Dollar Scholar Asks: Is Apple Pay Safe?
This is an excerpt from Dollar Scholar, the Money newsletter where news editor Julia Glum teaches you the modern money lessons you NEED to know. Don't miss the next issue! Sign up at money.com/subscribe and join our community of 160,000+ Scholars.
You know how some people like to claim they were quote-unquote “born in the wrong generation” because they prefer vintage fashion and classic pop culture? A recent trend on TikTok dismantles that belief.
“I was definitely born in the right generation,” users say, before listing perks of modern life: having nine ear piercings, watching Pedro Pascal edits, taking photos in 0.5x, et cetera.
Personally, I agree that I was born in the correct generation — especially when it comes to my iPhone. I enjoy changing the name of my group chats in theme with current news events. I take pleasure in falling asleep every night to the glow of Instagram. And I absolutely love being able to buy a Coke Zero at the store with nothing but my phone.
Even bodegas have started to take Apple Pay, a contactless mobile payment service that’s exploded in popularity over the past few years. All I have to do is wave my phone near the credit card terminal and I’m on my way. In fact, it’s so ridiculously convenient that I’m becoming skeptical.
Is Apple Pay safe?
“Nothing is 100% secure in this world,” says cybersecurity expert Travis Taylor. But Apple Pay comes pretty close… at least from a nefarious-people-stealing-my-financial-information standpoint.
Setting up Apple Pay involves entering my credit and/or debit card numbers, but neither my phone nor the company stores those full numbers anywhere. Instead, Apple Pay relies on tokenization. It basically replaces my card number with a different number it can use to confirm that my payment is valid during each transaction.
That provides built-in protection. When tapping to pay at the store, “you're not actually handing over your credit card number to the merchant,” Travis says, and that “in and of itself can intercept a whole lot of credit card fraud.”
It also negates the risk of skimmers, which are common devices that sit on the outside of payment terminals and steal card numbers with every insertion. No card number, no problem.
In order to use Apple Pay, I must have a passcode set on my phone — Face ID and/or Touch ID are optional. Taylor says the latter two are pretty secure because the difficulty of manipulating biometric information will deter the average thief.
I’d better have a complex, hard-to-guess password, though: “If someone steals your phone and your passcode is 1111, they can be off to the races,” he adds.
Viviana Wesley, principal consultant at HALOCK Security Labs, tells me that if I’m going to use Apple Pay (or Google Pay, the Android counterpart), I should follow best practices for identity protection. I might even want to create a failsafe, like turning on the feature that allows me to pause Apple Pay and wipe my data if I lose my iPhone.
Although Apple Pay may be all but airtight from a cybersecurity perspective, there is a major con when it comes to privacy. I’m handing over “quite a lot of information” to Apple, Taylor says, including my name, my bank and what I'm buying.
On its website, Apple swears it “doesn’t store, sell or use any of that information,” but Taylor — a co-host of the podcast What the Hack with Adam Levin — is skeptical. He compares it to telling a friend that I won’t sell the contents of a diary if she'll just hand it to me. I might not sell the gossip, but I’m obviously going to read it.
With my payment data, he says, Apple is able to build a “reasonably-sized portfolio” on my behaviors. Apple is a relatively safe company, but even still, “you’re really just kind of handing them the keys to your house,” Taylor adds.
Aside from privacy, perhaps the biggest risk with Apple Pay involves my shopping habits. Faster checkout means less consideration about whether I truly need whatever item I’m buying. I’m also not able to physically see the cash in my wallet dwindling, reducing the pain of paying.
“Using a credit card has always been problematic that way: The spending is invisible,” says Lisa Lee Freeman, a shopping and consumer expert. “This supercharges that ... you don't even need a wallet, you don't need a credit card, you [just] tap your phone.”
Add that to the fact that Apple has now introduced a buy now, pay later feature that lets me split purchases into four payments over six weeks à la Affirm, furthering the temptation to overspend. As Freeman puts it, Apple Pay “makes it not only super easy to buy things but [also] to buy things even if you don’t have the money for it.”
The bottom line
Apple Pay is everywhere — it’s now accepted at some 85% of retailers in the U.S. — and it’s largely secure. If I have a strong password and use biometrics, my phone will be well-protected.
The major downsides of Apple Pay are 1) that I’m willingly giving a tech corporation a ton of data on myself and 2) it makes it easier to spend money willy-nilly.
“Apple Pay is great, but it's also something you need to be in control of and have some discipline about,” Freeman says. “It's hard to save when it's so easy to spend.”
More from Money:
How the Apple Card's New 4.15% APY Savings Account Compares to Competitors
Is It Risky to Give My Phone Number to Stores and Restaurants?