Fingerprints, Apple Pay and Identity Theft Warning

On Sep 9th, CEO Tim Cook unveiled Apple Pay, along with the new iPhone 6 and iWatch. Apple Pay is a newly developed technology that utilizes a near field communication (NFC) to enable customer payments at the point of sale machine with fingerprint authentication. Credit card information such as card number, expiration date, and CVV number are stored securely in the iPhone and are transmitted directly to Visa, MasterCard, Discover, or American Express.

As Tim Cook demonstrated, holding an iPhone 6 near the contactless reader with one finger on the Touch ID is all customers need to complete a transaction. Although Secure is the word Tim Cook repeatedly emphasized in the announcement, some industry experts are skeptical and critical of the security underlying the system.

CEO of 5th Dimension Logistics Matanda Doss, expresses skepticism of the security involved in Apple Pay, noting that while NFC is a relatively mature and secure technology, the digital fingerprint technology embedded in Apple Pay is problematic and controversial. As an Apple spokesperson told the Wall Street Journal last year, Apple will not store images of fingerprints; instead it will store “fingerprint data” on the phone’s encrypted chip.[1]

Therein lies the rub. In 2013, it took hackers less than two days to defeat Apple’s new security mechanism.[2] Within the last nine months, there have been several severe data breaches among the most reputable retailers, leaving millions of card holders information compromised, and causing massive financial losses. If Apple itself was accused of overlooking its own security systems after the recent iCloud hacking incident, one can imagine the gravity of a scenario where fingerprint data is involved. [3] It is safe to predict that Apple Pay will be targeted in the foreseeable future, especially if the data can be used in the public domain for payments, access control, and more.

As a consumer this poses an enormous problem. Once your fingerprint (or any biometric data) is stolen, you can never get it back. Unlike a stolen credit card, you cant make a phone call and get a card replacement. The scope of how and when lost fingerprint data can be used is alarming. Today the black market offers stolen credit card numbers for roughly about $100 USD per card since buyers know there is a limited lifespan of the stolen card and the work quickly to exploit that window. The value of identification that never expires and can be resold is invaluable. As biometric systems become increasingly pervasive, the value of such information is likely to rise dramatically.

Does such news sound scary enough? Consumers also need to consider the implications of digitized fingerprints. For instance, The U.S. Citizenship and Immigration Service records fingerprints for the purpose of conducting FBI criminal background checks.[4] Hackers could use stolen digitized fingerprints to pass through borders, conduct criminal activity and frame the consumer for the crime.

Matanda Doss further notes: “Apple has always been a leader of innovation. We appreciate its effort to bring an easier and more innovative payment technology to customers. However, we believe there is nothing more important than customers payment information and personal information. As a result, we encourage customers to carefully using Apple Pay until it is fully analyzed to assure customer information security. Nothing is bigger than security.”

The 5th Dimension Payment Gateway was founded in 2006 to manage a private label card for the United States government. Since then the company has continued its pursuit of creating the best payment gateway systems in the world. Originally developed for the United States Armed Forces Exchange, 5th Dimension continues to exceed PCI Compliance standards. While most companies are reactive in dealing with cyber-attacks, 5th Dimension Logistics has been proactive about payment security, the handling of confidential information and online fraud prevention. The company says “the bottom line is that we are in the security business and our customers are relying on us to keep their payment data safe. With that mission in mind 5th Dimension enables our merchants to safely process credit cards and ACH transactions.”

For more information, visit:
http://www.5thdl.com

Notes:
[1] Ngak, Chenda: Should your fear Apple’s fingerprint scanner?: [http://www.cbsnews.com/news/should-you-fear-apples-fingerprint-scanner/ Sept 17, 2014

[2] Steinberg, Joseph: Hackers Claim to Have Defeated Apple’s Fingerprint Security: [http://www.forbes.com/sites/josephsteinberg/2013/09/23/hackers-claim-to-have-defeated-apples-fingerprint-security/ Sept 17, 2014

[3] [unattributed] 2014 Data Breach Investigations Report: [http://www.greycastlesecurity.com/resources/documents/Verizon_2014_Data_Breach_Investigations_Report.pdf Sept 17, 2014

[4] [unattributed] Fingerprints: US Citizenship and Immigration Services. [http://www.uscis.gov/forms/fingerprints Sept 17, 2014

Some of the links above are affiliate links to the retailer's site. That means we may earn a small commission from any sales.


Boost Infinite
Apple Store