Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
A Comprehensive Outline of the Security Behind Apple Pay
- Thread starter MacRumors
- Start date
- Sort by reaction score
Actually your wrong
I think we are not talking about the thief stealing your credit card then going into shops to use the card, we are talking about the thief going online and using your card where it does not matter if they have your pin or are the same sex as you. Also if we are talking about the thief going into physical stores and using your credit card then half the time the cashier is not very alert or sharp witted and do not spot if the card is for say a male and the user is say a female, and even if the cashier says anything the thief just says "it's my partners and I am using it as they are ill" and then the thief will just perhaps go to a store where the owners are too cheap to have chip and pin style POS and the thief won't need the pin.
With Apple watch the owner will just remotely wipe the card details with Find my Iphone as soon as the thief has gone.
Or are you now going to say the thief will stick around and try to stop you, or kill you...if so then we might as well say that the thief could just use their mind reading skills to get your card details that way
I think that Apple watch will be able to determine who's wrist it is on, I mean it is able to map the users heat beat. So it is not impossible that it could figure out if it has been placed on another users wrist.
the fact is Apple Watch and Apple Pay are far better and far more secure than the stupid and pathetic system we currently have.
I think we are not talking about the thief stealing your credit card then going into shops to use the card, we are talking about the thief going online and using your card where it does not matter if they have your pin or are the same sex as you. Also if we are talking about the thief going into physical stores and using your credit card then half the time the cashier is not very alert or sharp witted and do not spot if the card is for say a male and the user is say a female, and even if the cashier says anything the thief just says "it's my partners and I am using it as they are ill" and then the thief will just perhaps go to a store where the owners are too cheap to have chip and pin style POS and the thief won't need the pin.
With Apple watch the owner will just remotely wipe the card details with Find my Iphone as soon as the thief has gone.
Or are you now going to say the thief will stick around and try to stop you, or kill you...if so then we might as well say that the thief could just use their mind reading skills to get your card details that way
I think that Apple watch will be able to determine who's wrist it is on, I mean it is able to map the users heat beat. So it is not impossible that it could figure out if it has been placed on another users wrist.
the fact is Apple Watch and Apple Pay are far better and far more secure than the stupid and pathetic system we currently have.
I didn't realize it worked different for contactless payment in the UK, though I think I remember reading that often it's an offline transaction, so that would explain it.
Normally the transaction is sent to the financial institution that responds with either and accept or decline. They decided if the amount is too high, whether it be due to exceeding limits of the card or if it's outside your normal spending habits, then they send the accept/decline response. I assume with Apple Pay it won't be any different. And I don't think it will support offline transactions.
whats happening is hair splitting...apple is using tokenization and so is everyone else, its not proprietary and apple is just spinning it to seem that way..its nfc plain and simple its no more secure than any other system currently being used world wide no matter how much apple fans want it to be.
use android or windows and the merchant doesnt see your info either, the transaction is encrypted in a similar method and is basically the same. the bottom line is someone uses their iphone at the same terminal as the guy using his windows or android phone, some will use touch id some will use pins and no one on the other side of the counter knows your info.
So, there are 4 cards that I carry with me:
Credit Card
Health Care Provider ID Card
Drivers License ID
Gym ID Card
I can see how this will eliminate 1 of 4, but not sure how it will handle the other 3 ID cards. For example, unless the police will be carrying iPhone compatible card readers, i still need to carry a small card holder/wallet for my identification.
Honestly, handing my credit card to a clerk or swiping it at checkout is not a huge inconvenience to me. I could be missing something here, so maybe others can enlighten me.
Credit Card
Health Care Provider ID Card
Drivers License ID
Gym ID Card
I can see how this will eliminate 1 of 4, but not sure how it will handle the other 3 ID cards. For example, unless the police will be carrying iPhone compatible card readers, i still need to carry a small card holder/wallet for my identification.
Honestly, handing my credit card to a clerk or swiping it at checkout is not a huge inconvenience to me. I could be missing something here, so maybe others can enlighten me.
Easy. Standing in line at checkout counter, I see people type in their pins. All you need are some sticky fingers. People are pretty complacent when it comes to entering their PINs. That's what makes the fingerprint reader, and it's supposed secure enclave, appealing.
correct. Apple just adds a marketing name to a feature or function that already exists and had existed. it works for the millions of Apple customers who are oblivious to the tech world around them, with exception to the small Apple world bubble. i actually had friends who honestly believed that LTE was an Apple invention when they released the iPhone 5
The whole Apple Pay system will be a huge flop. Few people will deal with the hassle of learning how to set it up and actually using it. Every security hole will be uncovered by hackers and publicized all over the news, repeatedly turning Apple into the laughing stock. Mark my words.
Ok, but this is on my phone. Which I enter the pin at anytime to unlock my Google Wallet within 15 minutes when no one is around me. You're not going to see my pin at all.
----------
And I had friends who thought their iPhone 4/4S were 4G LTE when they finally saw it "said" 4G in the status bar.
----------
Nope, it will be slow to adopt yes. Paying by phone, no matter what device, will eventually be a natural thing in a few more years.
Nope. People will see there's no advantage compared to using a credit card. You still need to pull something out of your pocket. With a credit card you just swipe or wave itno need to do anything else. And if you drop the credit card, you don't break a $650 device. It's such a huge hurdle to convince people to switch that the pressure will be on credit card companies to come up with something better (and they will think of something).
Consumers aren't responsible for unauthorized use of their cards anyway.
So tell me how Apple Pay benefits me...?
I don't really care how or if it benefits you. I care that Apple Pay and Google Wallet benefit me and others like me who see the benefits.
----------
I can guarantee you that both my iPhone 6 Plus and whatever Android device I'm using at the moment will take the exact same amount of time to pay. In fact, I'll do a test once Apple updates.
Let me rephrase it then since you don't understand the gist.
How does it benefit you? "I just know it does" isn't a valid answer.
We've been saying that here for weeks.
"Randomized 16-digit" is not quite accurate. Assuming they are actually using 16 numeric digits, it'll have to follow at least part of current numbering schemes, in order to be backward compatible with current pay terminals.
Each card type divides it up differently, but the basic idea is the same. For example, for a Visa, it's more or less:
4BBB BB12 3456 789X
- 4 = Visa
- B = bank id & card type. E.g Bank of America token. This is needed so the payment systems know how to route the request, and to let the banks know that it's a token account number.
- 9 random digits gives a billion possible token account numbers.
- X is a check digit to confirm that the others were sent correctly.
Interestingly, in the case of Mastercard at least, one token is given per device that you set up a particular real card on. Up to nine different device account tokens can map to a single real credit card number. In other words, the same credit card will have a different token on each iOS device that you register that card on.
Neither issues a transaction specific account number.
Google Wallet does use other time limited tokens, which are pushed to the device, to generate the payment cryptograms. So even if you got the virtual account number, you could not use it to make NFC payments.
Doesn't matter which we use. The credit card companies have been selling our (anonymous) purchase info to ad networks for years.
The only difference is what perks we get in return. E.g. awards in the case of the CC companies, while Google gives us handy online services.
With Apple Pay, the CC companies will continue to mine and sell our purchase info, while Apple gets a purchase percentage that they keep for themselves.
Last edited:
I wonder how Apple's payments initiative 'Apple Pay' stacks up security-wise, against that retailer-owned mobile technology group's 'Merchant Customer Exchange' that Best Buy, Wal-Mart and Target are planning on backing.
After reading the tech details of Apple's implementation of that 'emerging token-based mobile payments standard', and adding in Apple's TouchId and the Secure Element, I am super-impressed with it, and am confidently looking forward to start using it.
If you look at the virtual bullet-proof design of it, and all the built-in safeguards, it is little wonder the banks and various credit card issuers (cautious lot they are), are also very impressed by it, and are reportedly looking forward to dramatically reduce the substantial losses they currently incur due to the incidence of fraud.
After reading the tech details of Apple's implementation of that 'emerging token-based mobile payments standard', and adding in Apple's TouchId and the Secure Element, I am super-impressed with it, and am confidently looking forward to start using it.
If you look at the virtual bullet-proof design of it, and all the built-in safeguards, it is little wonder the banks and various credit card issuers (cautious lot they are), are also very impressed by it, and are reportedly looking forward to dramatically reduce the substantial losses they currently incur due to the incidence of fraud.
None of that is true at all. Google uses a virtual card account number for purchases. Your card information is not stored on your phone. If your phone is compromised, you can disable wallet from the web and that virtual card number will no longer be valid.
Which is why the real TouchID threat vector is not from a casual thief.
It's from someone who's around us constantly, and thus has plenty of time...months even... to find a good print, create a replica, and then use our phone to make payments (or do worse things) without us knowing.
People like our crazy roommate. Or ex-spouse. Evil coworker. Heck, even our way-too-smart kids
go back 15-20 years and the same things were being said about debit cards. (a little further back with credit cards and even further with checks)
i'm not saying you're wrong but if history is a decent gauge, you're probably wrong.
Also, credit card companies are going to embrace these newer payment methods from Google and Apple eventually as they are inherently more secure so mass fraud will be more difficult.
the thing i like is that it does eliminate the credit/debit card from the equation.. that's the only one i really worry about sitting in my pocket next to a phone..
(well, my metrocard as well but maybe the mta will get phone apps/readers soon enough)