What you will see?
Are you scared to use your smartphone to pay for the things you buy? Find out whether or not it is safe to keep information about your bank cards in your phone.
Using your phone to pay for things
Apple Pay, Android Pay, and Samsung Pay have been working for quite a while already but there are still people who are afraid to pay for purchases with the phone. They worry that the data of their bank cards can get to third parties and lead to losses in the accounts. Let’s see how everything works in reality.
The mechanics of mobile payments is very easy – the cashier names the price and the buyer takes out a smartphone from his pocket rather than a bank card. Then you either need to take a fingerprint, or show the face to the front camera, or just enter the password, after which the gadget will approve the purchase.
Then, you need to lightly touch the terminal and done – money is instantly written off, and the cashier issues you a check.
Why is it more convenient than paying with a card?
First of all, you do not need to get anything out of your wallet – you can just take out the phone, which is always at hand.
Second of all, entering a PIN-code is extremely rare but with PayPass there is a limit of password-free purchases. In addition, the cards without PayPass are still used as well when you need to enter the pin code for every transaction you make.
Hundreds of thousands of people have already mastered and appreciated Apple Pay, Android Pay, and other similar systems. However, there are those who are sure that these cards can get to either the manufacturer of the smartphone, or to the operator, or even hackers, who will instantly devastate the account.
It’s time to tell why these phobias are groundless. The most logical way to explain the scheme is using the free writing samples about Apple Pay.
Using Apple Pay
Apple cooperates with banks, which set up the procedure for data exchange. Not every card can be connected to Apple Pay – it all depends on the banks. The companies from Cupertino have no control over the processing of the transaction at all. Representatives of Apple only agree that the tokens generated by them will be accepted by the bank as valid confirmation of payment. Tokens in this context are one-off packets that are created on an NFC chip and contain information about the transaction (time, amount, encrypted keys).
The only one who receives the card data during the first launch of Apple Pay is the bank that just released the card, which confirms it when starting up.
The card number is used only once (during configuration) and then is not stored anywhere else. On a separate chip (Secure Element in an NFC chip), a specially generated account number (Device Account Number) is recorded in an encrypted form, which, even if it is evicted and decrypted by intruders cannot be used at all. You cannot steal money with it.
At the time of payment, not the card data is sent to the terminal but the generated token, which must still be confirmed by the bank. Again, information about the card at this moment is not received at all – no access to it including that of Apple. By the way, on the side of banks there are quite advanced systems for recognizing suspicious transactions that will block the writing-off of funds if something goes wrong.
If you still doubt, listen to this – everything described above occurs also when paying through PayPass but there the token is generated by the chip inside the card, not the smartphone.
Here, everything happens on an isolated chip inside the device, and token generation is possible only with confirmation by a biometric sensor or password.
Therefore, if you need total security, it is better to trust NFC-systems – they are at least no less reliable than classic contactless cards. And in fact – even more reliable due to biometric sensors.