Nothing is bigger than security.
Scottsdale, AZ (PRWEB) September 18, 2014
On Sep 9th, 2014, Tim Cook, the CEO of Apple, unveiled Apple Pay, along with the new iPhone 6 and iWatch. Apple Pay is a newly developed technology that utilizes a near field communication (NFC) to enable customer payments at the point of sale machine with fingerprint authentication. Credit card information such as card number, expiration date, and CVV number are stored securely in the iPhone and are transmitted directly to Visa, MasterCard, Discover, or American Express. As Tim Cook demonstrated, holding an iPhone 6 near the contactless reader with one finger on the Touch ID is all customers need to complete a transaction. Although “Secure” is the word Tim Cook repeatedly emphasized in the announcement, some industry experts are skeptical and critical of the security underlying the system.
While NFC is a relatively mature and secure technology, the digital fingerprint technology embedded in Apple Pay is new and somewhat problematic. As an Apple spokesperson told the Wall Street Journal last year, Apple will not store images of fingerprints; instead it will store "fingerprint data" on the phone's encrypted chip.[1] Therein lies the rub, storing biometric information. In 2013, it took hackers less than two days to defeat Apple’s new security mechanism.[2] Within the last nine months, there have been several severe data breaches among the most reputable retailers, leaving millions of card holders’ information compromised, and causing massive financial losses. If Apple itself was accused of overlooking its own security systems after the recent iCloud hacking incident, one can imagine the gravity of a scenario where fingerprint data is involved. [3] It is safe to predict that Apple Pay will be targeted in the foreseeable future, especially if the data can be used in the public domain for payments, access control, and more.
For consumers this poses an enormous problem. Once your fingerprint (or any biometric data) is stolen, you can never get it back. Unlike a stolen credit card, you can’t make a phone call and get new biometrics. The scope of how and when lost fingerprint data can be used is alarming. Today the black market offers stolen credit card numbers for roughly about $100 USD per card. Since buyers know there is a limited lifespan of the stolen card, they work quickly to exploit that window. The value of biometric data that never expires and can be resold again and again is invaluable. As biometric systems become increasingly pervasive, the value of such information is likely to rise dramatically.
Consumers also need to consider the implications of digitized fingerprints as it relates to identity theft. For instance, the U.S. Citizenship and Immigration Service records and uses fingerprint data. Fingerprint data is widely used in law enforcement and for the purpose of conducting criminal background checks.[4] Hackers could use stolen digitized fingerprints to pass through borders, conduct criminal activity and frame the consumer for the crime.
Matanda Doss is the CEO of 5th Dimension Logistics, a global leader in electronic payment industry, had this to say: “Apple has always been a leader of innovation. We appreciate its effort to bring an easier and more innovative payment technology to customers. However, we believe there is nothing more important than customers’ payment information and personal information. As a result, we encourage customers to carefully use Apple Pay until it is fully analyzed to assure customer information security. Nothing is bigger than security.”
[1] Ngak, Chenda: Should your fear Apple's fingerprint scanner?: [http://www.cbsnews.com/news/should-you-fear-apples-fingerprint-scanner/ Sept 17, 2014
[2] Steinberg, Joseph: Hackers Claim to Have Defeated Apple's Fingerprint Security: [http://www.forbes.com/sites/josephsteinberg/2013/09/23/hackers-claim-to-have-defeated-apples-fingerprint-security/ Sept 17, 2014
[3] [unattributed] 2014 Data Breach Investigations Report: [http://www.greycastlesecurity.com/resources/documents/Verizon_2014_Data_Breach_Investigations_Report.pdf Sept 17, 2014
[4] [unattributed] Fingerprints: US Citizenship and Immigration Services. [http://www.uscis.gov/forms/fingerprints Sept 17, 2014