Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

A Comprehensive Outline of the Security Behind Apple Pay

Tech198 said:
I was actually jumping for joy, till i realized two things :-

- It will probably never be available in Australia.. and
- I do all my transactions online anyway. so even if i did have it available, it'd be useless unless i actually went into store. :p


If Apple could do bridge -the-gap by offering something similar to what Paypal got rid off, a one-time virtual credit card number, then i'd go on this in a second. :)

I know there are various other sites that do the same, but most are probably scams. At least i would trust Apple, if they offered this option.

But then, oh wait..... transparency..... well... something has to give somewhere. Apple looks like their moving to the eCommerce type thing anyway, so it makes sense.
Click to expand...

They are planning on adding :apple:Pay support to apps so you could still use it that way.
 
downpour said:
A password isn't secure either.

As far as I understand it, if someone robs you, they just take your watch, demand your pin/password, and tap it in to check it. The watch won't even need the pin to be entered again as the thief goes on a major shopping spree at your expense. :(
Click to expand...

I'd be nervous about the security of the Apple Watch. It's only slightly more secure than a Chip and PIN system. If someone sees you enter your password or PIN on the watch then all they need is the watch. The same goes for the chipped card and your PIN. With all the cameras around, someone could watch you enter your password or PIN, then steal your watch or wallet.

The iPhone is more secure, since duplicating your fingerprint is not trivial.

Stealing your wallet means that a low-tech thief has access to all your credit card account numbers and your ID. An iPhone thief can't even get into the device. They'll be able to see your emergency contacts, and possibly your name and a list of your medications and allergies. If they do manage to get in, the credit card numbers aren't even stored on the phone. Just part of the token, which they can't use without your fingerprint. Even if they have your fingerprint, you can remotely wipe the phone, or just turn off Apple Pay remotely. You don't even have to go through the hassle of canceling your credit cards.

A determined thief could drag you at knifepoint from Boots to Best Buy to B & Q (or CVS TO Best Buy to Home Depot), and make you enter your fingerprint in the presence of the cashier. No card payment system or cash is going to protect you from that thief. But the usual kind of fraud is made next to impossible by Apple's system (and the similar systems that will undoubtedly come from other vendors soon).
 
Amazing technology and solution... Too bad my crap country will adopt it in like 10 years :(
 
GeneralChang said:
You mean that convoluted system that required a perfect copy of the persons fingerprint and something like four hours of fabrication? I wouldn't really call that "hacked." By the time they got a dummy fingerprint made up, I'd have realized my phone was missing and locked it via iCloud.
Click to expand...

I was going to reply to his comment, but you did a far superior job! Thanks. :cool:
 
Dionte said:
How do you get refunds?
Click to expand...

That's my number one concern. Rather than inventing trivial, elaborate scenarios about theft I want to know how I can return an item I purchased.

----------
downpour said:
That's basically my point. If Apple made TouchID a requirement, the whole thing would be much more secure.
Click to expand...

Well stupid cheapos should just get a 5s or newer iPhone then! Problem solved!!! :D If you have a 5 or a 5c then you deserve to get robbed!!! (just joking of course)
 
DotCom2 said:
What I don't understand then is why did BestBuy and Wal-Mart blatantly come out and say they were NOT supporting Apple Pay?
Click to expand...

They said they are not supporting NFC. Which in turn blogs turned into not supporting Apple Pay.
 
doelcm82 said:
I'd be nervous about the security of the Apple Watch. It's only slightly more secure than a Chip and PIN system. If someone sees you enter your password or PIN on the watch then all they need is the watch. The same goes for the chipped card and your PIN. With all the cameras around, someone could watch you enter your password or PIN, then steal your watch or wallet.
Click to expand...

The watch is paired with your phone when you put the watch on (which you have to actively make the pairing). Once the watch senses that it lost contact with your skin then the pairing is broken and the watch will not work with making payments.
 
Does anyone know if you need Internet to use this?

Some shops have counters way at back and you can't reception.
 
kas23 said:
Yeah, I bought a 6+. Absolutely horrible.

/sarcasm
Click to expand...

It’s a money thing. I don’t have the funds to spend on a new phone, and I’m on the s upgrade cycle with my carrier. So it’ll be another year before I’m looking at a phone with NFC.
 
gadgetguy03 said:
That's my number one concern. Rather than inventing trivial, elaborate scenarios about theft I want to know how I can return an item I purchased.
Click to expand...


From the linked article, which in turn references a 2012 white paper from First Data on the benefits of tokenization:

The token can be used just like the original card number for business functions such as returns, sales reports, marketing analysis, recurring payments, and so on, but cannot be used to conduct a fraudulent transaction outside the merchant environment. The aim of tokenization is to remove the card information from the merchant environment as completely and quickly as possible (thus addressing the root cause of data security issues) while maintaining existing business processes.
 
vpndev said:
So, if that's the case, why is it not available until some time later this month?

Just because Apple Marketing is drrraaaaggging it out for maximum media impact? Somehow I doubt that.

If these folks have NFC POS -- why stop customers from spending money ??
This does not make sense. At least, not to me.
Click to expand...

Some back end work needs to be done at the banks, and given the problems with iOS 8, some serious QA on the software on the phone.
 
vpndev said:
So, if that's the case, why is it not available until some time later this month?

Just because Apple Marketing is drrraaaaggging it out for maximum media impact? Somehow I doubt that.

If these folks have NFC POS -- why stop customers from spending money ??
This does not make sense. At least, not to me.
Click to expand...

I have no clue as to why Apple is making us wait. Code isn't complete? Don't know.

I do know that's it's just NFC and it'll work everywhere Google Wallet currently works at. You know, the 220,000 stores that Apple said that Apple Pay will work at. Yeah, Google Wallet already works at all those places.

Apple just has to turn it on.
 
Bahroo said:
Like I was saying all along(not necessarily on here lol). Apple is going to revolutionize mobile payment, late to the party, but IS the party, I kept telling everyone they are going to use the best and most advanced tokenization technology around, with other security layers on top of that, this is actually trans formative to and for the industry.
Click to expand...

This one time at band camp ........
 
Diode said:
Replacing cash - no - replacing carrying your credit cards - hopefully.
Click to expand...

I hope so. I hope within the next 12 months, we'll see Apple Pay roll out to pretty much every major retailer and many small retailers. If it takes Apple Pay more than 12 months to catch on, I'll fear that it's going the way of iBeacons -- which, except for a few select places, is basically a flop as of right now.

However, because Apple Pay has the support of the major credit card companies and large banks, it seems to me that Apple Pay is almost guaranteed to be a mainstream payment method within the next 12 months.
 
GeneralChang said:
You mean that convoluted system that required a perfect copy of the persons fingerprint and something like four hours of fabrication? I wouldn't really call that "hacked." By the time they got a dummy fingerprint made up, I'd have realized my phone was missing and locked it via iCloud.
Click to expand...

You would also realize your finger was missing.
 
SirLance99 said:
I have no clue as to why Apple is making us wait. Code isn't complete? Don't know.

I do know that's it's just NFC and it'll work everywhere Google Wallet currently works at. You know, the 220,000 stores that Apple said that Apple Pay will work at. Yeah, Google Wallet already works at all those places.

Apple just has to turn it on.
Click to expand...

Maybe coordination with the banks and credit card companies. They have to do stuff on their end too, right?
 
I'm SO TIRED of hearing the "we've had this for 10 years in Europe" crap.

So... you've had a fingerprint scanner to go along with your Chip and Pin system? No.

That is why Apple Pay steps BEYOND the competition and current system here. No one has had this. Stop with the "we've had this" argument.

It's MORE SECURE than carrying any card in your wallet.
 
This is good progress towards better security, but, remember, there is never such a thing as a perfectly secure system. There are only systems so secure they are not worth breaching.
 
patrickbarnes said:
There's not a single novel thing about Apple Pay that hasn't been done by Goigle Wallet.

Tokenization was already done there. The "cryptogram" is a CVV3/dynamic CVV.

The only semi interesting thing is using Touch ID to unlock the Secure Element. And storing card details on device instead of man in the middling like Wallet.
Click to expand...
You're quite mistaken. Google Wallet stores your credit cards on their servers (you got that part right), then issues you a new PAN (CC#) which does not change from transaction to transaction. By storing your CC's, they can track all your purchases, and this allows for CC fraud by skimming, Target/Home Depot level hacks, etc.

Apple never even stores your credit card info anywhere. And if someone gets your token (Google Wallet does not use tokens), they cannot use it!
 
doelcm82 said:
I'd be nervous about the security of the Apple Watch. It's only slightly more secure than a Chip and PIN system. If someone sees you enter your password or PIN on the watch then all they need is the watch. The same goes for the chipped card and your PIN. With all the cameras around, someone could watch you enter your password or PIN, then steal your watch or wallet.

The iPhone is more secure, since duplicating your fingerprint is not trivial.

Stealing your wallet means that a low-tech thief has access to all your credit card account numbers and your ID. An iPhone thief can't even get into the device. They'll be able to see your emergency contacts, and possibly your name and a list of your medications and allergies. If they do manage to get in, the credit card numbers aren't even stored on the phone. Just part of the token, which they can't use without your fingerprint. Even if they have your fingerprint, you can remotely wipe the phone, or just turn off Apple Pay remotely. You don't even have to go through the hassle of canceling your credit cards.

A determined thief could drag you at knifepoint from Boots to Best Buy to B & Q (or CVS TO Best Buy to Home Depot), and make you enter your fingerprint in the presence of the cashier. No card payment system or cash is going to protect you from that thief. But the usual kind of fraud is made next to impossible by Apple's system (and the similar systems that will undoubtedly come from other vendors soon).
Click to expand...

Chip and PIN is very secure if you are careful. You cover the PIN pad with your other hand when you put the PIN in. No one has to see.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back