CAUTION : Cybercriminals are eying Apple’s recently-launched digital payment solution Apple Pay, according to top cyber security solutions firm Trend Micro as mentioned in TOI
“It’s safe to assume that as early as now, the bad guys are already looking for vulnerabilities to exploit in Apple Pay. They will continue to scrutinize NFC (Near Field Communications) as well,” Trend Micro said.
Trend Micro said though it is yet to see actual attacks and attempts to breach Apple Pay ecosystem comprising of NFC and Passbook (which holds users’ card information), cybercrooks used the latest iPhones as social engineering bait two months before they were even launched.
About Apple Pay
Apple Pay is a mobile payment service that lets certain Apple mobile devices make payments at retail and online checkout. It intends to digitize and replace the credit or debit magnetic stripe card transaction at credit card terminals. The service lets Apple devices wirelessly communicate with point of sale systems using a near field communication (NFC) antenna, a “dedicated chip that stores encrypted payment information” (known as the Secure Element), and Apple’s Touch ID and Passbook. The service is compatible with the iPhone 6, iPhone 6 Plus, and the Apple Watch. Users with iPhone 5, 5C, or 5S can use the service through an Apple Watch, though the watch lacks the added Touch ID security. By default, Apple Pay is disabled, and the owner must enter a code to enable Apple Pay after putting on the watch. The watch’s sensors will then ensure that it is still being worn by its owner. If the watch is removed at any point, then Apple Pay is disabled again.
The service has begun initially only for use in the US, with international roll-out planned for the future.