JetBlue becomes first airline to accept Apple Pay: How safe is it?

Passengers aboard some JetBlue airways flights will soon be able to purchase in-flight refreshments via Apple Pay. The service has been touted as safer and more convenient than using a regular credit card.

Eddy Cue, Apple Senior Vice President of Internet Software and Services, demonstrates the new Apple Pay mobile payment system at a Whole Foods store in Cupertino, Calif., Oct. 17. JetBlue Airways announced Tuesday that it will soon accept Apple Pay for inflight purchases.

Eric Risberg/AP

February 10, 2015

Paying for in-flight snacks could soon be as simple as waving a smartphone.

JetBlue Airways announced Tuesday that passengers on select flights will be able to purchase their onboard food, drinks, and other goods using Apple Pay, a mobile payment and digital wallet service that allows people to use the latest versions of their iPhone, iPad, or Apple Watch to make purchases. All JetBlue flights are expected to accept Apple pay by June 2015.

Apple Pay was first launched in October 2014 and more than 1 million credit cards were signed up for the service in less than a week. Users can then pay for goods and services by waving their phone near an Apple Pay reader at checkout. The service has been touted as safer and more convenient than using a regular credit card.

Why many in Ukraine oppose a ‘land for peace’ formula to end the war

Apple is not the first to launch a so-called contactless payment service. Other companies, such as Google and LevelUp, have enjoyed varying degrees of success with their own versions but Apple has already pulled out ahead of the pack. Apple Pay already accounts for two out of every three dollars spent via contactless payments for the three major credit cards, according to Apple. While JetBlue is the first airline to accept Apple Pay, the company is confident that others will follow suit.

"Somebody else doing it always puts pressure on the other guy," Eddy Cue, Apple's senior vice president for Internet software and services, told USA Today.

Just months after its launch, 750 banks have signed up for Apple Pay, and a few dozen US merchants such as McDonald’s, Walgreens, and Whole Foods accept it. Whole Foods reported that mobile payments increased by more than 400 percent since Apple Pay launched, and Panera Bread says that Apple Pay makes up 80 percent of its mobile payments. A deal with USA technologies also recently made it useable at around 200,000 vending machines, kiosks, and parking meters

Apple Pay uses near field communication (NFC), a radio technology that allows smartphones to communicate with each other when in proximity, and touch ID, a fingerprint identity sensor. To sign up for Apple Pay a consumer enters his or her credit card details into the system, which then confirms the card with the bank. A unique Device Account Number, also known as a token, is then held in the secure element of the consumer’s device. All subsequent transactions are authorized using the token and a one-time dynamic security code.

The use of a one-time code is what makes Apple Pay safer than most other payment methods, the company says. Hackers are unable to scan and steal account details during a wireless transaction because transactions are validated using these dynamic codes. For every new transaction a one-time payment number and unique security code are generated. The same combination of payment number and security code are never used twice, rendering the information completely useless to hackers even if they were able to access it.

Howard University hoped to make history. Now it’s ready for a different role.

Meanwhile, Apple collects no purchase history, so the company has virtually no data stored about a consumer’s purchases.  And since no payments are made using a credit card number, retailers can’t see a customer’s name or card number when they make a purchase. In fact, credit card numbers aren’t even stored on the mobile device or in the cloud.

Moreover, the "Find My iPhone" service immediately suspends payments from a device once it is placed in “lost mode.” That means a customer’s credit card will no longer need to be replaced, even if their mobile is lost or stolen.

“Mobile payments have the capability to be far more secure than mag-stripe or even chip and pin credit cards, while being more convenient,” Catherine Pearce, a security consultant with Neohapsis, a mobile and cloud security services provider, told CIO, a publication for information technology leaders. “I mainly see the advantage as convenience, [but] one-time transaction tokens (like the ones used in Apple Pay) may make direct financial loss from breaches of merchants a thing of the past.”

Some companies, such as CVS, RiteAid, Wal-Mart, and Best Buy, disabled Apple Pay in their stores shortly after its inception in order to promote their own form of mobile payment.