Home Thinking Aloud Apple Pay Brings Promise of POS Security for Some Businesses, Doubt for...

Apple Pay Brings Promise of POS Security for Some Businesses, Doubt for Others


by Carmon Drummond, Director of Sales and Marketing at MainSpring 

Apple PayTarget and Home Depot’s recent POS hacking disasters have not only cost both companies millions, but they have crushed consumer confidence in digital POS systems. Target’s dramatic Holiday breach saga came at the expense of 40 million customers (although it’s been argued to be as many as 70 million), while Home Depot’s hacking came in at approximately 56 million victims.

Thus, more of America is becoming all too weary of the lack of safety and reliability of both credit cards and POS systems — and for good reason.

Some experts, however, think Apple’s new “Apple Pay” feature may put an end to such system intrusions.

What Is It?

The new feature allows you to make transactions via connecting your credit/debit card information to your phone, eliminating the need for actual cards upon making a purchase. However, the concept of paying via phone isn’t actually “new” (looking at you, Google Wallet). The iPhone 6 is the only iPhone with Apple Pay capabilities.

But how will small businesses integrate Apple Pay into their NCR POS systems? And— perhaps more importantly— will these new systems be truly hack-proof?

POS systems wishing to enable Apple Pay will need a contactless reader to utilize the required NFC (near-field communication) technology, which is how the device scans the phone to complete a transaction. All iPhone 6s (and Apple Watches) come with a NFC chip that connects with the contactless POS reader, and the phone vibrates to notify you that the transaction is complete.

A Shift in Business Transactions

NCR, the nation’s largest provider of POS terminals, has expressed excitement for Apple Pay’s features, and plans to enable integration through traditional, POS systems, as well as m-commerce channels via mobile applications.

It’s no doubt that small businesses will begin feeling the pressure to keep up with this new feature in their stores. The Smart Card Alliance claims that over 35,000 retail establishments have already integrated contactless readers into their POS systems.

How much does it cost for a business to integrate contactless readers? It depends on their current POS infrastructure, as well as whether they will install peripheral or integrated readers.

Safety Features of Apple Pay

Amidst all of the large-scale data breaches in America’s markets, many view Apple Pay as the solution to insecure shopping. A key part in Apple Pay’s self-proclaimed safety arises from the system’s use of tokenization. This means that your credit card’s actual data is not stored permanently on your phone; rather, upon entering your information, it’s instantly converted into a completely separate, encrypted “token” system.

This is huge for three reasons:

1) Your credit card data isn’t stored on your phone

2) Your card’s data isn’t stored on Apple’s servers

3) Your data isn’t transferred to a store upon a transaction (rather, a different code is sent for each purchase)

These factors help prevent fraud in three-fold. Additionally, if you happen to lose your phone, you can immediately disable Apple Pay from your computer, further preventing anyone from gaining access.

New Security Issues Rising

However, there are still a handful of potential security frights surfacing. Examples include easy ways to bypass the iPhone 6’s fingerprint recognition system and the ability to access credit card data upon initial entry into the phone, among other concerns.

When the iPhone 5S was introduced last September, it took German hacking group Chaos Computing Club only two days to figure out how to bypass the fingerprint security checkpoint— all it took was photographing the user’s fingerprint from a glass surface. Thus, many hoped that the iPhone 6 would undoubtedly have stronger fingerprint security, but it has been discovered to be just as easy to hack as the 5S.

Others fear that the instance you input your card’s information into your phone is a point of vulnerability. They predict that hackers may be able to intercept the data at this instance, as it’s the one time that the data is in the phone without being tokenized yet.

Additionally, some believe the sheer nature of adding an additional system of communication (as is the case with NFC technology) could be another interception point, although Apple claims to have protections against a hacker’s ability to intercept data during the transaction.

So, while Apple Pay represents a new era of more secure payments, as with any new technology, there’s still the potential for interceptions. Neohapsis consultant Bob Doyle said it best in a recent eSecurity Planet article when he said, “Apple is certainly not immune to bugs, and it’s really almost inevitable that there are some in there.” Kaspersky Lab’s David Emm adds, “Efforts to subvert the system will certainly go on.”


Carmon Drummond, Director of Sales and Marketing, joined MainSpring in 2007 as a business consultant (after working as a General Manager for Spirit Accessories for almost a decade), followed by two years serving as a Retail Technology Advisor. MainSpring has provided NCR POS systems for 28 years, including Counterpoint expertise for independent retailers nationwide. She graduated from the University of Tulsa in 1999.