But should you feel 100% safe and secure bounding around with a phone that contains all the info a scammer needs to empty your bank account? Apple says absolutely. And in their defense, the system is designed with a series of safeguards.
For one, rather than pass your account information directly to McDonald's or Macy’s from your phone, each transaction is parlayed via a different proxy account, so that your information is never collected or even seen by the merchant -- protecting you from the sort of nightmarish mass-hacking incidents that've hit Target, TJ Maxx, Home Depot and others in recent years.
Apple also insists that Pay is more secure than using a physical card. That's because every payment requires you to verify your identity via biometric sensors (your iPhone's Touch ID, or the heart rate monitor on your Apple Watch), which should prevent any random schmo who's stolen your phone from going on a swipe and spend spree.