Trusted Transactions | Entersekt Blog

Trusted Transactions | Entersekt Blog

A look at Apple Pay’s SMS OTP and tokenization

Posted by Christiaan Brand, chief technology officer, Entersekt

Dec 11, 2014 4:32:00 PM

ChristiaanBrandNewOn the weekend, I finally had a chance to load my three credit cards into Apple Pay. The process was slick and painless, as you’d expect from Apple: a simple snap of the credit card auto-populated the data on my phone. Only the card security code (three or four digits long) is entered by hand.

Below, I’ll explore the security mechanisms I encountered during the Apple Pay enrollment process, as well those in place for making actual payments.

Enrollment with one-time passwords

One of the inherent risks in any authentication solution is the initial onboarding or identity proofing process. In many deployments, a simple username and password offer greater security than a hardware token does because the identity proofing intended to pair the token with a specific user is not sufficiently rigorous.

Read More

Topics: One-time passwords, Tokenization, Apple Pay, Apple

About Trusted Transactions

Trusted Transactions is Entersekt's blog devoted to keeping our customers, prospects and friends updated with industry news, security threats and technology advances in consumer authentication. We can protect against online banking fraud and account takeovers. Trusted Transactions brings you industry data and insights to help safeguard your online and mobile banking and payments transactions. 

Subscribe to Entersekt's Blog


Download white paper: The importance of transaction  signing to banks  


Follow Entersekt