Can Apple Pay Thwart the Credit Card Hacking Trend?

Apple Pay in action. Source: Apple.

Over the past year or so, we've seen some of the most pervasive and widespread credit card security breaches at many of the nation's largest retailers. With Apple's (AAPL 0.52%) new Apple Pay service launching on Monday alongside a slew of security features, it comes at the perfect time.

A troubling trend
Just to get an idea of how bad these breaches are, here's a sample of some of the more prominent cyber attacks that have occurred within the past year, potentially impacting tens of millions of consumers.

• Adobe, 2.9 million card numbers (October 2013): A year ago, creative software specialist Adobe (ADBE -0.77%) disclosed that it had suffered a cyber attack where hackers were able to access customer information as well as source code for certain Adobe products. Approximately 2.9 million Adobe customers had personal information stolen, including encrypted credit or debit card numbers. The company did not believe the attackers were able to access decrypted data.
• Target, 40 million card numbers (December 2013): This one was big. Target (TGT -0.54%) said last December that attackers had gained unauthorized access to its payment processing systems and upwards of 40 million credit and debit cards could have been compromised. A month later, the retailer said other personal information such as names, phone numbers, and addresses for up to 70 million customers could have also been stolen.
• Home Depot, 56 million card numbers (September 2014): As massive as the Target breach was, Home Depot's (HD -0.31%) was even bigger. Much like Target, hackers used malware to gain access to Home Depot's payment data systems, resulting in 56 million card numbers being compromised over the span of 5 months.
• Kmart, undisclosed number of cards affected (October 2014): Just last week, Sears Holding's (SHLDQ) Kmart subsidiary said its systems were compromised by hackers that were able to access credit and debit card data information related to transactions between September and October. The company has yet to disclose specific numbers about how many cards may have been compromised, but it does not believe debit card PIN numbers were stolen.

By no means is this a comprehensive list. Sadly, this troubling trend of escalating credit card breaches is unlikely to stop anytime soon. It's a constant game of cat-and-mouse between hackers and the cybersecurity industry. We may not ever be able to stop cyberattacks altogether, but at the same time there is hope that we can mitigate them. Here's how Apple can help.

An encouraging trend
One of the key security mechanisms that Apple Pay will use is tokenization, whereby underlying credit card numbers are masked and transactions instead use a randomly generated number that can be discarded or made specific to that transaction. From a hacker's perspective, stealing tokenized data is useless.

Apple Pay and Passbook. Source: Apple.

Tokenization is not a new technology, but current implementations are cumbersome and not particularly user-friendly. However, the payment networks have recently proposed global standards and are putting a renewed emphasis on adoption. Apple brings its focus on the user experience to the table here, making the tokenization process automatic and simple for the user by taking care of everything behind the scenes.

This lifts a tremendous burden off merchants and retailers, as storing sensitive credit card data will no longer be the onus it is today. As shown above, merchant networks are frequently compromised and the resulting data thefts are growing in scale.

It's encouraging that the industry may finally accelerate the transition toward tokenization. Apple Pay will be one catalyst in driving adoption, but other payment services are also expected to embrace this powerful tool to combat cyberattacks. And it all starts on Monday.