It may be difficult to believe, but the first all-purpose credit card was not released until 1966. And here we are today, asking, "Is Apple Pay secure?" A mere 55 years after the first card went public, we're diving into the security features of a mobile payment system that could render traditional cards virtually obsolete. Here, we answer your questions regarding the built-in safety of Apple Pay and the steps you can take to make it even more secure.
What is Apple Pay?
To understand Apple Pay, it helps to understand mobile wallets. In short, a mobile wallet digitally stores credit, debit, ID, and gift cards on a mobile smart device. The cards that used to be in your wallet are now stored on a smart device. In the case of Apple Pay, they're stored on your iPhone, iPad, Apple Watch, and Mac. In other words, Apple Pay is available only on devices made and sold by Apple.
Once payment information (like credit and debit card numbers) is entered, Apple wallet users can pay for purchases simply by placing their phone (or other Apple device) near enough to a store's card reader for the reader to receive transmitted payment information using a Near Field Communication (NFC) chip. NFC is a contactless tool designed to work across very short distances and has become a standard in the industry. The transaction will show up on the user's monthly credit card statement like any other charge.
It's fast, convenient, and allows the user to run errands with nothing more than their iPhone or Apple Watch on them. One reason Apple Pay is secure is that users don't have to worry about losing cash or credit cards.
Is Apple Pay safe?
One of the most exciting things about the mobile wallet is its safety features. They include:
Unique encryption
Each time a traditional credit card is swiped, the magnetic strip on the back leaves the same precise identifying information. This information allows a merchant to know that you're responsible for the charge. If someone decides to steal the information embedded on the magnetic strip, they can easily use a magnetic scanner to copy it for their use.
The same is not true when Apple Pay is used. Each time Apple Pay is used, the transaction is encrypted, and the encryption is never the same. Once an encryption has been used, the same encryption is never used again. For the Apple Pay user, that means thieves have no way of intercepting their financial information, no way to access identifying information tied to the payment method.
While payment is made to the store, the merchant is never given any other information. They have no way to track which credit card was used to make the purchase. If a criminal were to intercept the data, the encrypted code would make it impossible to use. People wondering "Is Apple Pay secure?" should feel a lot of comfort with that.
Traditional credit cards include an EMV chip, designed to work in much the same way as the Apple Pay encryption. The problem is when there's no chip reader -- like many smaller merchants -- EMV chips don't come into play and can't provide the same level of protection. The same is true of purchases made online.
Apple Pay renders card-skimming devices irrelevant
Let's say someone with a traditional credit card is in a gift store and must swipe their credit card to make a purchase. If a thief has placed a card-skimming device on the card reader, they immediately have access to the information stored on the card's magnetic strip. The fact that there is no magnetic strip from which to steal makes each Apple Pay transaction safer.
Personal ID required
To activate Apple Pay, the user must provide personal identification. That may be a fingerprint, facial recognition, or a unique PIN. Even if someone else has possession of the user's iPhone or Apple Watch, they can't use Apple Pay without proving it belongs to them.
Even Apple is blindfolded
Apple has no access to the user's personal information. They don't store entire credit or debit card numbers, and they don't keep copies of transaction information that can be tied back to the user. They keep a portion of the user's card numbers and a portion of the device account number -- just enough to associate them with the user's Apple ID. That way, the user can manage cards across all their devices without anyone else having enough information to access the cards.
One clear advantage of Apple blindfolding itself is that it prevents even the most clever hacker from gaining control of a user's account if they somehow breach Apple security and get into the servers.
There's an emergency protocol
Say a user loses their Apple digital wallet, either by accident or theft. As long as they've activated their "Find My iPhone" feature on another Apple device, they can instantly put the missing device into lost mode. Lost mode prevents the user from having to cancel the credit cards stored on the device. In fact, the user's physical cards will still work. If the user finds the device in the sofa cushions (or anywhere else) later, they can easily reactivate it.
Ways to make Apple Pay even safer
If someone other than the user is able to make an Apple Pay purchase on a device, it's almost always because the user was either careless or trusted the wrong person. As a reminder, here are some simple ways to enhance the security of Apple Pay on any device:
- Don't share the device passcode. Even users who use Face ID or Touch ID must have a passcode. They should make sure the code is unique and not used for other purposes, such as accessing an ATM or opening a garage door. No matter how much they trust the people in their lives, keeping their Apple Pay code to themselves is the first, best way to protect their account.
- Make the passcode tough to crack. Even a novice thief will try to string four easy-to-remember numbers together. That means that a passcode like 1111, 1234, or 9876 is too obvious. Instead, a user needs to develop a code that mixes numbers in an unexpected way. And again, it should never be shared with another person.
- Take advantage of Face ID or Touch ID. Using biometrics makes it far more difficult for anyone to break into another person's Apple Pay.
- Only the user's biometrics should be included. While Apple Pay allows another person, like a romantic partner or family member, to add Face ID or Touch ID to a device, it's a bad idea. It's impossible to know what will happen if a relationship goes south or the other person becomes desperate.
- Only add cards to an Apple Pay device when the Wi-Fi network is secure. Hackers are remarkably clever and have ways to "eavesdrop" on your online activity. The safest place to add cards is on a password-protected Wi-Fi network at home.
- Ensure the "Find My iPhone" feature is activated on another Apple device. This feature will serve as a backup if the most commonly carried device is ever lost or stolen.
- If a device is lost or stolen, don't wait. Use the "Find My iPhone" feature on the other Apple device to put it into lost mode until recovered. If the user does not own another Apple device or never set up the Find My iPhone feature, they can go to their Apple ID account page to disable payment methods, including credit, debit, and prepaid cards.
Convenience is the name of the game when it comes to Apple Pay. In addition to being secure, Apple Pay is easy to use, allows the user to purchase items in stores, online, and anywhere credit cards are routinely accepted. And like a traditional American Express or Visa Card, the user can view charges on a monthly statement and dispute a charge they disagree with. Apple Pay also allows U.S. users to send and receive money from family and friends. Finally, because all purchase information is stored in one place, Apple Pay makes bookkeeping easier at the end of the month.
Credit card comparison
We recommend comparing options to ensure the card you're selecting is the best fit for you. To make your search easier, here's a short list of standout credit cards.
Offer | Our Rating | Welcome Offer | Rewards Program | APR | Learn More |
---|---|---|---|---|---|
Wells Fargo Active Cash® Card | Rating image, 5.00 out of 5 stars. 5.00/5Our ratings are based on a 5 star scale.5 stars equals Best.4 stars equals Excellent.3 stars equals Good.2 stars equals Fair.1 star equals Poor.We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs. | $200 cash rewardsEarn a $200 cash rewards bonus after spending $500 in purchases in the first 3 months. | 2% cash rewardsEarn unlimited 2% cash rewards on purchases. | Intro:0% intro APR for 12 months from account opening on purchases and qualifying balance transfers Purchases: 0% intro APR, 12 months from account opening Balance Transfers: 0% intro APR, 12 months from account opening on qualifying balance transfers Regular:20.24%, 25.24%, or 29.99% Variable APR | |
Discover it® Cash Back | Rating image, 5.00 out of 5 stars. 5.00/5Our ratings are based on a 5 star scale.5 stars equals Best.4 stars equals Excellent.3 stars equals Good.2 stars equals Fair.1 star equals Poor.We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs. | Discover will match all the cash back you’ve earned at the end of your first year.N/A | 1% - 5% CashbackEarn 5% cash back on everyday purchases at different places you shop each quarter like grocery stores, restaurants, gas stations, and more, up to the quarterly maximum when you activate. Plus, earn unlimited 1% cash back on all other purchases—automatically. | Intro: Purchases: 0%, 15 months Balance Transfers: 0%, 15 months Regular:18.24% - 28.24% Variable APR | |
Bank of America® Travel Rewards credit card Apply Now for Bank of America® Travel Rewards credit card OnBank of America'sSecure Website. | Rating image, 4.00 out of 5 stars. 4.00/5Our ratings are based on a 5 star scale.5 stars equals Best.4 stars equals Excellent.3 stars equals Good.2 stars equals Fair.1 star equals Poor.We want your money to work harder for you. Which is why our ratings are biased toward offers that deliver versatility while cutting out-of-pocket costs. | 25,000 points25,000 online bonus points after you make at least $1,000 in purchases in the first 90 days of account opening - that can be a $250 statement credit toward travel purchases | 1.5 points per dollarEarn unlimited 1.5 points per $1 spent on all purchases, with no annual fee and no foreign transaction fees, and your points don't expire as long as your account remains open. | Intro:0% Intro APR for 15 billing cycles for purchases. 0% Intro APR for 15 billing cycles for any balance transfers made in the first 60 days. After the intro APR offer ends, 19.24% - 29.24% Variable APR on purchases and balance transfers will apply. A 3% fee for 60 days from account opening, then 4% fee applies to all balance transfers. Purchases: 0% Intro APR for 15 billing cycles for purchases Balance Transfers: 0% Intro APR for 15 billing cycles for any balance transfers made in the first 60 days Regular:19.24% - 29.24% (Variable) | Apply Now for Bank of America® Travel Rewards credit card OnBank of America'sSecure Website. |
FAQs
Use the "Find My iPhone" feature on the other Apple device to put it into lost mode until recovered. If the user does not own another Apple device or never set up the Find My iPhone feature, they can go to their Apple ID account page to disable payment methods, including credit, debit, and prepaid cards.
Apple Pay does not store complete credit card numbers or identifying information. Instead, they keep partial numbers (that cannot be used by thieves) and encrypt the rest.
The same security features that apply to standard credit cards are used to protect debit cards.