"Apple needed a mobile payment story,”  says Gartner's Avivah Litan.
"Apple needed a mobile payment story,” says Gartner's Avivah Litan.

Enterprise choice?

In fact, Apple's latest iPhone and iOS increasingly provide the tools to support such an approach, according to Michael Sutton, vice president of security research of Zscaler, a San Jose, Calif.-based secure cloud provider. “Apple has an opportunity to be the platform of choice for enterprises wishing to made standard security policies for BYOD devices,” he says.

But, being the preferred platform in large companies and government isn't the same as being the only one, as those responsible for MDM and security in BYOD environments will still have to grapple with multiple technologies, contends Kim Ellery, product marketing manager at Absolute Software, a Vancouver, Canada-based company focused on endpoint security for mobile computing. “The very trend that brought Apple to the enterprise continues to feed the ecosystem with different device types of operating systems,” he says. 

Such flux and uncertainty created by BYOD has led one company, Securonix, to conclude that centralized ownership and control of enterprise iOS devices is essential. “For now, the key strategy to support iOS devices is to ensure that organizations own the devices and all content of these devices including all the apps installed on the devices,” says Tanuj Gulati, chief technology officer for the Los Angeles-based provider of security intelligence solutions. 

While the infosec industry and enterprise IT managers debate how to deploy the iPhone 6's cryptographic upgrades and the iOS 8's security advances, leading retailers, banks and credit card companies are embracing Apple Pay, an iPhone mobile wallet that combines near-field communications (NFC) technology with data tokenization that replaces credit card information with tokens that are useless to hackers. 

"What we have do is find a way to say ‘yes.'"

– John Pironti, president, IP Architects

While promoted by Apple CEO Tim Cook as a way to make consumer purchases easier, Apple Pay may be more attractive to retailers like Target, Home Depot and others that have been hammered by massive breaches of credit card data over the past few years. That's owing to the advances brought to the market by the system's use of tokens, which promisesd to greatly reduce the risk of having credit card data pilfered through malware attacks at point-of-sale terminals. 

“That by itself was a major step forward for mobile payments security,” says Randy Vanderhoof, executive director of the Smart Card Alliance, a nonprofit industry association. By keeping security in the iPhone, using tokens and using Touch ID for purchases, Apple Pay has “three levels of authentication versus everyone else dealing with one or two,” he says.

Apple Pay also gives a fillip to industry players who've been advocating for years that tokenization is the best way to protect consumer information. “What Apple is validating is a fundamental thesis that the idea of credit card data and other personally identifiable information being handed over [at the point of sale] is careless and frivolous and needs to stop,” says Suni Munshani, CEO of Protegrity, the Connecticut-based developer of tokenization and encryption solutions. With EMV-technology credit cards embedded with microchips set to roll out over the next few years, merchants already obliged to upgrade point-of-sale terminals are likely to deploy tokenization in any case. The EMV rollout and the launch of Apple Pay will be “hugely complementary,” Munshani says.

Another plus for Apple Pay is that it reduces the scope of compliance to the Payment Card Industry-Data Security Standard (PCI DSS) – a payment card standard created by industry players, says Avivah Litan (left), VP and distinguished analyst at Gartner. Because credit card data will be tokenized, many of the requirements of PCI will be moot.

Moreover, Apple Pay will be a boon to the credit card companies MasterCard and Visa, which apparently convinced Apple to implement precisely the same type of tokenization technology that will be used in the EMV cards, Litan said. Thus the new terminals built to read EMV cards will have NFC capabilities that will allows users to pay with an iPhone instead.

The two credit card giants are trying to keep their virtual monopoly on the payment network, Litan says. “Apple needed a mobile payment story,” she says. “The company thought it needed the banks on its side. It was a smart move on Apple's part. It was probably the best move they could make.”