Apple Pay, Samsung Pay, and Tokenization: How to Stay Safe with the Wallet of the Future


Left your wallet at home? No worries; you can still pay for those purchases! Just use your phone.

Apple Pay, Samsung Pay and other mobile wallets are revolutionizing the checkout experience by blending two developments in payment infrastructure to save you time: near-field communication (NFC) and token encryption.

Approximately one-third of all payment terminals nationwide have been updated to accept Apple Pay. However, it only works on phones equipped with the necessary NFC equipment. If you already have an iPhone 6 or a newer iPhone, though, all you need is the preinstalled Passport app. There are simple, on-screen instructions for adding a debit or credit card. You can even add your UCCU card!

Samsung Pay is structured similarly, but only works on select Samsung Android devices. However, Samsung has incorporated magnetic secure transmission (MST) technology as well. Hold a phone against a payment terminal and it will emit a signal that simulates the magnetic strip on a debit or credit card.

In terms of convenience, this means you can use Samsung Pay on almost any payment terminal in the country. The only situation where Samsung Pay won’t work is when you need to insert your card into a slot, such as at a gas station. Otherwise, though, you’re free to use this payment method even if the merchant hasn’t updated their equipment.

Both payment methods use a process called “tokenization” for maximum security. In the simplest terms, tokenization is the use of a non-secure piece of data to stand in for a secure one. It’s like arcade tokens. The secure data is the quarter, which you exchange at a machine for a token. That token then tells the arcade machines you have a quarter (or credit) to play. The game machine never sees the actual quarter, but accepts the token that stands in its place.

Apple Pay and Samsung Pay work the same way. When you make a payment with one of these services, the app creates a token – a random series of numbers – that corresponds to your account, along with a one-time security key. It transmits that data to the payment terminal, which sends that token to the “token vault,” a secure database that links these tokens to the actual accounts. If the security key is correct, the token vault will transmit a charge directly to the linked cards and return a verification of funds to the payment terminal. Since the token vault is hosted at the payment processor, the point-of-sale terminal never sees your card information. 

This is different from a swiped or keyed transaction. Ordinarily, the terminal reads your credit or debit card information directly and transmits it to the payment processor, which then sends it to your financial institution. This means your card’s information is stored in three different places, any of which could be the site of a data breach.

With tokenization, your information is seen only by the payment processor and your financial institution. That’s fewer points of failure along the information chain and there is less vulnerability for your sensitive data.

This also means that Apple and Samsung have no idea what purchases you’re making. For fans of internet privacy, this is heartening news.

There are other layers of security involved in these services. To use Apple Pay, you’ll need to use TouchID, FaceID or input your PIN. For Samsung Pay, you’ll have to authenticate your fingerprint, input a PIN or confirm an iris scan. If your phone gets swiped, a thief will have a hard time using it to go on a shopping spree. In contrast, if a criminal grabs your actual wallet, they can do enormous amounts of damage to your finances and credit score before you even realize it’s gone.

Whether you’re a die-hard Apple fan or a staunch Samsung supporter, mobile wallets are an efficient, secure way to pay. Download the app, link your UCCU card, and start leaving your wallet at home!  

SOURCES:

http://www.theverge.com/2016/12/6/13864376/35-percent-apple-pay-us-merchants

https://en.wikipedia.org/wiki/Tokenization_(data_security)

http://appleinsider.com/articles/14/10/20/how-apple-designed-apple-pay-to-avoid-the-pitfalls-of-traditional-payment-systems

http://www.forbes.com/sites/forbestechcouncil/2016/12/22/the-promise-and-challenges-of-biometrics/#21c6fc044202

https://www.idropnews.com/iphone-7-vs-google-pixel/iphone-7-vs-google-pixel-apple-pay-android-pay-comparison/28596/

https://www.sans.org/reading-room/whitepapers/casestudies/case-study-home-depot-data-breach-36367

https://www.google.com/amp/s/www.cnet.com/google-amp/news/apple-pay-vs-samsung-pay-vs-google-pay-which-mobile-payment-system-is-best/

Share Button

Leave a Reply

Your email address will not be published.