Apple Pay: A New Way to Pay

Matt Getzelman, PCI Practice Director

Every September, Apple announces exciting new products that promise to change how we interact with not only our devices, but with the world around us. 2014 has been no exception; in San Francisco this morning, Apple announced the iPhone 6, Apple Watch and Apple Pay. Even though I’m excited about the capabilities and features of the iPhone 6 and Apple Watch, I’ll leave those blog posts to the consumer phone experts.

Apple Pay combines the iPhone 6’s Near Field Communications (NFC) capabilities with “Secure Element” chip technology, thereby creating a  device-enable mobile wallet. Apple Pay will be supported by 6 U.S. banks at launch, and users will be able to add their AmEx, MasterCard and Visa payment cards. 220,000 merchant locations will accept Apple Pay, including Macy’s, Bloomingdales, Walgreen’s, Duane Reade, Subway, McDonald’s, Panera Bread, Whole Foods, Staples, The Disney Store, Uber, and Groupon and of course, the Apple Store.

This is going to change the Payments Industry as we know it, right?

Maybe. There will certainly be consumers making in-store payments with their new iPhone’s. There will also be plenty of consumers who want to use their iTunes accounts for online transactions. However, it’s going to be a long time before such payments fully replace the card swipe or current online checkout processes. It will also be difficult for some industries and merchants to adopt this new form of payment. And, since Apple Pay is only offered on Apple’s newest devices (iPhone 6 and newer), users of older iPhones and Android devices will be unable to take advantage of this new payment method.

The announcement is exciting and holds significant promise. But, we don’t expect it to fully replace current forms of payment anytime soon.  As an industry, we are still going to need the PCI DSS, robust security programs and scope-reducing technologies like point-to-point encryption to protect traditional cards.

Matt Getzelman


Matt Getzelman — PCI Practice Director

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS