Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
A Comprehensive Outline of the Security Behind Apple Pay
- Thread starter MacRumors
- Start date
- Sort by reaction score
That's the major failing of Google Wallet: Every transaction goes through Google.
Apple doesn't get involved in the transaction. Their cut is paid to them after the fact, by the bank.
The 4th amendment still matters.
http://www.law.cornell.edu/constitution/fourth_amendment
http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution
http://constitution.findlaw.com/amendment4.html
"The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated..."
Rocketman
Stating the obvious and right.
http://www.law.cornell.edu/constitution/fourth_amendment
http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution
http://constitution.findlaw.com/amendment4.html
"The right of the people to be secure in their persons, houses, papers, and effects,[a] against unreasonable searches and seizures, shall not be violated..."
Rocketman
Stating the obvious and right.
You're wrong... the thief can't check your pin number works while standing in front of you if they just steal a credit card. The pin is also different for all of your cards, rather than having just 'one', that gives them access to everything.
A person's name is also written on the card, whereas Apple pay means the thief doesn't even have to be the same sex. They are completely anonymous, and Apple doesn't track suspicious payments.
A password isn't secure either.
As far as I understand it, if someone robs you, they just take your watch, demand your pin/password, and tap it in to check it. The watch won't even need the pin to be entered again as the thief goes on a major shopping spree at your expense.
If the watch loses contact with your skin - it will need to be re-authorized - so you will have to lose both the phone and the watch for this to work.
https://twitter.com/reneritchie/status/509437661632028672
By that time, you will have already gone to Find my iPhone and cancelled payments on that device.
My credit union's backend systems are outsourced to a third party vendor.
If that's also true for yours, then the question would be if their vendor would support it?
But I believe most apps that have sensitive info require another security level 4-6 pin
They are partnered with MCX, who is developing Currenc. So they have a vested interest to see the other mobile payment system succeed. Although a QR based mobile payment system doesn't seem to be very modern, and it's more complicated from a consumer level than Apple Pay.
A password isn't secure either.
As far as I understand it, if someone robs you, they just take your watch, demand your pin/password, and tap it in to check it. The watch won't even need the pin to be entered again as the thief goes on a major shopping spree at your expense.
I don't get it. Is said thief going to tie you up or drag you along so you have no ability to remotely disable
Pay?I'm from the uk, recently been on holiday to usa and I couldn't believe you still sign the receipt and are not using chip & pin, I noticed as well that 99% of receipts I signed weren't checked in the store to the signature on the reverse of my card, I had pocketed my card before I even signed the receipt and nobody checked, by the end of the holiday I was signing anything, the opportunity for fraud on stolen cards seems incredible
Looking forward to Apple pay but as an earlier poster said with the recent software issues will wait to see how it goes
Correct me if I'm wrong, as I'm still reading up on both implementations. But from what I understand, Google Wallet is only encrypted part of the way. Google Wallet takes the card out between the user and the merchant, but between the merchant and the bank the account number is still sent.
Also, you need to store your credit card number with Google. If your phone is compromised you have to contact your credit card company to cancel your card and get issued a replacement.
Apple doesn't store your credit card number, with the exception of the one associated with your iTunes account. And if your iPhone is compromised you only need to deactivate that device for payments; there is no need to cancel your card and get a replacement.
I was assuming the thief would put the watch on their wrist when they take it from you and enter the pin, so no loss of skin contact.
It will also be difficult to go to Find my iPhone immediately when you have just been robbed and your phone has been stolen.
The ease of Apple pay also makes payments very quick for the thief in the store.
A credit card doesn't have a pin - only a debit card does, and nobody checks the name on the card
I was actually jumping for joy, till i realized two things :-
- It will probably never be available in Australia.. and
- I do all my transactions online anyway. so even if i did have it available, it'd be useless unless i actually went into store.
If Apple could do bridge -the-gap by offering something similar to what Paypal got rid off, a one-time virtual credit card number, then i'd go on this in a second.
I know there are various other sites that do the same, but most are probably scams. At least i would trust Apple, if they offered this option.
But then, oh wait..... transparency..... well... something has to give somewhere. Apple looks like their moving to the eCommerce type thing anyway, so it makes sense.
- It will probably never be available in Australia.. and
- I do all my transactions online anyway. so even if i did have it available, it'd be useless unless i actually went into store.
If Apple could do bridge -the-gap by offering something similar to what Paypal got rid off, a one-time virtual credit card number, then i'd go on this in a second.
I know there are various other sites that do the same, but most are probably scams. At least i would trust Apple, if they offered this option.
But then, oh wait..... transparency..... well... something has to give somewhere. Apple looks like their moving to the eCommerce type thing anyway, so it makes sense.
In Europe and a few other regions, a credit card with an EMV chip has a PIN.
However, the EMV implementation in the US will still largely be signature verification. It's disappointing.
----------
It doesn't rely on Apple servers. But, it does rely on backend servers (by the brands) to do the tokenization, and those haven't been available.
I'd like to see clarification that the
A single pin number isn't secure enough to give free access to 'all' your cards.
The
Watch is compatible with the iPhone 5, 5c, 5s, 6, & 6+. To enable Pay on the watch you must enter a PIN each time you put the watch on. Take it off? You have to reauthorize it before purchases are able to be made. NFC TouchID authorization is limited to the 6 & the 6+. The watch has a secure enclave that will hold your DAN numbers but must be authorized each time you put it on.If a thief takes your watch, they won't be able to pay with your cards because they don't have the corresponding phone and PIN. If they take your phone and your watch, then they won't have your PIN to unlock it. If they do have your PIN, then you are screwed haha
Maybe that's an American thing, Credit cards have pin numbers in the UK. I also used to check customer's names years ago when I worked in a shop. A few times people would try to use their partners card or didn't bother to sign the back... I always pointed it out to them.
That's basically my point. If Apple made TouchID a requirement, the whole thing would be much more secure.
Last edited:
The U.S. still can't handle the thought of dollar coins, premature to say this will take over the world.
