Wearable Payment Methods and Identity Theft

With the advent of Apple’s new Apple Watch and its ability to pay for products wirelessly, privacy concerns are already being raised. See Brian X. Chen & Steven Lohr.  The watch makes payments even faster and easier than before. While proponents of these devices tout the security of these devices, criminals will assuredly find ways around it.

A similar situation occurred when RFID tags were first introduced on credit cards. It was seen as another easy way to pay and was thought to be secure because the card holder would still possess the card like they always had. With it, however, came inventive thieves who were able to take the credit card’s number by inconspicuously bumping into someone. See Andy Greenberg. In doing so, they were close enough to scan the card’s RFID and lift the number from the card without ever physically taking it. Next, they would take the number and write it on any card with a magnetic strip. All the equipment to do this is commercially available. Id. With the added convenience came added security issues.

Similarly, Apple claims the Apple Watch will be completely secure because it does not hold any card information on it and it uses a new and unique number for each transaction. See Apple Pay: Your Wallet Without the Wallet. The technical nuts and bolts of its security may deter thieves for a while. The allure of wearing a credit card literally on one’s sleeve, however, will assuredly encourage some sort of criminal innovation. Similar to the bump-and-scan method employed by people stealing RFID’s, a method could be devised and applied here to steal the devices unique payment information. Id. Accessing the watch will be the easy part as a wristwatch is worn where it is readily visible. The true test of the Apple Pay system’s security will not be from preventing unauthorized scans of the device, but the ability to use that information later on. Time will tell if it really works.