Want the security benefits of the Apple card? Just use Apple Pay


In one typically flashy launch event in Cupertino on Monday, Apple debuted the Apple card, a new credit card offered in collaboration with Goldman Sachs and Mastercard. Apple claims it will address many consumer frustrations with today's credit cards: the card will be simple to sign up for, there will be no fees and it will be easy to redeem rewards. The company also firmly states that the Apple Card "transforms the entire credit card experience into … offering a new level of privacy and security."

But you do not have to wait until the Apple Card is released this summer to try out its security features. All you have to do is use Apple Pay and any credit card you already own.

"Nothing really changes with the Apple card," says Avivah Litan, vice president of research at analytics and consulting firm Gartner. "It's pretty cool, actually. They already have all of Apple Pay's infrastructure built and a tremendous adoption right now around the world, so this is a competitive step."

Lily Hay Newman covers information security, digital privacy and hacking for WIRED.

When you add a credit card to Apple Wallet to use with Apple Pay, whether it's an Apple card or another credit card, the service encrypts the credit card number and other details into a single card identity stored in the " safe "for additional protection. Completing a transaction through Apple Pay then requires a unique identifier and one-time security code, plus an additional biometric check via FaceID or TouchID. In this way, your actual credit card number is never transmitted to the transaction, and a fraudster would need the unique transaction code and your face or fingerprint to make unauthorized charges. These same security benefits will be extended to the Apple Card.

While there have been a few examples of fraud at Apple Pay since its launch in 2014, security advocates generally regard these protections as a solid improvement over typical credit card transactions. But in cases where Apple Pay is not an option, the Apple Card is, in terms of protection, just that – a typical credit card.

The physical card is exactly the engraved and minimalist titanium slice you would expect from Apple and takes a good safety step by displaying only your name without a card or CVV number. But if you use the card in a store for a regular transaction with a chip, it seems to work just like any other credit card. There is no technology in the card itself; can not complete non-contact payments. The card also appears, based on photos from Apple's ad, to have a magnetic strip on the back, which comes with its own set of security issues. And although the card number does not appear physically, you can access it in Apple Wallet and use it to shop online, just as you would with any other credit card. Apple prefers that you make online transactions with Apple Pay anyway, but if you do not do so, there is no additional special Apple Card attribute that protects you.

And Apple's agreement with Goldman Sachs and Mastercard – as issuing bank and payment network, respectively – is a standard configuration for a branded card.

"In general, for all merchants, this will be treated as another MasterCard transaction and will follow all these rules," says John Drechny, CEO of the Merchant Advisory Group, an independent industry body. "And if merchants accept the card online, they will still have the same liability agreement with the payment network. I do not believe it is different from a common shared-brand business."

As with any other credit card, the bank and payment network involved in the routing and execution of transactions will have normal access to the data. Which is not at all bad. Banks analyze consumer financial data to identify patterns and try to reduce fraud. They also usually share and sell this data for other purposes.

This is an area where the Apple Card could stand out and align with the company's emphasis on data privacy. Apple noted in its announcement that "Goldman Sachs will never share or sell its data to third parties for marketing or advertising." Apple did not mention whether MasterCard agreed to not share or sell user data, and did not return a WIRED request for comment.

As for Apple itself, the company says it will not have access to any user transaction data or purchase information. Apple's card features intended to help users track their spending and analyze the information in the statement will all be populated locally on users' devices, not on Apple's servers.

"Apple gets the best of both worlds by becoming a card issuer and partnering with a bank," says Gartner analyst Litan about Apple's decision to stop accessing user data. "They can keep your nose clean."

Overall, Apple's efforts to increase the use of Apple Pay are praiseworthy from the point of view of security and anti-fraud. And of course the purpose of the Apple Card is to drive the adoption and use of Apple Pay. But the Apple card itself is a little more run from the factory.

More great stories with wire


Source link