Unless they take your wrist with the watch...
Because we all know that TouchID created a huge wave of criminals cutting off fingers...
I wonder if it asks for confirmation or am i going to be paying for everyones stuff when i walk past a register?
Passing the watch near the sensor is part of the process, not the full process. You still need to confirm the payment.
And if the range is like the range of an iPhone 6, then the watch will have to get within about 2-3 inches from the receiver. That's a lot closer than just walking past a register.
I think so. The Apple Watch is said to also have the "Secure Element" if it doesnt then it won't work on an iPhone 5s since this doesn't have the Secure Element either.
The 5s has a secure element (Apple's literature calls it a "secure enclave"). Right now, it's just used to store fingerprint data. I assume ApplePay will also store your card data in there.
The big deal about the 5s is the lack of an NFC transceiver.
My credit card uses something similar to NFC and it doesn't have a battery, so I can't imagine it's that much of a drain.
Contactless cards have a large antenna embedded in the plastic. The chips are designed to run with very low power, so they can be powered from the current induced when the coil moves through a field generated by the reader. This is also how RFID cards work.
Your card works with RFID I think. It's not the same thing
Maybe, but not likely. RFID is a very simple protocol that just returns an ID number. NFC cards have an actual processor (similar to, if not the same as the encryption chip on EMV cards.)
The logical thing would be to have a kill switch that you can activate in the phone (assuming they dont steal that too) or in icloud
It's already there. Based on what I've read so far, ApplePay on a watch requires the watch to be within BlueTooth range of the phone it is paired with. Steal the watch without the phone, and there's no payments. If both get stolen, you can log on to icloud.com and disable or wipe the phone via the "find my phone" facility.
It would be great if Apple will will provide remote disable/wipe capability for the watch as well and maybe a feature that can disable/wipe it if it loses contact with your phone for more than some configurable amount of time. If the feature isn't there when I get my watch (whenever that is), I'm going to send Apple feedback to request it.
Doesn't touch ID mitigate the need for a PIN?
Not entirely. You still need the PIN/passphrase for the first access after the phone reboots.
Except this pin works with all your cards, doesn't have to be entered in the store and the system doesn't require any kind of identification.
Except that it has to be paired with your phone, which you can remote-wipe.
watch= house arrest ankle monitor....
truly dystopian...
If you're seriously concerned about this, then I assume you don't have a cell phone, because law enforcement can already track that today.
Hmm...this means the only security measure for payments with the watch is a PIN number.
Anyone could put on your watch and create skin contact...getting the PIN would be as easy as looking over your shoulder while you entered it, or looking at security camera footage from above you.
They'd also need your phone, which you can remote-wipe. The PIN is to pair the watch with your phone, not to unlock Apple Pay.
Except people don't leave their CC's laying on a table, bedroom or car. ...
So wait... you must now touch the watch, enter a pin to unlock the watch & access the passbook app then pay?
Yup, that's more convenient than reaching for my wallet.
People don't leave their cards lying around their home/car? Of course they do.
As for your "procedure", the PIN is something you enter when you put the watch on, to re-authorize the pairing with your phone. You wouldn't do it for every single transaction, unless you are in the habit of taking your watch off when you're not making payments.
As for the passbook app, if it's anything like the iPhone 6, the app launches itself when the device gets within range of an NFC reader. You should just be able to move your wrist near the sensor, select your card (if you don't want to use the default-configured one) and then press a button to confirm the purchase.