Big banks vs ApplePay

Is the claim by Apple that consumers are not safe if they use anything else but Applepay on their iPhones?

This was the question that a great strategic thinker and advisory board member Ted Pretty put to me. And my answer… bunkum.

The ApplePay system is very secure. It uses tokens to verify identity and communicate with the banks to allow transactions, so in a way it is a step up in security from a standard card EFTPOS transaction.


But to say that ApplePay is the only secure way for a phone to talk to an EFTPOS device and the bank is just nonsense. Its tantamount to saying that every communication between any client and server is not secure unless it uses ApplePay… secure email? Safer with ApplePay, Secure web access… only secure with ApplePay…. it’s a sweeping statement that completely ignores the many proven secure technologies that are available to solve the phone to eftpos security problem.

Take Haventec Secure Wallet for example. To EFTPOS enable this highly flexible and secure technology, all you would need to do is secure the credit card details using a one time encryption and then pass the encrypted bundle through the EFTPOS device to the bank which decrypts the details and completes the transaction using the contained card information… the encryption key is then rolled to a new one and the bundle placed back on the user's device via direct communications with the user's device.

Using this solution means that your credit card is not stored somewhere on Apple's servers waiting for a hacking attack. Plus the bank doesn't have to sit around waiting for Apple to decide whether they are going to share their customer with them or not!

A flavor of the above could be easily set up so that the banks don't even need to run any new software on their networks, but that’s for another blog.

So in a nutshell, this Banks vs ApplePay issue is a pure case of Apple hogging the NFC capability of iPhones for their own gain. Banks are supplying secure transactions on Android and the room for advancement and higher security is not  the sole domain of Apple.

Copyright 2008-2014 Ric Richardson. Powered by Blogger.