Apple Pay Looks To Rate Highly On Security, According To FIDO Alliance’s Nok Nok Labs

Apple Pay, Apple Inc.’s mobile wallet system that opened for use on Oct. 20 in the United States, could score big on security and the system achieved critical mass at launch, succeeding where attempts by others have failed, according to a pan-industry alliance that’s building a password-less authentication framework.

Apple Pay opened for use for in-app purchases on iPhone 6 handsets and the newest iPad tablets, and at some 220,000 retail stores across America, supported by major banks and card networks. The wallet replaces a credit card, once its details are captured, with a unique number for encrypted transactions in combination with a fingerprint scan using Apple’s Touch ID feature.

“Apple, as always, has delivered a very smooth experience for the user,” Phil Dunkelberger, chief executive of Nok Nok Labs, told International Business Times on Thursday in an email interview.

Nok Nok is a founding member of FIDO, or Fast ID Online, an alliance that is developing a broad industry framework for stronger authentication than password-based systems. One of the applications of such authentication would be mobile payments. FIDO, a nonprofit, was started in 2012, and includes members such as Google Inc., Samsung Electronics Co. Ltd., Microsoft Corp, Alibaba Group Holding Ltd., BlackBerry Ltd., Visa Inc., Mastercard Inc. and Bank of America Corp.

Instead of building a product, the alliance aims to put together rules and specifications that any business or organization could adopt to ensure strong authentication without the help of passwords. For instance, memory sticks or near field communications, or NFC, devices that use the universal two-factor or U2F authentication standards recommended by FIDO are today available in the market, PC World reported. Google has said its Chrome web browser supports this standard -- currently the only popular browser to do so.

Apple Pay “looks to rate highly on usability, security and privacy – the model they have implemented for the creation and management of the biometric template for Touch ID is very similar to the FIDO Alliance and ensures the privacy of the user,” Dunkelberger told IBTimes. Apple Pay, with Touch ID now included on iPads, will also help to reduce the use of insecure passwords and boost FIDO-like authentication mechanisms, he said.

By bringing a significant number of banks and merchants into its ecosystem from the beginning it has created a compelling experience for in-app or point-of-sale payments, he said.

However, what remains to be seen is how much it would cost to increase the model's adoption rate. This is because, retailers who support payments via Apple Pay will still have to support non-Apple payment systems “so there is still that complexity in the marketplace,” Dunkelberger said.

"What Apple has been able to realize is an immediate experience: by building on the hundreds of thousands of credit cards already stored in iTunes and working with retailers Apple Pay had a critical mass on launch that had been beyond some of the other efforts, which lacked the same integrated infrastructure," Dunkelberger said.

Given the strong initial sales of the new iPhone 6 models, which are the only ones on which Apple Pay is available right now, along with the latest iPads, it seems reasonable to expect that the initial uptake will be good, he said.

“What happens next depends on Apple’s ability to roll it out to additional geographies and retailers.”