Another fare hike! On a related note I found an old token the other day...memories
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
A Comprehensive Outline of the Security Behind Apple Pay
- Thread starter MacRumors
- Start date
- Sort by reaction score
Another fare hike! On a related note I found an old token the other day...memories
Difference is that credit cards and debit cards offered convenience so there was a reason for consumers to use them. Apple Pay doesn't add conveniencein fact, it just increases the risk that you'll drop your $650+ phone.
As for security...if your credit card has unauthorized transactions then you're not liable for them anyway. People are just transferring any trust they have to Apple, which doesn't exactly have a flawless track record as we all know.
to be fair, that hack (as i saw it) was more of a proof of concept type of thing.. if there's money to be stolen, thieves will try to get at it and they can be pretty ingenious at times.. a scanner and 3d printer isn't too far out of the question and if touchID stays exactly how it is now for the next decade then we could have a problem.. typical cat&mouse scenario.. let's just hope the mouse stays in front of the cat
You know that iCloud recently got hacked and nude celebrity photo's were leaked, right??
Nope. Although Apple's lax password reset system (required no authentication) and lack of iCloud security were surely partly to blame.
You know that that was simply because people guessed past the stupidly simple security questions, right? And that they didn't have two factor verification turned on, right?
Do your research little guy...
IF it was people's passwords were figured out by brute force then Apple should've had a maximum attempts lockout. But that still amounts to individuals getting their individual accounts broken into.
That doesn't equal hacking into iCloud.
And there was certainly no free for all as described in post #187.
_________________
Apple pay increases security as well as preserving some privacy. Neither the merchants, Apple, nor the banks get to collect, analyze, and profit from profiling your activities. That's a major difference.
In the US, at least, consumers have near zero liability for unauthorized use of their credit cards. The banks eat the cost of fraud in order to keep the process simple for consumers and lucrative for themselves.
I never said anything about hacking into iCloud. I said it was because of Apple's poor security. You could reset a password without having access to the user's email or phone or any other verifiable information. We do know that several of the celebrities reported to Apple that their password was changed without their knowledge. As for multiple brute force attempts. Even if that was used to gain access to iCloud, it would not of locked them out. Until this issue came to light, Apple didn't have any precaution on the iCloud servers for downloading entire iCloud backups. You could request access as much as you want. Of course Apple quietly fixed that issue.
A Comprehensive Outline of the Security Behind Apple Pay
The mere fact that you go out of your way to insult me tells you're the "the little guy."
It is what it is; Apple, according to you, is is the best when it comes to privacy but again, iCloud was breached and they had to address it. So if you were as bright as you lead to believe, you would know that's a security breach.
Go kick rocks.
The mere fact that you go out of your way to insult me tells you're the "the little guy."
It is what it is; Apple, according to you, is is the best when it comes to privacy but again, iCloud was breached and they had to address it. So if you were as bright as you lead to believe, you would know that's a security breach.
Go kick rocks.
Last edited:
Agreed. It does eliminate the credit card. But, I still need to carry a wallet or cardholder for my ID cards. Everyone is different, but reaching into my pocket to get my credit card is just not a big issue for me. With Apple Pay, I would have to reach in my pocket for the phone anyway.
If I listed all of the inconveniences in my life, swiping a credit card would be toward the bottom. This seems like a solution in search of a problem.
However, if there is a compelling security advantage, I might be interested.
No it does not. Apple pay will work with iPhone 5, 5C, and 5S when paired with Apple Watch
nah.. there's convenience to be had.. i'm not exactly sure how the user interaction will be or what all you can do with it but if you can do things like tag purchases at time of payment.. tags go to desired spreadsheets.. etc.. then things like job tracking/invoicing will be way simplified.. paper receipts will be a thing of the past as all of that stuff will go to your computers/files automatically..
plus, simply not needing to carry a card around is a convenience in itself.
while this is true, i don't think it's much of an argument against pay-with-phone.. i mean, downloading angry birds increases the risk that you'll drop your phone more than applepay does.
again, i don't know all the details but aren't the banks still involved? won't they just keep dealing with fraud/theft in the same way they are now?
(or- i might not understand you exactly here.. i might need a rephrase
)nah.. there's convenience to be had.. i'm not exactly sure how the user interaction will be or what all you can do with it but if you can do things like tag purchases at time of payment.. tags go to desired spreadsheets.. etc.. then things like job tracking/invoicing will be way simplified.. paper receipts will be a thing of the past as all of that stuff will go to your computers/files automatically..
plus, simply not needing to carry a card around is a convenience in itself.
while this is true, i don't think it's much of an argument against pay-with-phone.. i mean, downloading angry birds increases the risk that you'll drop your phone more than applepay does.
again, i don't know all the details but aren't the banks still involved? won't they just keep dealing with fraud/theft in the same way they are now?
(or- i might not understand you exactly here.. i might need a rephrase
I see what you're saying about paperless receipts and that's a good thing, but credit card companies could easily do this, too (it's not something that requires a system like Apple Pay).
True, not having to carry a credit card (or a stack of them) is nice. But then you're relying on a single system (Apple Pay) and a single device (your phone which might get lost, broken, have no charge, or malfunction).
Yes, downloading Angry Birds adds the risk of dropping your phone...but the reward to that risk is a game that you hopefully will enjoy. Pulling your phone out to pay increases the risk of dropping your phone but doesn't make your life any better (you still have to do everything you do with a credit card, plus extra steps).
What I meant about fraud/theft is that the consumer ultimately isn't affected by fraudulent activity. In any case (plain credit card or Apple Pay), the consumer doesn't owe a cent if their card is misused. So Apple Pay doesn't help there.
I do see your points but I don't think the pluses outweigh the minuses. I really don't see any pluses other than not having to carry plastic cards (though that adds the aforementioned risks).
But paying with the Apple Watch might overcome a lot of those things (can't really drop a watch strapped on your wrist). Only then might we see some real conveniences that will appeal to the average consumer (no need to reach into your pocket for anything). But I would still carry plain credit cards just in case...
How about better fraud protection? The Target and Home Depot breaches didn't affect anyone using Google Wallet. If all users had been using some kind of tokenized payment system, there would be no issue.
Consumers aren't completely free of responsibility for unauthorized use. And just because the majority of the time they may not be, doesn't mean they aren't affected by it. The more fraud that occurs to credit card companies the more it costs them. And those costs are passed on to the customer.
I was affected by the Home Depot breach. Even though they said they would take care of any unauthorized charges, I know my card number is still floating out there somewhere and I could still be affected. They even offered free credit monitoring. But I'd have to sign up for yet another service where my name and information is being stored.
So to answer your question: "So tell me how Apple Pay benefits me...?" Better security and peace of mind.
----------
See my comments regarding what I had to do for the Home Depot breach.
Okay little guy, let me school you a bit.
Many companies have the security question feature. Apple, unlike many, has the option of higher security. People should be implementing this, but so far many haven't.
This method of guessing security questions is well known and has been done with multiple sites, multiple times. Everyone knows, or should know, that the security questions are supposed to be for security. As in, not obvious. Obviously those celebrities didn't know or care about that.
All in all, it really wasn't a beach. The system was working the way it was supposed to and, due to human error, you could call it stupidity in this case, photos were leaked. The reason it got so much attention this time is because a) they were pics of celebs and b) people on social media like to bash Apple.
Oh, and in which world is adding another line of text at the end of a post 'going out of your way?'
Yep, I mentioned provisioning the new BINs a few weeks back.
Right, we've mentioned before that the current account, expiration date and multiple cvv fields are all reused for the token account, token expiration, and dynamic cryptograms.
However, I do not think the token device account number is one time use. It's apparently static, or at least used for multiple purchases. There's no need for a token PAN to change at all, since the cryptograms take care of preventing any replay attacks.
Yep. That's why I laid out a sample pattern, to make it a bit clearer to readers, that the token account numbers do not change and are not totally random.
The credit card companies created the token payment methods that Apple is one of the very first to use. The timing was nearly perfect for Apple.
Last edited:
Do you think this was pure coincidence? Maybe this is one of the reasons Apple waited so long to implement their Apple Pay. Or maybe they worked with the cc companies when they were trying to figure this stuff out.
I also wonder if Apple waited to try and implement Apple Pay differently, but in the end decided to use NFC since the whole EMV thing was happening anyway.
Jerk, you can have a discussion and prove your point without throwing insults.
You made some valid points; people should enable two factor authentication. Got it, d!ck.