Wallet no more: How the tech behind Apple Pay can change our lives

Despite the fact that it is, at least so far, a U.S-only affair, I think it's fair to say that Apple Pay has become a rousing success. With dozens of partner banks, thousands of merchants, and millions of credit card enrolled in the program, the folks from Cupertino seem to have pulled off a feat that has, so far, eluded every last one of their competitors: Creating a digital wallet that is as easy to use and widely accepted as the traditional payment methods it replaces--and much more secure at that.

Look beyond payments, however, and the interlocking puzzle of hardware and software that Apple has busily built into its devices over the last several years reveals all kinds of exciting new possibilities.

Location, location, location

Ever since its introduction, the iPhone has been capable of determining its location anywhere in the world with GPS, and of communicating with other computers over wide areas using cellular and Wi-Fi networks.

With the arrival of iOS 7, however, the handset's range of awareness started to get smaller: Bluetooth Low Energy allows iPhones to determine their location within a building or a room, and talk to other devices, like iBeacons, at a distance of a few feet.

Enter the iPhone 6, which incorporates a technology, called Near Field Communication (NFC), that is designed to work within a range of a few inches. At that distance, things immediately get very personal in nature--a necessity if you're trying to conduct a secure payment transaction like Apple Pay does.

But this technology could be used for much more, from unlocking your car and front door to helping you make sure that you're taking the right medication. Imagine walking into the cafeteria at your office, waving at a coffee machine and getting exactly the kind of hot beverage that you like; or, perhaps, a less mundane example: Imagine walking into a hotel room--which you unlocked via NFC--and finding everything from the lighting to the temperature automatically customized to your liking.

The best part of NFC is that it is not proprietary; rather, it's an open standard that has existed for decades and that is already widely in use in applications that range from office access to border control. In fact, you can buy passive NFC tags, which do not require a battery, for mere pennies over the Internet, and active communications are supported by all kinds of devices that are already on the market. Apple has just given the technology the kind of broad adoption and appeal that it needs to become mainstream among consumers.

Your heart on your sleeve

Consider now what happens when you add an Apple Watch to this mix.

For all intents and purposes, the "watch" part of the company's upcoming wearable device is little more than a pretext to outfit every user with a computer designed to be with them throughout their entire day. If the smartphone liberated the computer from office and home, the watch could well liberate it from the pocket and place it on our wrists, where it would follow us everywhere we go.

Like its phone counterpart, of course, the Apple Watch is also equipped with both Bluetooth and NFC radios, which allow it to detect its position inside your home (or your office), and talk with the appliances and devices around you. The same wave of the hand that will soon make Apple Pay purchases possible could well be used to control your connected home, give you access to your office, and generally customize the world around you as you walk through it.

Ultimately, the Apple Watch's truly personal nature could result in a huge number of applications we haven't even begun to think of. Imagine, for example, walking down the aisle at the supermarket and being able to find everything about the products you come across simply by flicking your watch at them. Perhaps, if you're diabetic, the device could help you figure out whether a particular kind of food is appropriate for your diet. Or, if you're visually impaired, it could help you figure out what you're about to buy. And, if you're unsure where the butter is located, it could discretely guide you to the appropriate location using haptic feedback to tap your wrist.

Yes, it's really me

When dealing with a new technology, it's always easy to get caught in the excitement of all the positive changes it can bring to our lives. It's also true, however, that just about any piece of new tech can be perverted for all kinds of evil purposes, and this is most likely the case with things like NFC and Bluetooth. With a watch on your wrist, you're basically a walking and talking radio--a dream come true for anyone who wants to track your movements, regardless of their intentions

Luckily, Apple has a solution to this problem already in place with Apple Pay: Touch ID. By requiring biometric identification before allowing any transactions to take place, the company has created a mechanism that keeps your privacy and security intact--not only against theft of your handset, but also against bad actors who try to wirelessly siphon data out of it without your consent. (The Apple Watch will offer similar functionality by "forgetting" your payment data whenever you take the device off your wrist.)

Touch ID is Apple Pay's killer feature. With the traditional passive NFC chips that you can find on credit cards and the key fobs that many of use to gain access to our offices, and even the active radios that have been integrated in many Android phones for the last several years, there is no way to truly know when information leaves your device. Touch ID's biometric functionality adds a requirement of physical interaction that makes storing everything from your driver's license to your house key on your handset a no brainer.

The devil and the details

Even with all these great possibilities on the horizon, it may be years before the technology that makes Apple Pay possible gains new and exciting uses.

For one thing, Apple is keeping the NFC chips inside late-model iPhones to itself, without giving third-party developers the ability to access and use them. This probably makes sense from a strategic perspective, but it clearly limits the usefulness of this feature when it comes to other applications. And, as my colleague Glenn Fleishman recently noted in his security column, Touch ID itself is not without its potential problems.

Perhaps more importantly, there is an element of trust required for more mainstream uses of these technologies that I don't think the company has quite earned yet. While I appreciate Tim Cook's commitment to privacy, as I noted in a recent article about HealthKit for Macworld, Apple needs to extend this attitude to third parties as well, and prevent them from trying to get their hands on my data every time they can.

Still, as time goes forward, I have no doubt that the infrastructure that the folks from Cupertino have built to power Apple Pay barely scratches the surface of what will be yet another revolution in our relationship with mobile--and wearable--devices, and I can't see where things take us.

Join the CSO newsletter!

Error: Please check your email address.

Tags NFCApplesecurityApple Pay

More about AppleNFC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Marco Tabini

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts