I don't care how secure a company says something is. Nothing that uses the internet is unhackable.
It is hackable. No one says its not. But what the hackers can obtain by hacking an Apple Pay transaction is useless to the hackers. Only a token is transmitted (which is not your actual credit card data). With the magnetic stripe swiping old method, your credit card data was there to see. And a memory scraper was used by hackers to obtain that information.
Now, even if a memory scraper or something similar was used to hack the merchant, all they would get are useless tokens. The tokens themselves have no intrinsic value. You can hand your token out like Halloween candy, or scatter it around the NY subway system or post it on Macrumors and NOTHING can be done with it.
Why not you ask? Well, it only works in conjunction with a one-time use only cryptogram (from your device) as well as your biometric authentication (fingerprint ID). And, don't forget, the mapping of a token back to your actual credit card information can only be done at the issuing bank and/or the processor used by the card brand.
So the merchant, the weak point in the transaction (as banks are much harder to break into -- hence Target and Home Depot breaches), no longer has anything useful to hackers from your card transaction (when you use Apple Pay). Now do you get it? Its not that Apple is secure or Walgreens is secure, its the tokenization method of payment, coupled with your biometric ID and other security features.
To sum up, hackers can hack your merchant or Apple Pay servers all they want. But they will not get anything valuable or useful from either. So hackers will focus on easier targets (like old style swipe transactions).
Last edited: