This makes them extremely attractive to hackers – hence the Target, Dairy Queen, and Home Depot data breaches. With Apple Pay, merchants will no longer have to store customer financial data on their network.

What Are the Possible Drawbacks of Using Apple Pay?

As Wired reports, Apple Pay will also affect the way users make in-app and online purchases. As Apple Pay catches on (assuming it does), mobile developers will need to push out new versions of their apps that take advantage of the simplicity of Apple's mobile payment infrastructure.

Even though Apple has a strong reputation for security, we've seen a number of serious security issues in the last 12 months. First, iOS had a gaping hole in its code that thankfully no hackers noticed. Then, celebrity iCloud accounts were hacked with a brute-force attack on the Find My Phone app.

IT consultants are responsible for updating, developing, and installing IT solutions or new architecture. But security flaws in mobile payments (or other technology) can lead to a hack on your client's network and a lawsuit filed against your business.

While the threats may change, your coverage doesn't. If you keep Errors and Omissions Insurance up-to-date, and avoid lapses in your coverage, your insurance can cover lawsuits over data breaches, software errors, and other IT liabilities.

For free quotes on insurance for tech professionals, submit an online insurance application.

The Small Business
Insurance Leader
800.688.1984 | 8 am - 5:30 pm CST | M-F
Customer Rating 4.9 out of 5
Read Customer Reviews


The Small Business Insurance Leader