Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
You have it backwards. It's Apple that's greedy, wanting a piece of each transaction while doing absolutely nothing during a purchase. At most, they deserve a small registration fee for each new card added via their servers, since that's the only time they do anything to earn it.

Worse, Apple wants a ridiculously high amount:

For example, Interac charges its members 0.6 cents per debit transaction. Apple wants 0.5 cents per debit transaction. For doing nothing.

With credit cards, Apple wants 10% of the transaction fees. For doing nothing. To any bank CFO, that's a major hit.

In return, the banks get what? A minor bump in small contactless payments at first. They have little incentive from a security standpoint since they long ago moved to chip & PIN.

If Apple would be happy with just their already huge profits from selling NFC client devices, and not also demand a percentage of each purchase, then banks all over the world would sign up. Instead, Apple leverages its customer base as a product to be sold, something that Cook likes to point at Google for doing.


Your cold hatred of Apple knows no bounds does it? Can you just get a real life for a change and ignore Apple and live a happier life?

To point out your complete ignorance, Apple provide and encrypted service with Apple Pay, but you clearly haven't watched the keynote or researched it at all. The encryption is the most secure payment service yet available.

With Apple Pay, no credit card data, even in encrypted form, is ever stored on the iPhone or on Apple's servers. Similarly, no credit card data is ever transmitted to or stored on a merchant's servers.

When a user first signs up for Apple Pay, either via an existing iTunes credit card or by loading a new one onto the iPhone, the card information is immediately encrypted and securely sent to the appropriate credit card network. Upon determining that the credit card account is valid, a token is sent back down to the device whereupon it's safely stored within the iPhone's secure element. A token is used in place of an actual credit card number and is what Apple, in its marketing materials, refers to as a unique Device Account Number.

The token itself, as implemented in Apple Pay, is a randomly generated and unique 16-digit number that ostensibly resembles a valid credit card number but is, in fact, fundamentally useless. Think of the token as nothing more than a placeholder or reference ticket for your actual credit card information. The only thing a token has in common with its corresponding credit card number are the last 4 digits on the card. Tokens by themselves are worthless and cannot be decrypted. You could hand the most talented hackers or cryptographers a list of millions of token numbers and it would be of no value to them.

As an additional layer of security, there are mechanisms in place to ensure that the token itself is bound to the phone on which it's stored and can never be used from another device.

Once a transaction is underway, the iPhone sends the token (which again, acts as a stand-in for the real credit card information) to the merchant which, in turn, sends it to the credit card network where it is mapped back to the corresponding credit card account that created it. The card network ultimately contacts the issuing bank for authorization. If the card is approved, the issuing bank sends a message all the way back down the line to the merchant indicating that all systems are go and the transaction can proceed.

This process is leaps and bounds safer than traditional credit card terminals because merchants transact exclusively in tokens and are never in possession of user credit card information.

With a service like Apple Pay in use, large credit card breaches at companies like Target and Home Depot become ancient history because there are no credit card numbers to steal in the first place. What's more, Apple Pay's use of tokens eliminates common threats such as man in the middle attacks and good ole' fashioned credit card skimming because, again, actual credit card information never touches the merchant.

The use of a token, though, is just one part of the puzzle that makes Apple Pay so secure.

Per the aforementioned EMV Payment Tokenisation Specification, completing a token-based transaction from a mobile device requires a form of personal authentication, which is where the simplicity of Touch ID rears its beautiful head. Instead of having to clumsily enter in a one-time password (static authentication data such as a PIN cannot be used), the payment process is finalized when a user authorizes it with Touch ID.

But there's a whole lot more to Apple Pay than Touch ID and the simple handing off of tokens. Providing an additional layer of security, an Apple Pay-equipped iPhone at the time of each transaction also sends a dynamically generated CVV up the chain along with a cryptogram. The CVV is the three-digit string located on the back of your credit card and, in the case of Apple Pay, is a algorithmically-generated dynamic string that's tied directly to the token.

The important thing to remember, though, is that the cryptogram is effectively a one-time use digital signature that verifies that the token in transit originated from the device being used. Additionally, the cryptogram includes pertinent transaction data such as the identity of the merchant and how much is being charged.

There are two important facts here to remember:

  1. Tokens cannot be used without an accompanying cryptogram
  2. The cryptogram ensures that a token can only be used from the device on which it was initially loaded
So your comment that Apple does nothing when providing their service is a complete lie. An apology will suffice.

Next time instead of going on your typical anti Apple rant, get your facts right first. Apple have created something unique and have every right to ask for a small amount in recompense for their unique encryption services. Then again, you're the kind of person who hold faith in companies like google and samsung, but choose to degrade Apple. Your bias knows no bounds.

Forget Apple and have a good life my friend.
 
Could be.

According to Apple's security documents, every time you use Apple Pay, your location (and date/time) can be anonymously sent up to the mothership, to "improve the accuracy of business names in your transaction history", among other reasons.

That could be used to to create a directory map of stores which take NFC payments, which would be quite handy.


I think you're confusing Apple with google pal. But feel free to back up your claim that Apple collects your location data etc. Are you at all aware of how the Apple Pay token system actually works?

Good question. The answer is nope.

Apple has nothing to do with the account number tokenization.

That valuable piece was designed by, and is handled by, the credit card schemes (MC/Visa/AMEX), who created a standard for it almost a couple of years ago.

Apple simply installs the token they're given back during a card registration. And of course, Apple's servers are not involved during a purchase.

I'm confused. You say "And of course, Apple's servers are not involved during a purchase.", but in a previous post you claim Apple collect location date/time data? Care to explain this anomaly, or is it just more anti Apple FUD you keep coming here to propagate?
 
Last edited by a moderator:
I am really looking forward to see Apple Pay can be supported in Australia nationwide. Then I can simply use my IPhone 6 Plus to tap...uh, to pay something, at supported stores.
If I can tap on and tap off using only iPhone, I would not need to carry that Opal card all around.

If I could tap on and tap off using only my iPhone, I wouldn't need to carry my Go Card around with me all the time.
 
I don't get it guys. I was back in Australia last Christmas and my iPhone 6 with Apple Pay worked everywhere. Coles, Woolies, Aldi, petrol stations, restaurants, bars. The only two places it didn't work was Telstra and Dick Smith. The only reason that Aussies can't use Apple Pay is because no Aussie banks support it. I was visiting from the US and both of my US credit cards with are linked to my Apple Pay worked fine. Australia had legislation to update payment terminals years ago and they seem to support Apple Pay by default. It was an amazing experience to have support everywhere rather than here in the US where it's the retailers that suck rather than the banks.

Ok I don't know how you managed that because IOS has disabled Apple Pay at a region level for Australia.. How did you enable it and then actually add a card in? Or are you using a US card(s)?
 
Once they replace every normal and known brand with their own Woolworths brand (currently at like 25% of all items) people will catch on and stop going there.

That's a world-wide trend. "Own brand" sales are now well over half of all grocery sales in the UK. Some supermarkets like M&S (high end) and Aldi (low end) sell almost entirely "own brands".

Australia and NZ are perhaps a bit unusual (when compared to North America and Europe) in their continuing attachment to brands, and it's reflected in the prices they pay. So if you ask me, it's a good thing if Woolworths and others are pushing own brands a bit harder now.
 



Apple Pay badges have been added to Apple Maps listings for select Coles and Woolworths supermarket locations in Australia, as spotted by multiple users on discussion forum AppleTalk Australia. The badges are normally reserved for locations that accept Apple Pay, which is noteworthy given the mobile payments service has yet to officially launch in Australia.

Apple_Maps_Australia_Apple_Pay.jpg

Apple Pay badges added to some Apple Maps listings in Melbourne, Perth and Sydney

The badges appear in Apple Maps for select Coles and Woolworths store listings in or near large Australian cities such as Brisbane, Melbourne, Perth and Sydney. Many other Coles and Woolworths listings do not have the badge, nor do large Australian chains such as McDonald's, so it remains unclear if they were added by mistake, or are indicative of forthcoming Apple Pay support in Australia.

Apple Pay launched in the U.S. in October 2014 before arriving in the U.K. last July, but Apple has remained quiet about its plans to expand iPhone-based contactless payments to additional countries. In August, Fairfax Media reported that Australian banks oppose Apple sharing a portion of the $2 billion interchange fees they collect from merchants each year in return for use of payment infrastructure.

Australia is a well-prepared candidate for Apple Pay, as contactless payments technology has been widely adopted throughout the country over the past few years. Several retailers that support Apple Pay in the U.S. and U.K. also operate in Australia, including Aéropostale, Apple, Babies "R" Us, Champs Sports, Foot Locker, GameStop, McDonald's, Nike, OfficeMax and Subway.

Beyond Australia, The Wall Street Journal previously reported that Apple is planning a November launch of Apple Pay in Canada, which was likely prematurely leaked by TD Canada Trust last week. Apple has reportedly been in talks with Canada's six largest banks, including the Bank of Montreal, CIBC, National Bank of Canada, Royal Bank of Canada, Scotiabank and TD Canada Trust.

Update: Apple Pay badges have also been spotted on some Apple Maps listings in Canada, Czech Republic, Finland, Germany, Poland and Singapore.

Article Link: Apple Pay Badges Appear in Some Maps Listings in Australia, Canada, Singapore and Europe

It showed up in the Netherlands as well.
 

Attachments

  • image.png
    image.png
    493.2 KB · Views: 170
Last edited:
Interesting. At the Verifone Retail Payment Conference last week, VISA had a talk where the presenter said that Apple approached them regarding tokenization, and they built the tokenization system for them.

Yes sir, I'm sure they did approach them about it. I'm more positive that Visa was already planning on doing it. Heck, everyone was interested in using tokens. Google Wallet had been using a token account number since 2011. Mastercard had built a token service. Various data breaches had raised the public's awareness of storing the real account number. It's a given that Visa would implement a token service.

Apple might've been the first user for Visa's new service, but it was not created only for Apple. Visa sells the same token services to anyone.

That's because token services are lucrative for the networks. E.g. Mastercard charges 50 cents to provision a token, 10 cents a month to keep each token "alive", and 2.5 cents every time a party accesses its token/untoken API services.

That is solidly untrue. Rather, your implication is untrue. Tokenization was not invented by Apple, but Apple Pay is the only NFC-based system to implement the standard so far.

In reverse order: according to ArsTechnica, Samsung Pay also uses EMV tokenization in its NFC mode.

As for implications, I'm simply stating the fact that tokenization is not done by Apple. It's done by the credit card networks behind the scenes. That's why payment systems -- from the device to merchant to acquirer to bank issuer -- do not need to know that they're dealing with tokens at all.

Please recall the question I was responding to:

Isn't Apple's "value add" that they're tokenizing the customers true card number, essentially making it worthless if intercepted via a hack like used at Target/Home Depot?

And my response was that Apple does not tokenize anything. The value of tokenization is added not by Apple, but by each credit network's backend systems, which can be used by any payment or storage system.

So it would be more correct to say that the credit networks' (e.g. Visa's) tokenizing adds value to Apple Pay, not the other way around.

TL;DR - Tokenization is not one of the reasons banks pay Apple a fee per transaction, as that's not done by Apple. Instead, the banks have to pay the credit networks for tokenization.
 
Last edited:
Your cold hatred of Apple knows no bounds does it? Can you just get a real life for a change and ignore Apple and live a happier life?

I don't hate Apple. I do dislike internet myths, marketing misdirection, and rude posters.

The rest of your post is a copy & paste from Engadget.

http://www.engadget.com/2014/10/02/apple-pay-an-in-depth-look-at-whats-behind-the-secure-payment/

In the future, just use a link, instead of making it seem like you wrote it yourself.

I think you're confusing Apple with google pal. But feel free to back up your claim that Apple collects your location data etc.

"If you have Location Services turned on, the location of your device and the approximate date and time of the transaction may be sent anonymously to Apple. Apple uses this information to help Apple Pay improve the accuracy of business names in your transaction history and may be retained in the aggregate to improve Apple Pay and other Apple products and services." - https://support.apple.com/en-us/HT203027

Just as I said.

Are you at all aware of how the Apple Pay token system actually works?

You must be new here to ask such a question. Search back and you'll find that I was the first to reveal many of its details.

I'm confused. You say "And of course, Apple's servers are not involved during a purchase."

For a contactless transaction, the corresponding payment applet (written by the credit network for the card type being used) in the phone's (or watch's) Secure Element talks directly over NFC with the merchant terminal.

Apple's servers are not involved in the actual NFC purchase communications at all.

... but in a previous post you claim Apple collect location date/time data? Care to explain this anomaly, or is it just more anti Apple FUD you keep coming here to propagate?

Read Apple's statement about collecting location/date/time above. Apple is sending the info to themselves outside of the transaction. Hopefully only over WiFi.
 
Last edited:
Banks better make nice with Apple, or they risk forcing Apple to become a direct competitor (sooner).

Haha, no, Apple has nothing on the banks here. Apple either "makes nice" with the Aussie banks here, or they can shove their Apple Pay service. Australia has had contactless payments for years now, I'd say 99% of all retailers have NFC terminals.... Apple is no competition.
 
  • Like
Reactions: big-ted
I have been using Apple Pay all over the place in Australia for the last year. The only difference is that soon you might be able to do it from accounts drawn on Australian banks, as opposed to US banks. (I have US cards).

The technology has been here for years, the only thing missing was contracts between the banks and Apple.
 
  • Like
Reactions: satcomer
What I cant figure out is why apple pay isnt in the Netherlands yet.

It may have to do with banking regulations, there were some issues with the revenue model and Canadian banking regulations.

Also, the base pricing would raise transaction processing by $0.25 per $100 which in the grand scheme of things is actually quite significant.

RBC better not be douches and hold out because if this comes to Canada and they don't have it at launch I am switching

The Canadian banks formed a consortium to negotiate with Apple and to work out the regulatory issues - I'm sure when it launches everyone is getting it at the same time, or very close to each other.

Japan, for all its claims of being a First World country, shows how bass-ackwards it is when it comes to initiatives such as Apple Pay. :(

Japan for all its love of technology is surprisingly behind on several aspects, and I think mobile technology is one of them.

Yes, realized after I posted it, but it means that RBC is capable of doing this

Many Canadian banks with US operations have separate backends that are no integrated (yet) - this comes from the fact the US divisions were acquired and not expanded out of Canada. Of course this is not to say the experience in the US won't benefit as many banks of the same tech people working on both systems or at least have the ability to cross pollinate experience between the divisions.
 
Last edited:
I *think* Sports Direct have acquired the business name from the Littlewoods catalogue group with a few to re-establishing it on the High Street.

I hope they do... Can use Apple Pay for my Pick N' Mix then haha!

Girlfriend says Woolworths still exists online here, didn't know that!
 
I am so looking forward to Apple Pay coming to the Netherlands. There's tons of NFC terminals around, so it's up to the banks and of course Apple to make it official. Hope we get some more information during the conference call tonight. :)
 
It may have to do with banking regulations, there were some issues with the revenue model and Canadian banking regulations.

Also, the base pricing would raise transaction processing by $0.25 per $100 which in the grand scheme of things is actually quite significant.
Wow, thats quite a lot, I didn't even know that. Kind of makes sense now however ING has said they will support apple pay, so something else must be holding them up too.
 
Ok I don't know how you managed that because IOS has disabled Apple Pay at a region level for Australia.. How did you enable it and then actually add a card in? Or are you using a US card(s)?

You change you region (or in this case had it set by default) to USA...it's simple, you can do it now and wallet will ask you to set up apple pay, and it will fail to authenticate you Australian CC's
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.