A Comprehensive Outline of the Security Behind Apple Pay

[spectrumfox]

Oh my. A lot of Kool-Aid being served in the forums here today.

 

[rsocal]

So your biggest concern is that a court is going to order you to unlock your phone with your fingerprint? That’s… an interesting concern.

Simple solution for you. Before you show up for your court date, do an activation lock on your phone, then refuse to enter your password. Way to stick it to the man, bro!

On another note, what does the court wanting to unlock your phone have to do with Apple Pay? Are they planning on using it to order breakfast?

This is to funny

 

[Menel]

Will. Not. Trust.

But you trust Target, HomeDepot, Neiman Marcus and every other mom and pop retailer who scans and stores your Credit Card Account Number?

There is just no logic with some people...

 

[osofast240sx]

Which is why I'm excited for Apple Pay. The more places that put NFC POS terminals in their stores, the more places I can use Google Wallet.

----------



Yes, backend software

we get it already your a andriod user. But u loose Pay extra layer of security

 

[spectrumfox]

Apple: setting the example of security and privacy for Google and the NSA since forever.

we get it already your a andriod user. But u loose Pay extra layer of security

Apple Pay, from the makers of The Fappening.

Coming soon to an iPhone near you.

 

[emir]

We'll wait for this to start in the US
We'll wait for it to catch on and become huge in the US
We'll wait for it to be international
We'll wait for it to arrive at our country in this one hip place
We'll wait for it to get adapted and become widespread

I wish this whole process could be faster.

 

[SirLance99]

we get it already your a andriod user. But u loose Pay extra layer of security

Ummm, I bought a iPhone 6+ 128GB SG buddy. I just use all devices that come to market. I also can guarantee that I'm just as secure using any device. There would be no way for you to be able to use my Google Wallet if you stole one of my Android devices. No way.

 

[cocky jeremy]

A password isn't secure either.

As far as I understand it, if someone robs you, they just take your watch, demand your pin/password, and tap it in to check it. The watch won't even need the pin to be entered again as the thief goes on a major shopping spree at your expense.

A password is secure if you make a good one. abc123 isn't going to cut it though. lol.

 

[G4DP]

A credit card doesn't have a pin - only a debit card does, and nobody checks the name on the card

That's complete crap. Every bank card issued has a pin number.

 

[Eriamjh1138@DAN]

Apple: setting the example of security and privacy for Google and the NSA since forever.

According to the police, pedophiles will love it. /s

 

[roland.g]

Ignorance breeds ignorance.

And disinformation breeds misinformation.

The great thing is what other people think and say, is that it really doesn't have an impact on what you choose to do.

 

[callea]

Security is good, and this sounds like good security. I'm still a little bummed that you have to buy a 6 to use it.

If you want to drive a car you have to buy a car not a bike...

 

[spleck]

You mean that convoluted system that required a perfect copy of the persons fingerprint and something like four hours of fabrication? I wouldn't really call that "hacked." By the time they got a dummy fingerprint made up, I'd have realized my phone was missing and locked it via iCloud.

The "hacker" also used his own phone/print so that he would have unlimited tries. He admitted that would not be the case when trying to hack someone else's phone, as it has timed lockouts after successive TouchID failures.

 

[GeneralChang]

Oh my. A lot of Kool-Aid being served in the forums here today.

Yes, that's why people are dying all over the place. Apple forums are responsible for the ritualistic suicides of thousands of religious cultists daily.

Also, it's Flavor Aid. To be clear.

 

[eac25]

That's complete crap. Every bank card issued has a pin number.

Um, "every"? Also complete crap.

 

[GeneralChang]

That's complete crap. Every bank card issued has a pin number.

Yeah, and most banks prefer to issue debit cards, or check cards (same thing). Most banks will also team with a credit card provider to give you credit-car-like features on your debit card, which is why I don't have to enter a pin at the gas station (it defaults to reading the card as credit instead of debit).

But as far as I'm aware, it it's got a pin it's a debit card.

 

[osofast240sx]

According to the police, pedophiles will love it. /s

Police would stoop that low and make that statement they need to do their job the old-fashioned way.

 

[mdelvecchio]

Will. Not. Trust.

fear is the mind killer.

----------

A password isn't secure either.

As far as I understand it, if someone robs you, they just take your watch, demand your pin/password, and tap it in to check it. The watch won't even need the pin to be entered again as the thief goes on a major shopping spree at your expense.

i live in a tourist neighborhood next to a bad neighborhood -- people are getting mugged all the time. have not heard of a case where the thugs wait around for authentication credential exchanges.

they take the goods and get out, in seconds. maybe hit you in the head for kicks.

----------

Apple Pay, from the makers of The Fappening.

incorrect. the fappening was possible due to social engineering and the darknet of password crackers.

 

[iVituperative]

 

[Arsenikdote]

Exactly! No portion of this is particularly "new", nor does it offer end users any real security benefits.

If you have a non-US issued contactless credit/debit card you have very similar technology in your wallet already.

I am not going to say flat out that you are wrong but I am pretty sure you are. The tech in your wallet is something that does not have a randomized token for every transaction. It has a two step authentication, but it is not unique for that transaction. On top of that, the people where you are making the purchase at, still get your information, such as name, card number, etc.... Apple Pay not only make the buying process anonymous from the people you purchase from but also uses a randomized token for every individual purchase, that token coming from the authorization of your fingerprint.

 

[gaximus]

I don't think anybody is saying this will replace currency. I mean, they're not trying to get people to use Apple Bucks, or something stupid like that.

For me, however, there's a good chance it'll replace my credit cards. And while you're right, that's just a convenience thing, I don't carry cash. So that would replace my wallet. So Apple's claim is pretty on the nose for my personal use case.

Now if I could just get it to replace my drivers license.

It would be nice if police (or anyone needing your ID) could scan a QR code and pull it up. So you get pulled over, just use your phone and they scan it. This would also allow them to look up people faster, and would be harder to fake an ID

 

[spectrumfox]

incorrect. the fappening was possible due to social engineering and the darknet of password crackers.

Anything you need to tell yourself to feel safer about having Apple handle your financial information.

 

[flat five]

The beginning of a "Cashless Society" is approaching.

nah.. it's been 'approaching' for quite some time now.. for instance, 5% of u.s currency is in the form of cash... the other 95% exists only as numbers in computers.

 

[AppleScruff1]

I don't think anybody is saying this will replace currency. I mean, they're not trying to get people to use Apple Bucks, or something stupid like that.

That's coming with version 2 of ApplePay.

 

[Fenez]

They are all tokenized ....windows, android, its not new. What's new is the touch I'd. Japan has been tokenization since 2007.