There were a couple of mainstream media stories involving Apple’s new credit card and possible security weaknesses. The problem with these stories is that they were only partially true. So here is the real scoop on the new Apple Card credit card and it’s security features.
The first story I’ll talk about is one about the Apple Card being susceptible to skimming or cloning. This one is absolutely true and it should come as no surprise. Every credit card with a mag stripe on it (which is pretty much all of them in this country) is vulnerable to this kind of fraud. The little stripe on the back of your credit card is called a mag stripe and it contains information needed by the retailer to complete a credit card transaction. If you are not using the chip in the card and are using the card in-person at a retailer then this is the method you are using to make a purchase. So when news outlets started covering that the Apple Card had fallen victim to skimming or cloning it really wasn’t newsworthy. It was only covered because Apple touted the “extra security features” associated with their new credit card and the mag stripe was not one of those features. The mag stripe is a significant weak spot in almost every credit card out there that utilizes the “swipe” method at point of use.
The second story that was carried by a lot of news outlets was that someone who had never even used their new Apple Card (except for using it via Apple Pay) had their credit card number stolen and the card was then used to make fraudulent purchases. But it turns out that this story wasn’t quite true. The person in question had forgotten that he/she indeed had used his Apple Card credit card number to make a purchase on their kid’s school website and that their credit card number was likely stolen via that website’s servers. Again, a non-story as every credit card that has a number associated with it can have that number stolen if the vendor doesn't protect the storage of that number properly. This incidence, just like the last one, had nothing to do with the Apple Card specifically.
So what are the “enhanced security features” associated with the Apple Card since obviously these two credit card theft methods are still possible with the Apple Card? I’ll go through each unique feature below...
No Permanent Card Numbers
The first real security feature is that the Apple Card does not have a credit card number embossed into the front surface of the card like almost every other credit card out there. This has two significant advantages. First off, nobody can look over your shoulder as you pull the card out and see your credit card number. But even more importantly than that, since the actual credit card number is just digitally assigned to the card and not physically embossed on it you can at any time request a brand new credit card number for your Apple Card. Some credit card companies offer 2-day replacement times if you need to get a new card number, but with the Apple Card you can do it instantaneously within the Wallet app on the iPhone and no physical card replacement is necessary. This is really handy if you think your card has been compromised, making getting a new card number really easy and no more waiting for a replacement card to come in the mail.
The other security feature concerning the Apple Card credit card number is that if you use Apple Pay to make the purchase a different card number is used for that Apple Pay transaction. That different number is called a Device Account Number and it is unique for every combination of credit card and device that used to make an Apple Pay transaction. That makes it pretty much impossible for anyone to steal and then use your credit card number if you use Apple Pay. The credit card number associated with the physical Apple Card can still be stolen and used just like any other card, but as I mentioned above you can instantly cancel the number and get a new one assigned.
Instant Notification of Charges
As soon as your Apple Card is charged by a vendor (regardless of how the purchase was made) the purchase details are pushed to your iPhone with a push notification and an alert shows up on your phone. So you instantly know that a charge has been made. Why is this a security feature? For one, with a standard credit card it can sometimes take several days for a charge to register on the credit card site and even when it does you have to physically go to that credit card company's website and login (it isn’t automatically communicated to you). So depending on how often you check your credit card balance online it could be weeks after the fraudulent charge that you even notice it. With the Apple Card you know instantly. When dealing with fraud timing is everything, so this is a very powerful way to crack down on theft. A thief may be able to use your card once but when you are instantly alerted you can go into the Wallet app on your iPhone and disable the card so it can’t be used again by the thief. I know that fraudulent purchases don't end up being our responsibility as the consumer, but dealing with multiple fraudulent purchases it a real pain so you are better off stopping the thief as quickly as possible and moving on.
The Ability to NOT Use the Physical Card at All
The biggest security feature of the Apple Card is the option (at least at many retailers) to NOT use the physical card at all and use Apple Pay instead. Why is this a security feature? Go back to the section above that talks about card numbers. Because of how Apple Pay generates a unique card number for your credit card/device combination and requires a "unique transaction code" that is generated from the secure enclave on your device (which is authenticated using either TouchID or FaceID).
I can pretty much sum up this article with the following statement. Ignore all negative Apple Card security articles (because they are ill informed and are just click bait) and use Apple Pay every chance you can.