Tim Cook announces Apple Pay during an Apple special event at the Flint Center for the Performing Arts on September 9, 2014 in Cupertino, California. Getty Images

When CEO Tim Cook touted Apple's new mobile payments service as "easy, secure and private," he was at least partially addressing public concerns over the company's security infrastructure in light of recent high-profile hacks. And while Apple Pay has yet to be put to a real-world test, some security experts--despite generally praising Apple's move as a step in the right direction--have already identified some potential risks inherent in the system. "If correctly implemented it could add security benefits, but there could also be some gaping security flaws," said Chris Carlis, a security consultant for Trustwave. "We will see how it survives the initial contact with the enemy. .. It's not going to be a magic bullet that fixes fraud and security."

Read MoreIs Apple Pay a bitcoin killer?



Apple didn't go into great detail describing the security aspects of Apple Pay when they introduced it this week. But there were a few things mentioned that shed some light on how the company plans to keep users' data safe.

For starters, Apple doesn't plan to store any of its users' financial information on its servers or in their device. Instead, the company is using a technology called "tokenization" to identify a user for payments. Tokenization works like this: When a person adds a credit card to Passbook, instead of storing the user's actual credit card number, another account number is generated to identify the user.

This device-only account number is then stored in a new encrypted chip in the iPhone 6 and the iPhone 6 Plus called the "secure element." (The Apple Watch will also have a secure element chip that will be used to store the device account number when used with an iPhone 5, iPhone 5S and iPhone C). This is significant because the secure element is actually in the device and not stored on Apple's servers, said Rick Dakin, CEO and chief security strategist of Coalfire, an IT data security firm. Read More Apple stock downgraded on iPhone 6, Watch concerns

Because Apple doesn't store the credit card information, it is never shared with the merchant. So if a retailer's system is breached, the hackers won't have access to a user's financial information. Given the recent hacks on major retailers, this could prove hugely beneficial. But other risks remain, experts said. "Does this help prevent a nuclear bomb? Yes. When you are talking about a Home Depot-size breach, this could help prevent damage in a large scale attack," said Tom Pageler, chief of information security for DocuSign. "But there are going to be smaller risks. People will find ways to try and take over accounts, whether it's by stealing a phone or using social engineering to hack an account or by getting a legitimate login."