September is the month when Apple traditionally unveils its newest-generation iGadgets, and the offerings this time around include the iPhone6 and an iWatch or “smartwatch” (basically a smaller iPhone worn like a wristwatch).
However, the real buzz so far does not involve the gadgets themselves, but a standard feature both offer: the ability to not only make payments with your mobile device (as opposed to a credit or debit card), but to make payments that are supposedly more secure than traditional American credit card purchases, thanks to the process of “tokenization.”
On the other hand, privacy advocates understandably have qualms about the idea of tying yet another vital aspect of daily life (buying and paying for things you need or want) to a hackable and NSA-accessible device that already has the ability to monitor everyplace you go and overhear everything you say.
Apple already included a fingerprint scanner on last September's iPhone5S. As with all such innovations, it includes equal parts increased security and increased security risk: greater security, in the sense that any thief would find stealing and copying your fingerprint much more difficult than stealing and copying your Social Security number, bank-account information or other presumably “confidential” data about you, plus the increased security risk of yet more personal information about you for a thief to find after breaking into the secure database where it's stored.
(Not to mention that if or when this happens, you can always change your bank or credit card account numbers, and even get a new Social Security number if you're willing to put some money and effort into it – but changing your fingerprint is a completely different ballgame.)
Next big thing
That said, tokenization has nothing to do with fingerprints or biometric identity. Right now, tokenization appears on track to be the Next Big Thing in electronic-payment security; earlier this week, the Americn credit card industry announced plans to introduce tokenization to fight back against the epidemic of hackers breaking into corporate databases, filching customers' “confidential” financial information, and using those to steal enormous sums of money (last year's security breach at Target alone was estimated to cost financial institutions over $200 million in losses — as of last February. The amount may have increased since then.)
Basically, current American electronic payment systems work like this: you, the shopper, have a credit or debit card with a unique account number which (in theory) is only known by you. In practice, of course, that account number is known to you, your credit card company, and every single business, financial or government entity where you used your credit card to pay for something.
Eventually, at least one of those business, financial or government entities will get hacked, the hackers get your confidential information, and then they either use it to pay for their own spending spree, or sell it to an identity thief who then does the same thing.
Tokenization is supposed to simplify matters: when you use your credit card to buy merchandise, the merchant does not get your personal account information. Instead, the merchant gets a “token” – a long and unique string of numbers – and uses that token to verify your data with the credit card company before giving you (or the identity thief posing as you) the merchandise.
With tokenization, credit card companies still must protect against the risk of hackers breaking into their database, but that is much easier than our current system, where the companies must merely put their faith in the database security of every merchant who accepts their card.
The new Apple products with their mobile payment options are expected to do essentially the same thing while bypassing the credit card companies.
The mobile payment system has this in common with credit cards: they're not strictly the equivalent of cash, which anybody can collect and spend; you can only accept credit-card payments if you have made arrangements to do so with the credit card company. The same will hold true for Apple mobile payments, with the additional wrinkle that the number of businesses currently accepting Apple is far less than those who will take MasterCard, Visa or Discover. (Of course, if you buy anything in Apple retail stores, you can defnitely use your iPhone to pay for that. CVS and Walgreens have also agreed to accept Apple mobile payments.)
Though the number of businesses accepting mobile payments in general is almost certain to increase. Apple's is not the first non-credit-card mobile payment system: Google Wallet and Softcard have already pioneered the field.