Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Watch Will Use Skin Contact for Apple Pay Security
- Thread starter MacRumors
- Start date
- Sort by reaction score
Except people don't leave their CC's laying on a table, bedroom or car.
The comment that the Apple watch will stop crime is hilarious!
Keep the posts coming.
----------
So wait... you must now touch the watch, enter a pin to unlock the watch & access the passbook app then pay?
Yup, that's more convenient than reaching for my wallet.
And I find you deliberately misinterpreting what I said hilarious! I have had my wallet stolen I have never had my watch stolen, I'm not saying it can't happen, but as soon as your property is no longer under your direct control, it has become less secure, whether watch or card.
I completely stand by my statement that it vastly reduces the risk of skimming, note that was the only crime I said that it would reduce.
You've also gone out of the ways to deliberately misunderstand the process of paying with the watch.
Yes, I'm sure nobody would notice you trying to pay for your groceries with a severed hand.
Yet folk have been happy for years to enter a pin every time they unlocked their phones!
What about users who have an iPhone 5 or 5C that doesnt have TouchID? Apple Pay via the watch still works for users linked to these phones.
From the Apple Pay page on the apple site :-
From the site:
"Paired with iPhone 5, iPhone 5c, iPhone 5s, iPhone 6, or iPhone 6 Plus. In-store purchases only."
EDIT: Sorry I didn't see it was already quoted.
Then they'd need to put up with the cumbersome step of entering the passcode every morning unless they upgrade to a newer iPhone model.
Which if they have an iPhone 5 wont be as cumbersome as the process they are well used to of entering a passcode everytime they unlock their phone!
I really dont see a one of code entering as cumbersome....and to be honest there could be days where you are not going to any shop and have no requirement to enter the code to activate Apple Pay or if you happen to on the off chance out of the blue then you enter the code there and then quickly. Then there are the times that you are in a shop and use that fangled cash stuff you have in your other trouser pocket from your phone!
Half the iPhone users didn't do that already multiple times a day to unlock the iPhone since 2007 before Touch ID :roll eyes:
Edit: Bransoj, you got me
Surely when you want to pay for something with the watch, you'd need to go into the "Apple Pay" app? I doubt it just sits there on your wrist beaming cash at everyone and anyone in the vicinity?!
Certainly safer than my contactless debit card at any rate
https://www.apple.com/apple-pay/
"Double-click to pay and go. You can pay with Apple Watch just double-click the button below the Digital Crown and hold the face of your Apple Watch near the contactless reader. A gentle pulse and beep confirm that your payment information was sent."
Half the iPhone users didn't do that already multiple times a day to unlock the iPhone since 2007 before Touch ID :roll eyes:
Edit: Bransoj, you got me
I understand that; however, I didn't use a passcode before TouchID so it's cumbersome to those of us who aren't used to it.
That's the problem with this idea, they can check it there and then. They put the watch on their wrist enter the pin, and it tells them the pin is wrong... at this point they hold the knife to your neck and ask again.
So, when they take the watch, you *RUN*. You'd be *amazed* at the distance people can cover in the time it takes to put on a watch, much less try the PIN.
I think this is an awesome idea, and the fact that it allows users to make payments without disclosing any account information to the merchant is revolutionary! What I don't understand are the skeptics.
Some people are failing to make the contrast between this system and the one in use today. If you misplace your wallet, have a card stolen, or disclose your card information to a malicious merchant or one that is targeted by identity thieves, they have all they need; however, if someone wanted to compromise your Apple Pay account, they would need to get a hold of your Apple Watch (which I speculate would be much more difficult to remove from one's person than a wallet) and they would either need to know your PIN or acquire the watch with the wrist intact.
For those who really believe that Apple's new device will cause our society to devolve to a state where people sever each others' wrists to steal their identity: I think you would have much bigger things to worry about, but let's pretend that does happen. What if the watch, in addition to requiring constant skin contact, required a heartbeat as well? For example, what if after 5 seconds of no heartbeat, the device would lock itself?
Most importantly, however, is the fact that this service is completely optional. If the skeptics choose not to use it and it does get compromised, they can laugh at the rest of us and say "I told you so!", but until then, I feel much more comfortable with this than I do keeping my cards with me 24/7.
Some people are failing to make the contrast between this system and the one in use today. If you misplace your wallet, have a card stolen, or disclose your card information to a malicious merchant or one that is targeted by identity thieves, they have all they need; however, if someone wanted to compromise your Apple Pay account, they would need to get a hold of your Apple Watch (which I speculate would be much more difficult to remove from one's person than a wallet) and they would either need to know your PIN or acquire the watch with the wrist intact.
For those who really believe that Apple's new device will cause our society to devolve to a state where people sever each others' wrists to steal their identity: I think you would have much bigger things to worry about, but let's pretend that does happen. What if the watch, in addition to requiring constant skin contact, required a heartbeat as well? For example, what if after 5 seconds of no heartbeat, the device would lock itself?
Most importantly, however, is the fact that this service is completely optional. If the skeptics choose not to use it and it does get compromised, they can laugh at the rest of us and say "I told you so!", but until then, I feel much more comfortable with this than I do keeping my cards with me 24/7.
It's not a new idea. Google Wallet uses a virtual card, for example.
However, yeah, anything that prevents mass info loss like the Target or Home Depot hacks, is good.
Exactly. Stolen card. Stolen phone. It's up to you to let your bank/CC know as soon as possible.
But it's even more important if the PIN is stolen as well. As I've noted before, having more security involved in a transaction does not always help you in a dispute. On the contrary, it can make it harder to prove that you didn't make the purchase. People with chip & PIN cards have been burned by this.
Yep. Any modern chip-based payment system stops the ability to clone cards, which is why the credit card companies are pushing them.
The watch will be accepted anywhere that NFC payments are.
The security is mostly for the CC company's benefit. As anyone with good credit who's had a card or number stolen before knows, you aren't held liable.
That's weird. Why only in-store? I thought that one whole point of Apple Pay was that TouchID allowed for more secure online purchases.
--
As for the double-click NFC enable on the watch, why????!!! That totally negates the whole convenience factor of being able to pay with only one hand free.
I mean, gosh. The whole point of NFC payments is supposed to be convenience and speed. Not adding more steps, which add nothing to the liability protection we already have with CC payments.
In real life, the annoying part will be when you're in line behind someone trying to pay with their watch that hasn't been reauthorized yet.
It'll be even worse if they left their phone somewhere else
one could make a buffoonery video akin to the one apple did to demonstrate the current payment proess
Unless you are right next to an NFC reader, how would they know if you lied about your pin?
No product is theft proof. The idea is to make it harder and take longer for a theft to accomplish their task. Which means by that time they are unable to use the information they were seeking. Yet how would a theft match your skin or body temp without removing the watch from your wrist?
As I understand it its not TouchID related, it's the additional NFC hardware in the 6 that allows the ApplePay online purchases (not the NFC transmitter but the secure one time code generator part of it)
Wheras as the watch has that NFC hardware for in-store use scenarios then the owner of any phone it can pair with (5/5c/5s and the 6s) can use the watch for physical in-store payments
Yeah, I can see why Google Wallet would falter here. According to Apple's website, the information is stored on the device in the Secure Element and not on Apple's servers.
So if Apple's servers were hacked they cannot retrieve Apple Pay card information. Yes they use the card on file with the iTunes accounts. Those numbers are still vulnerable (at the moment) to hacks. All of your other cards are not accessible to a hacker.
If Google's servers were hacked, there would be millions of users with exposed credit cards.
Time will tell and various security teams can put this to the test when Apple Pay is rolled out next month, but I see this as a win for Apple.