![\"New-iPhone6](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/09\/05111630\/New-iPhone6-1-1.png\")
<\/a><\/p>\nApple Pay (yes, it seems the company is getting rid of that \u2018i\u2019 prefix now) is a mobile payment system, which combines the principal of providing transactions with some interesting technological solutions. NFC, Touch ID, Passbook \u2014 everything here works together to make your shopping more comfortable and secure. At least so the keynote told us.<\/p>\n
So, how does it work? Actually pretty much the same way as PayPass or PayWave cards do: all you need to do is just hold your NFC-enabled payment device near the reader for a moment and then confirm the transaction. In a case of a credit card it is a PIN code, but Apple Pay uses the new iPhones\u2019 Touch ID scanner which you need to hold your finger on while making a payment.<\/p>\n
To make it work first you need to scan your credit cards with your iPhone so all the info like card number, expiration date and such stuff goes right to the Passbook application. And then comes the most interesting and complicated part of Apple Pay technology. Instead of using your actual credit or debit card numbers during the payment process, a unique Device Account Number is used. Once created, this kind of token is assigned to a device, where the card information is, and securely stored (encrypted, of course) in a dedicated chip in the new iPhones and Apple Watch. So you pay with a non-identifiable special code, not with your real credentials.<\/p>\n
Such approach is good for at least two reasons. First, neither a shop, nor a criminal (who can try to intercept the data) could get your credit or debit card information during a transaction. In the worst scenario an attacker could have only a token number. Second, even if the number is compromised, it\u2019s worth nothing, because it works only when transmitted from the specific device which this number was created on. If the device is stolen, then comes Touch ID protection. In any case, there\u2019s always the Find My iPhone service, which you can use to lock your iPhone or even wipe all the info from it, including card information, so you won\u2019t need to lock your credit cards or bank accounts to protect your money from being stolen.<\/p>\n
But is this system really secure? Dmitry Bestuzhev, an expert from Kaspersky Lab, says there\u2019s a problem: \u201cTouch ID doesn\u2019t always work properly. That\u2019s why Apple allows you to enter a PIN. For example, when your fingers are wet the Touch ID may not wok. The same shortcut scheme may be abused by cybercriminals while authorizing payments.\u201d Keeping in mind that paying with Apple Watch doesn\u2019t require any extra interaction, chances are that your devices may be used without your permission to drain your bank account.<\/p>\n