They'd better be testing the hell out of it -- and I'm sure they are. Given the news of the last two weeks or so, Apple should be checking the code obsessively. They know that if they screw up Apple Pay and people start having strange transactions showing up on their bank statements because some group figured out some off the wall way to compromise the system in a way Apple hadn't anticipated, Apple Pay is toast.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
A Comprehensive Outline of the Security Behind Apple Pay
- Thread starter MacRumors
- Start date
- Sort by reaction score
They'd better be testing the hell out of it -- and I'm sure they are. Given the news of the last two weeks or so, Apple should be checking the code obsessively. They know that if they screw up Apple Pay and people start having strange transactions showing up on their bank statements because some group figured out some off the wall way to compromise the system in a way Apple hadn't anticipated, Apple Pay is toast.
Though I am behind this, since it sounds so much more secure than a regular cc, I hope smaller merchants don't drage their feet cause I still end up having to carry around a cc. Would be nice to just be able to carry my phone with me, for example to a bar.
After all these flawed iOS 8 releases, how will Apple give their customers the peace of mind with Apple Pay?
Yesterday I texted a friend via iMessage, another friend of mine got the text. And I don't mean it as in I did it by mistake. It opened up an entire other person. I've never had this happened to me before.
The iPhone crashes on landscape mode, freezes, sometimes even shuts off.
How has Apple sunk this low?
Yesterday I texted a friend via iMessage, another friend of mine got the text. And I don't mean it as in I did it by mistake. It opened up an entire other person. I've never had this happened to me before.
The iPhone crashes on landscape mode, freezes, sometimes even shuts off.
How has Apple sunk this low?
Like you always do. The merchant and the bank will have a transaction ID they can reference. Just as the bank knows who to charge, they know who to credit for a reversal.
The difference is that the merchant doesn't have your CC#, so they can't issue fraudulent charges going forward, nor can they be hacked in such a way that someone else could.
This is actually kind of funny when u think about it..
We all have Touch ID, and Apple claims it's secure... (Yes, secure, by no one else an get at it *except* you can compelled by a court to use your finger)
Password, something we know, based on how complex we entered them in originally, they will hold up in any court, since u aren't forced to revel your password anyway. But your finger-print ? Very true...
Turns out, Touch ID may not be as secure as we think isn't as secure as we think is it?
Personally, my passwords, stay as "my" passwords and i only know a few off hand. I do use Touch ID, but not for important stuff.
We all have Touch ID, and Apple claims it's secure... (Yes, secure, by no one else an get at it *except* you can compelled by a court to use your finger)
Password, something we know, based on how complex we entered them in originally, they will hold up in any court, since u aren't forced to revel your password anyway. But your finger-print ? Very true...
Turns out, Touch ID may not be as secure as we think isn't as secure as we think is it?
Personally, my passwords, stay as "my" passwords and i only know a few off hand. I do use Touch ID, but not for important stuff.
Our company accepts pre-authorised emv tokens from ecommerce sites so we can then process payments when we despatch goods. We never see any customer account details other than the card type.
This token and refund amount (along with a payment reference) gets passed back to the payment provider who then refund back to the original card.
From what I've read the apple pay system is just an extension of this type of transaction with some additional security features
Apple pay sounds like a nice system. It also sounds like it won't work to replace the Chicago mass transit cards, like you can do with Google Wallet and NFC. That's kind of a bummer.
And to those that worry about the finger poachers, realize your iPhone 6 Plus has the security feature of being easily and quickly folded in half to thwart bad guys (those of us with iPhone 6s will just have to come up with other plans to overcome the defect of ruggedness).
And to those that worry about the finger poachers, realize your iPhone 6 Plus has the security feature of being easily and quickly folded in half to thwart bad guys (those of us with iPhone 6s will just have to come up with other plans to overcome the defect of ruggedness).
Last edited:
So your biggest concern is that a court is going to order you to unlock your phone with your fingerprint? Thats an interesting concern.
Simple solution for you. Before you show up for your court date, do an activation lock on your phone, then refuse to enter your password. Way to stick it to the man, bro!
On another note, what does the court wanting to unlock your phone have to do with Apple Pay? Are they planning on using it to order breakfast?
False and false.
You two FUD spreaders are why this article and articles like it exist.
The tokenization standard was published in March, OF THIS YEAR, EMV Chips are much older, and do not support this.
Some quick research of public docs to help you guys understand. THIS IS ALL NEW.
http://www.paymentssource.com/news/...traction-in-target-breach-case-3016716-1.html
http://www.firstdata.com/downloads/thought-leadership/EMV-Encrypt-Tokenization-WP.PDF
EMV chip is **** compared to EMV tokenization... which Apple Pay implements, and is the first to implement.
It's a lot safer, because you don't enter your PIN in public. You put on your watch, enter the PIN (likely in your bathroom) and it works as long as you don't take off the watch. Nobody sees you entering the PIN.
You're partly right and wrong. If you stole my phone, you'd have to know my pin to get into the phone. After you figured that out and found the Google Wallet app, you'd have to know my pin (which is different) to get into the app. Even then you can only see the 4 digits of the card. By then I would have had the phone remotely wiped anyways.
I'm curious about some things.
Do we sign anything for credit card purchases over 50 dollars?
I am also curious about mobile to mobile payments, where the Square Card Reader would be used currently. Can I use my iPhone 6 and pay someone else who has a iPhone 6?
Do we sign anything for credit card purchases over 50 dollars?
I am also curious about mobile to mobile payments, where the Square Card Reader would be used currently. Can I use my iPhone 6 and pay someone else who has a iPhone 6?
That's my number one concern. Rather than inventing trivial, elaborate scenarios about theft I want to know how I can return an item I purchased.
----------
Well stupid cheapos should just get a 5s or newer iPhone then! Problem solved!!!If you have a 5 or a 5c then you deserve to get robbed!!! (just joking of course)
Simple. You take the item back and return it. I've done it with Google Wallet and the money showed back up just like normal.
----------
It'll be another year before this really takes off anyways. For Apple Pay or Google Wallet. So no need to worry.
I have emailed my (city) credit union already, and plan to follow up in person. That's what you need to do, remind them that they have members who are interested in using this secure technology. Remember, the point of a credit union was originally that it met the needs of its members.
As a victim of the Target data breach, and only days outside of the Home Depot data breach dates, I'm very excited at the prospect of Apple Pay, and am trying to encourage my credit union to move on this quickly.
Which is why I'm excited for Apple Pay. The more places that put NFC POS terminals in their stores, the more places I can use Google Wallet.
----------
Yes, backend software
Credit cards are designed for a bygone era. Actual secure information is just written on them in plain text, complete with raised letters that were able to be carbon copied (in my teens I worked at a bank and had to do this for cash advances). You have to hand your card to a waitress, who takes it to some back area to process the transaction. Scary stuff. Security involves signing it. I can't wait until this new payment system is widespread. For as many imaginary things people list that could defeat this system, the current system is much more flawed and easy to hack. People just don't like change—but this is certainly an instance where we should welcome it. I'm excited to get started!
Not even close. Google Wallet is nothing like ApplePay. Google Wallet pre-dates the March 2014 EMVco tokenization standard ApplePay is based on. How could it implement something that did not exist?
Google Wallet doesn't issue transaction specific tokens. ApplePay does.
GW holds your credit card number. ApplePay does not.
GW processes transactions on a proxy CC. ApplePay does not.
GW you don't get merchant specific rewards. ApplePay you do.
I wonder how many people mistype their PIN because they can't see what they're typing because their hand is covering the PINpad... ;-)
On the other hand - everything is secure if you're careful enough... If you're careful to never get a card you actually achieve zero risk. Well, on that front, anyway.
Food for thought: "When trying to create a system that is foolproof, one should never underestimate the creativity of a fool." [Or nearly that.] -- Douglas Adams