Apple Pay, Samsung Pay, and Tokenization: How to Stay Safe with the Wallet of the Future


Left your wallet at home? No worries; you can still pay for those purchases! Just use your phone.

Apple Pay, Samsung Pay and other mobile wallets are revolutionizing the checkout experience by blending two developments in payment infrastructure to save you time: near-field communication (NFC) and token encryption.

Approximately one-third of all payment terminals nationwide have been updated to accept Apple Pay. However, it only works on phones equipped with the necessary NFC equipment. If you already have an iPhone 6 or a newer iPhone, though, all you need is the preinstalled Passport app. There are simple, on-screen instructions for adding a debit or credit card. You can even add your UCCU card!

Samsung Pay is structured similarly, but only works on select Samsung Android devices. However, Samsung has incorporated magnetic secure transmission (MST) technology as well. Hold a phone against a payment terminal and it will emit a signal that simulates the magnetic strip on a debit or credit card.

In terms of convenience, this means you can use Samsung Pay on almost any payment terminal in the country. The only situation where Samsung Pay won’t work is when you need to insert your card into a slot, such as at a gas station. Otherwise, though, you’re free to use this payment method even if the merchant hasn’t updated their equipment.

Both payment methods use a process called “tokenization” for maximum security. In the simplest terms, tokenization is the use of a non-secure piece of data to stand in for a secure one. It’s like arcade tokens. The secure data is the quarter, which you exchange at a machine for a token. That token then tells the arcade machines you have a quarter (or credit) to play. The game machine never sees the actual quarter, but accepts the token that stands in its place.

Apple Pay and Samsung Pay work the same way. When you make a payment with one of these services, the app creates a token – a random series of numbers – that corresponds to your account, along with a one-time security key. It transmits that data to the payment terminal, which sends that token to the “token vault,” a secure database that links these tokens to the actual accounts. If the security key is correct, the token vault will transmit a charge directly to the linked cards and return a verification of funds to the payment terminal. Since the token vault is hosted at the payment processor, the point-of-sale terminal never sees your card information. 

This is different from a swiped or keyed transaction. Ordinarily, the terminal reads your credit or debit card information directly and transmits it to the payment processor, which then sends it to your financial institution. This means your card’s information is stored in three different places, any of which could be the site of a data breach.

With tokenization, your information is seen only by the payment processor and your financial institution. That’s fewer points of failure along the information chain and there is less vulnerability for your sensitive data.

This also means that Apple and Samsung have no idea what purchases you’re making. For fans of internet privacy, this is heartening news.

There are other layers of security involved in these services. To use Apple Pay, you’ll need to use TouchID, FaceID or input your PIN. For Samsung Pay, you’ll have to authenticate your fingerprint, input a PIN or confirm an iris scan. If your phone gets swiped, a thief will have a hard time using it to go on a shopping spree. In contrast, if a criminal grabs your actual wallet, they can do enormous amounts of damage to your finances and credit score before you even realize it’s gone.

Whether you’re a die-hard Apple fan or a staunch Samsung supporter, mobile wallets are an efficient, secure way to pay. Download the app, link your UCCU card, and start leaving your wallet at home!  

SOURCES:

http://www.theverge.com/2016/12/6/13864376/35-percent-apple-pay-us-merchants

https://en.wikipedia.org/wiki/Tokenization_(data_security)

http://appleinsider.com/articles/14/10/20/how-apple-designed-apple-pay-to-avoid-the-pitfalls-of-traditional-payment-systems

http://www.forbes.com/sites/forbestechcouncil/2016/12/22/the-promise-and-challenges-of-biometrics/#21c6fc044202

https://www.idropnews.com/iphone-7-vs-google-pixel/iphone-7-vs-google-pixel-apple-pay-android-pay-comparison/28596/

https://www.sans.org/reading-room/whitepapers/casestudies/case-study-home-depot-data-breach-36367

https://www.google.com/amp/s/www.cnet.com/google-amp/news/apple-pay-vs-samsung-pay-vs-google-pay-which-mobile-payment-system-is-best/

Share Button

New Technology Alert – UCCU CardSwap

At UCCU excellent member service is a top priority and we are always looking for ways to make our members’ lives easier. It’s why we offer world-class mobile and online banking services that are secure, quick and easy. To that end we are now offering another new service that will provide a better way for you, our valued member, to update your payment card information for your subscriptions, streaming, shopping, and other online services. The new service is called UCCU CardSwap. It was made available to all members Monday, December 18.

With UCCU CardSwap you can update all your favorite digital services, like Netflix, Amazon, and more – at the same time, in the same place – within UCCU’s online and mobile banking. This new technology makes it easier…

  • To switch your preferred payment method to your new UCCU card
  • To update online payment methods to a new UCCU card when one is lost, stolen, or used for fraud
  • To update online payment methods when a renewal UCCU card arrives

To use UCCU CardSwap, simply login and select Services from the main menu, then select CardSwap:

 

Then – select Get Started:

Next – pick your accounts (scroll while in app to reveal the full list). Full list of possible accounts available at the bottom of this article:

Then – verify your new card information. If you are setting this up for the first time, simply put in your existing UCCU card information:

When setting up for the first time, or when adding new accounts – verify your username and password for your selected accounts and the update is complete. From here you can also add additional accounts or return to the main menu:

UCCU CardSwap means UCCU cardholders no longer need to log in individually for each account and update each provider. So, next time you need to update your online payment information, give UCCU’s CardSwap a try to quickly update your favorite digital services like Netflix, Amazon, and more.

Click here to apply for a UCCU checking account or click here to apply for a UCCU credit card.

Your turn: What are your thoughts around this service? How many accounts could you update through CardSwap?

Share Button