On Tuesday, Apple announced its "wallet killer" product, Apple Pay. The idea is this: Instead of using a wallet and credit cards, Apple will make it very easy to buy stuff from, for now, a select group of partners using one of the new iPhone 6 models.
But there are already questions being raised about the security of the tap-and-pay service, even as Apple pitches the product as exactly the sort of thing to protect user and corporate data even better.
On The Washington Post's Apple liveblog, Brian Fung summed up the advantages of a mobile payment system, writing:
It’s hard to look at Apple Pay, the mobile payments system that Apple just unveiled, and not think about all the retail data breaches we’ve heard about this year. Not only is Apple designing a system that gets rid of the need to expose your credit card number, but Apple also nodded at the U.S. government when it said that it won’t ever store any transaction information.
Since Apple Pay doesn't launch until October, everyone's still trying to work through the details of how, exactly, Apple Pay will work (the company has a basic rundown on it at its Web site, here). But there's one idea the company really, really, really wanted to sell on Tuesday: The system is an advancement for data security, rather than a risk.
The pitch, essentially, is that Apple Pay will allow iPhone 6 owners to purchase items and services with a tap of their phone on a device installed at their partners' check-out lanes, without either the cashier or Apple knowing or storing their credit card information or purchase history. Each time a Pay purchase is made, the system will use a different, one-time-use account number and security code.
During the Tuesday presentation, Eddy Cue, Apple's senior vice president of iTunes and cloud services, said that even the device-stored payment information should be safe in the event of theft. "If your iPhone is lost or stolen," he said, "you can use Find my iPhone" to find and erase payment data from the device.
Cue added that the full card number wouldn't be on the device, meaning that Apple is willing to claim at this early stage that stolen phones wouldn't require users to change their credit card numbers.
That's a lot of confidence. But there's a reason Apple Pay is making some people nervous: A recent string of data breaches, including at Apple's seperate iCloud service, have thrown into question just how secure electronically stored private data really is.
Among other recent data breach victims? Multiple Apple Pay partners.
Even though it's worrying to think about entrusting those previously breached companies with a brand-new payment system, Apple seems to be implicitly saying that Pay could have prevented exactly those sorts of breaches for its users by removing the problem of giving those businesses credit card data in the first place.
With that in mind, here are some of Apple's new Pay partners who have recently been hacked:
Target. In December of last year, Target announced that it was the victim of a massive data breach that compromised the data of as many as 70 million customers and the credit card information of as many as 40 million. The Secret Service now estimates that the type of malware used to access that data might be compromising more than 1,000 U.S. businesses.
Staples. The office supplies company was apparently the victim of a malware breach in 2013, although Staples officials have remained quiet on the extent of that breach or what information was taken. And in 2011, the Canadian wing of the company was investigated by the Canadian government for, among other things, allegedly reselling hard drives containing customer data.
McDonalds. In 2010, stolen information from a database of consumers who signed up for promotions disclosed the names, addresses and other personal information of an unknown number of consumers. The company emphasized that the breach had nothing to do with how its credit card information was stored.
Disney. In 2007, a Disney subcontractor was caught selling credit card numbers and other customer data from the Disney Movie Club to undercover federal law enforcement agents.