Mobile Payments For Safety And Privacy: A Look At Apple Pay And Google Pay

Apple Pay

Discuss about the Mobile Payments for Safety and Privacy of Apple Pay.

Mobile payment which is also known as mobile wallet, mobile money transfer, as well as mobile money, usually refer to transactions done under financial regulations and done via or from a mobile gadget (Rackley III, Porter, Rickman, and Cochran, Qualcomm Inc, 2013). There are several mobile money services that are currently available in existence, and the variances among them might get murky and confusing. Mobile payment services are growing every year and they are truly our future. This paper will look at Apple pay and Google pay, look at how each of them works and the persons who are legible to use them. 

Apple Pay provides secure, confidential, and easy electronic transaction services using iPad, iPhone, Mac, and Apple Watch. Other than Apple gadgets, what is required in addition is the recent version of Apple’s Wallet app, MacOS or watchOS, iOs, as well as Apple ID engaged to iCloud. When one receives cash, it is directed to his/her Apple Pay money card that is found within the Wallet application (https://www.business.com). It is easy to start using money immediately after reception to purchase anything through Apple Pay in apps, in stores, as well as through online. Apple Pay money balance can as well be to the owner’s bank account (Chin, 2015). After purchasing anything using Apple Pay, receipts are stored in Wallet apps, however the transaction details are not kept elsewhere. Each transaction made through Mac, iPhone, and iPad requires authentication through passwords, Face IDs, or Touch IDs.  Unique passcode is used to protect the Apple Watch.

User Authentication: The user is required to authenticate on the gadget to make a transaction (Chin, 2015). Authentication is done through the TouchID (fingerprint identification sensor) or through PIN number keying in a watch (AppleWatch).

Device Authentication: All Apple Pay transactions produce unique value, which make sure that the transactions are done through authorized devices (Chin, 2015). The unique identifier together with the cryptogram as well as the token applied to approve the transaction make sure that even when tokens are stolen it cannot be applied from a different gadget since the token should originate from the gadget it was authorized to.

When a transit, prepaid, credit, or debit card is added to the Apple Pay, data that entered on the gadget is encrypted as well as sent to the Apple servers.  

Authentication

When one make transaction, Apple Pay use device-specific numbers as well as unique transaction codes. Hence the card code is not stored on the Apple servers or on the gadget, and when payment is done, the card number is never shared with merchants by Apple. Keep customers transactions private. When payments are done with credit or debit cards, Apple Pay do not retain transaction details that might be held back to the customer (Abulafia, and Cohen, Jumio Inc, 2016). After transacting through Apple Pay Cash, transaction details is kept only for regulatory purposes, fraud prevention, as well as troubleshooting. Debit and credit cards as well as Apple Pay Cash are within the Wallet application together with rewards cards, tickets, and boarding passes. Apple Pay functions with most debit and credit cards from almost all banks in America. All it needed is to add a participating card to the Wallet and continue to receive all the benefits and rewards of the cards.

For online transactions, merchants only get information that the client approve to share for fulfilling his/her order including; shipping and billing addresses, customer’s name, and email address (Randazza, and Portal, National Payment Card Association, 2013). Applications using Apple Pay should have privacy policies that can be viewed, which keeps customer to be the controller of his/her data.

1. The device is placed near the NFC paying terminal by the user. When card is selected its DAN number (token number) is added into the Secure Element (SE).
2. Information is sent to the bank which is the acquirer.
3. DAN number is received by the acquirer, however not informed if it is a token or valid PAN.
4.  The payment system will sense it is a DAN and not real PAN, then the number will be forwarded to the Token Service Provider (TSP) sending the real PAN to issuers.
5.  The issuer will authorise or deny the transaction is authorized or denied by the issuer and notification will be sent to the acquirer, and then back to the merchant 

Google Pay integrates Google Chrome’s auto-fill feature. When using Google Pay app, it is easy for the user to utilize the payment details saved to the Google Account hence it is possible to speed thru checkout. Customers are able to add most gift, credit, and debit cards into the application (https://developers.google.com). All loyalty cards can be stored to help customers in maintaining reward points.

Google Pay employs NFC (Near Field Communication) technology, which allow customers to transmit the credit card details between the card reader and the customer’s mobile phone (Fisher, Blaze Mobile Inc, 2013). When the merchants accept Google Pay in their business and have matching card readers, customers simply hold their mobile phones near the card readers while their phones are open.

Google Pay app is the simple, fast, method to transact with Google web, and in stores. It is easy to start, a card is only added once from a bank that is participating. Online transaction is as fast as just a click.  Each non-rooted Android gadget can access Google Pay. It is not a must that customers remember all their card information or fill endless documents on their phone. As an alternative, it transact with a number of clicks and use more time checking in, and less time checking out(Fisher, Blaze Mobile Inc, 2013).  Missing out in terms reward chances is the contrary to the fun that is the reason why customer still receive all the similar protections and perks of his/her physical card when using Google Pay.

Encryption

Like each and every Google product, Google Pay app have got strong security safeguards at its center to automatically and continuously safeguard customers’ accounts as well as personal information from safety threats. When a customers pay in stores, encrypted numbers are shared in place of customer’s real card information with the trader. It also means that, it’s got customers back so his/her real card information remain secure (Confidential). Instead of utilizing real credit card numbers as well as other personal details, Google Pay is expected to utilize a simulated account number that will make sure customers’ personal details are safe on their phone (Laracey, Paydiant Inc, 2013). If a customer lose his/her phone or it is stolen, he can lock his phone easily, construct a fresh password or fully wipe all transaction details until he recover the phone.

Google Wallet safeguards payment identifications by keeping user information on safe servers as well as encrypting all transaction details with company-standard secure socket layer (SSL technology).

Google Pay has several options of authenticating users before payments. Google Pay takes fingerprint verification (not supported by default), pattern, PIN code, or password to authenticate transactions. 

Transaction tokens are added on the gadget in advance, prior to the transaction. Tokens are occasionally recovered from Google server if connectivity is accessible.

Since HCE presumes that every information kept on a gadget is susceptible (like if the device is compromised by malware or stolen) it keeps the card crucial information on databases held in a safe cloud environment. Preventing unauthorized accessibility to HCE is influenced by the following four safety pillars: tokenization, limited use of security keys, gadget fingerprinting, as well as transaction risk study.

Threats as well as Vulnerabilities

Mobile Payment Apps Users Threats

Through mobile phones personal as well as corporate usage are mixed. More information is gathered by Mobiles phones from customers, which could assist to execute sophisticated attacks. The attacks target users through phishing emails as well as social engineering via different communication networks (like email, phone, SMS) and information concerning the user present within the public territory (like search engines and social media).

Installation of rootkits11/malware can be enabled by drive, through downloading attacks leveraging like WebKit to roots level accessing, or through side-load of malware along semi legitimate or legitimate applications taken from some stores.

1. The device is placed near to the NFC POS
2. Information is sent to the bank which is the acquirer.
3.  The acquirer obtains the cryptogram as well as the token and transfer to the right issuer through the payment system that acts like a bridge between the issuer and the acquirer.
4. The real PAN will be requested by payment network from the Token Service Provider (TSP) and transfer it to the issuer for to the issuer for authorization.
5. The issuer should deny or authorize the payment and then send the details to acquirer, then back to the merchant. Which will in turn send it back to the merchant. 

• In both methods of payment, customers simply need to download apps on their smartphone.
• Apple Pay and Google Pay are becoming progressively popular and they are compatible with several trader card readers, banks and credit cards.
• In both cases customers can also keep all of their loyalty cards, helping them to retain reward points

Differences

• In case of Apple Pay, the recent version of Apple’s Wallet app, MacOS or watchOS, iOs, as well as Apple ID engaged to iCloud is all that is needed. Google Pay employs NFC (near field communication technology).
• When the merchants accept Google Pay in their business and have matching card readers, customers simply hold their mobile phones near the card readers while their phones are open. In case of Apple pay all transactions are made on the Mac, iPhone, or iPad requires authentication using Touch ID, Face ID, or the passcode (Laracey, Paydiant Inc, 2013). 

https://developers.google.com/android/reference/com/google/ android/gms/wallet/PaymentsClient

https://www.business.com/articles/google-pay-vs-apple-pay-vs-samsung-pay/

Laracey, K., Paydiant Inc, 2013. Mobile phone payment processing methods and systems. U.S. Patent 8,380,177.

Fisher, M., Blaze Mobile Inc, 2013. Conducting an online payment transaction using an NFC enabled mobile communication device. U.S. Patent 8,352,323.

Randazza, J.R. and Portal, D., National Payment Card Association, 2013. Payment system and methods. U.S. Patent 8,490,865.

Abulafia, D. and Cohen, E., Jumio Inc, 2016. Mobile phone payment system using integrated camera credit card reader. U.S. Patent 9,269,010.

Chin, D.H., 2015. Gesture based authentication for wireless payment by a mobile electronic device. U.S. Patent 9,082,117.

Rackley III, B.L., Porter, W.D., Rickman, G.M. and Cochran, K.L., Qualcomm Inc, 2013. Methods and systems for managing payment sources in a mobile environment. U.S. Patent 8,467,766.