Is Apple Pay better than other digital wallets in terms of security and privacy?



Apple Pay is a payment platform and mobile wallet provided by Apple, and by setting up a credit card or electronic money in advance, you can make payments by simply holding your iPhone or Apple Watch over the device. Apple Pay is sometimes said to be safe because it does not store credit card numbers on the device, but is it really better than credit cards and other payment methods in terms of security and privacy? Designer and YouTuber Matt Birchler explains.

Digital wallets and the “only Apple Pay does this” mythology
https://birchtree.me/blog/digital-wallets-and-the-only-apple-pay-does-this-mythology/



'Apple Pay via Wallet obfuscates the actual credit card number, which retailers are notorious for tracking customers to, much more than using the credit card itself,' Apple enthusiast John Gruber wrote on his blog . 'If a bank or credit card company is given access to near-field communication (NFC) touch payments, it is unlikely that they will obfuscate credit card numbers on their own.'

In response, Mr. Birchler said that 'obfuscation' in this context means that Apple Pay does not use 'Funding Primary Account Number (FPAN)', which is the actual credit card number, but rather 'Device Primary Account Number (DPAN)', which is a payment token. )' is used.

DPAN is like a domain that corresponds to an IP address, and Apple Pay does not store the actual credit card number on the terminal, but uses DPAN, which is a substitute for the card number, to make payments. . DPAN is issued for each device and card combination, so even if the same credit card is used, iPhone and Apple Watch use different DPANs. As a result, even if DPAN is leaked from a device that uses Apple Pay, the thief will not be able to make payments using DPAN. Therefore, Apple Pay is said to be more secure than an actual credit card.

However, Birchler points out that the use of DPAN is not limited to Apple Pay, but is a standard feature of digital wallets around the world. Google Pay and Samsung Pay do exactly the same thing, and it can't be said that only Apple Pay is particularly good. For most merchants who have no intention of abusing credit card numbers, ``handling the customer's real credit card number'' is just a risk, and payment processing using DPAN is better. .

Also, Mr. Gruber claims that banks will not want to use DPAN, but in fact, most banks that provide digital wallets use DPAN to protect users' credit card numbers. In fact, Paze , a mobile wallet launched by major banks such as JPMorgan Chase and Bank of America, uses DPAN and sells itself by not sharing the actual card number with merchants. I'm doing it.



One of the advantages of Apple Pay is that ``DPAN changes for each merchant.'' This prevents data brokers from obtaining transaction data from various merchants and collating DPAN to understand the shopping trends of a particular user. However, since the same DPAN is continuously used for transactions at the same merchant, it is possible for a particular merchant to construct a user's shopping trends from past transaction history.

Birchler also pointed out that although he sometimes sees claims that ``Apple Pay protects users' personal information,'' this is not true. Mr. Birchler used a test merchant account he actually owned to perform Apple Pay payments and test what personal information was passed to the merchant.

The screen that the seller actually sees is below. Birchler explains that when making an Apple Pay payment, information such as the buyer's country, card brand, name, address, and email address is provided to the seller. Please note that part of the image is mosaiced because it contains the actual billing address and email address. 'Basically, when you make a payment and an Apple Pay card pops up, expect all of the card information to be sent to the merchant, which the merchant wants or needs to collect,' Birchler said. 'You choose your personal information and Apple Pay doesn't prevent you from asking for it at checkout, just like how other digital wallets work.'



While Apple Pay isn't better than other digital wallets, its use of DPAN makes it difficult to track purchasing activity across merchants, making it more difficult to track purchases across merchants, making it more difficult to track purchases across merchants, and to protect credit cards from credit cards if transaction information is compromised. does reduce the risk of being exploited, Birchler said.

◆Forum now open
A forum related to this article has been set up on the GIGAZINE official Discord server . Anyone can write freely, so please feel free to comment! If you do not have a Discord account, please create one by referring to the article explaining how to create an account!

• Discord | 'Which payment method do you mainly use for electronic payments?' | GIGAZINE
https://discord.com/channels/1037961069903216680/1222839228371697664

Related Posts:

in Software,   Web Service,   Security, Posted by log1h_ik