Apple owes its success to a lot of things, including some luck. Barely a week after Home Depot announced perhaps the largest retail credit card cybertheft to date at its stores, Apple unveiled its own mobile payment system: Apple Pay.

Perhaps because of the close timing of those events, Apple Pay is being hailed as a game-changer. It’s a new way to pay that would be quickly embraced by consumers, and save retailers the headache and expense of break-ins into credit card-based systems.

But will it?

A simple tap

Apple Pay, available in Apple’s new iPhone 6 and iPhone 6 plus, is designed to work with a simple tap of the phone using Near Field Communications (NFC) technology. Softcard (formerly Isis Wallet), a mobile payment wallet backed by AT&T, T-Mobile, and Verizon Wireless, will also reportedly be loaded on the new iPhones. 

All mobile payment systems, including Google Wallet, Apple Pay, Softcard, and CurrentC, a new non-NFC payment system developed by a consortium of retailers, tout the almost-magical ease of using their virtual wallets to make a purchase. But convenience is not consumers' biggest concern.

Security concerns and reluctance to adopt

Although recent massive data breaches compromising consumers’ personal and financial information have occurred using old-fashioned credit cards, security concerns about mobile payments are a major reason why they’ve been adopted so slowly. 

Perhaps that’s why Apple has agreed to include Softcard on its phones, despite their competition. It helps make each of the various wallets available on a broad range of retail point of sales systems. After all, the more people that use mobile to pay, the more mainstream it will become. 

​Even before the announcement that Softcard would ship installed on the iPhone 6, the company hailed Apple’s use of NFC technology: “We think that today’s announcement by Apple to support NFC is very significant and sets the stage for rapid scale adoption of mobile commerce.”

One of the reasons more secure "chip-and-PIN" credit card point-of-systems haven't been widely adopted in the U.S. is that it would require retailers to replace POS hardware and software. CurrentC is one that won't be linked to credit cards at all. The app can be linked to a bank account, or, even better when it comes to security, loaded with a certain amount of cash. This can save retailers on swipe fees, but consumers interested in paying on credit may feel stymied.

With the new iPhones being Apple Pay and Softcard capable, many retailers can be confident that a certain number of consumers are at least primed to use NFC-based mobile payments. That could push forward the adoption of mobile payments, especially with people in the millennial generation apparently quite open to them. As long as, that is, they are viewed as being secure.

How secure can mobile payments be?

The cyber-theft of several celebrities’ nude photos gave Apple something of a black eye just ahead of its big reveal Sept. 9. But that raised more concerns about the cloud, and how easy it is to break into it, than about mobile payments per se. 

Several experts say that mobile payments are indeed more secure than old-fashioned credit cards: They use various combinations of encrypted data, one-time-use codes, and layers of authentication not possible when swiping a plastic card with a set string of numbers and a magnetic stripe. Some use NFC technology, while CurrentC employs bar codes that can be scanned using existing systems. 

Regardless, no matter the technology, financial information is not stored on the phone. The security risk, in that case, shifts to banks or card issuers and how they store the data.

Banks themselves, however, are increasingly using the cloud to store data, and it’s unclear how well anyone in charge there understands what it may take to manage its security risks. 

Payment wallet companies, therefore, are probably right when claiming that their apps are more secure than swiping credit cards. The problem is that, these days, that doesn’t seem to be something that is very hard to achieve. 

"The fact that it is still possible to use customer service or an automated system to change someone else’s PIN with just the cardholder’s Social Security number, birthday and the expiration date of their stolen card is remarkable, and suggests that most banks remain clueless or willfully blind to the sophistication of identity theft services offered in the cybercrime underground,” cybersecurity journalist Brian Krebs wrote in his analysis of the recent Home Depot theft.  

“I know of at least two very popular and long-running cybercrime stores that sell this information for a few dollars apiece,” said Krebs, “One of them even advertises the sale of this information on more than 300 million Americans.”

So while experts say that the security of the newest NFC-based mobile payments — including Apple Pay — has come along way from its early, easily hackable days, it remains untested.