Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Of course you have a choice.... don't buy something you can't afford. Having a balance on credit card is just stupid and irresponsible.

Like you have a clue about the circumstances of others.
[doublepost=1455655992][/doublepost]
I trust none of those people are hanging around the MR threads looking to pick up the latest tech @ the Apple Store.

Personal finance is ALL about wants and needs.
[doublepost=1455645801][/doublepost]

I trust that most who hang around here aren't major Apple stockholders yet they brag about how much money Apple makes. What does that have to do with the price of grapefruit in Florida?
[doublepost=1455656103][/doublepost]
They have a choice... The spend what they have, and not what they don't have.

If you do that, you'll eventually qualify for a card with the best perks.

See how that works.

Another one who doesn't have a clue about people in need.
 
  • Like
Reactions: MrAverigeUser
Another one who doesn't have a clue about people in need.

If you're in need, you shouldn't have a credit card in the first place.

If I were a bank or credit card network, and the person can't afford to pay off $500-$2,000 a month on their credit card bill, I'm not lending them a card to use.
[doublepost=1455656549][/doublepost]
I don't have a rewards credit card, so there's no point for me. My card is just a low interest card. As for giving merchants my info, well, I trust that the system is not giving it to them. And if anything happens, all I have to do is cancel my debit card (they expire like credit cards too) and get a new one. And tell the bank that I did not make certain purchases.

I'm talking about other situations... Like where you buy something online and it comes damaged but the merchant won't refund you.
 
If you're in need, you shouldn't have a credit card in the first place.

If I were a bank or credit card network, and the person can't afford to pay off $500-$2,000 a month on their credit card bill, I'm not lending them a card to use.
[doublepost=1455656549][/doublepost]

I didn't think you were a bank or credit card network. Or understanding.
 
  • Like
Reactions: MrAverigeUser
Until you learn that the PIN is stored within the chip and wonder what genius thought that was a good idea. While it should be rare, good luck getting money back from the bank because "you must have given your PIN to someone!".
It doesn't have to be stored on the chip. In fact, relatively few countries actually do that.

Actually, most countries do store an offline PIN in the card.

Heck, the whole main point of EMV Chip & PIN cards was so that people could use a card in all the places where online authorization is/was not available. Which was most of the world for a long time. (Whereas the US was always online from the start, which is why chip cards were not seen by the banks as a necessity.)

The PIN storage is totally secure, because it's hidden and encrypted behind the equivalent of a secure element. It's never sent outside the card. Instead, in offline purchase mode, the merchant terminal gives the entered PIN to the card and the card authenticates it.

--

The merchant terminal is the weak link here. A few years back the Russian mob intercepted a large batch of EMV terminals leaving a factory, and inserted an extra WiFi capable module which stored and forwarded the PINs that people entered for their cards. Millions of Euros were stolen before the scheme was discovered. It then took a long time to find all the affected terminals, as each one had to be weighed to find out if it had the extra module or not.

Since the banks did not believe there was any way to steal a PIN (and normally they would be right), they refused for a long time to believe that Chip & PIN card holders had not voluntarily given their PIN to someone else, or had otherwise let people see it. It took years for victims to finally get their money back.
 
Last edited:
Go out and take a look at what is going on right in your community, you'll be shocked.

Dude I make $35,000 a year and had a 670 credit score, yet by local credit union only wanted to extend me a credit card with a $500 limit. Granted it was a card with no fees other than a 10 day late $25 fee and a 8.75% APR card, with 1.5x points on every purchase, but still.
 
Go out and take a look at what is going on right in your community, you'll be shocked.

If you can't afford to pay off your credit card every month, and need the credit card to live, I assume that every month your debt on the card gets bigger and bigger.... then you have no business owning a Smart Phone, or any other Apple product. These are NOT necessities, but luxury items. You don't need a cell phone, or internet, or that 55" 4k TV.

The bottom line is if you are living off charge cards you are living like a rich guy since you are paying 20% or more for everything you buy than I am. It means you have money to burn, wise up, pay off your debt before buying any other luxury items.
 
If you can't afford to pay off your credit card every month, and need the credit card to live, I assume that every month your debt on the card gets bigger and bigger.... then you have no business owning a Smart Phone, or any other Apple product. These are NOT necessities, but luxury items. You don't need a cell phone, or internet, or that 55" 4k TV.

The bottom line is if you are living off charge cards you are living like a rich guy since you are paying 20% or more for everything you buy than I am. It means you have money to burn, wise up, pay off your debt before buying any other luxury items.

Bottom line is there is much to learn about people and what they face in life. You make too many assumptions.
 
The PIN storage is totally secure, because it's hidden and encrypted behind the equivalent of a secure element. It's never sent outside the card. Instead, in offline purchase mode, the merchant terminal gives the entered PIN to the card and the card authenticates it.

I remember seeing a video a while back when chip cards first came to Canada where the guy basically had a laptop in his bag with a cable and fake card running through his sleeve. The fake card was inserted into the terminal and you could enter any PIN you wanted and the chip simply said "Yup, that's right!".

Not sure if they've made improvements to it since.
 
Man, I was in China for a few days last week, tons of people using iPhones. I thought it would have been more Samsung heavy or Android based phones. Apple Pay should take off pretty nicely over there I think.

everyone has alipay. everyone has wechat. even if everyone in the country had an iphone, it'll need something more than "availability" to make waves.

the only killer feature i can think of would be what some american banks are planning; allow access at an atm through quickpass/touch id. i think a lot of atms are already NFC ready, so it may technically be feasible. getting cash with touch id would be handy. i think some of the banks may have a feature where you can use their app to set up a one time code to withdraw cash if you didn't have your card, but this would be an order of magnitude more convenient.

[edit: as a statistic, wechat is a payment option in over 100,000 stores, 80,000 restaurants and 600 parking lots, according to my newspaper that just arrived.]
 
  • Like
Reactions: SHNXX
If Interac is what will be used for Canadian Apple Pay, I think we will be fine as it is accepted pretty much everywhere from what I've seen. I don't own an iPhone, but I'm pretty excited for this anyway! And Apple Pay in France would be nice as well.

It's too bad they can't seem to get Visa for ApplePay Canada since that's what I use for 99% of my purchases

If the Canadian banks get on board (which, with this reference to Interac in the code is likely at least one bank is getting ready to launch) it would be for both Interac support as well as Visa/MasterCard.

The issue for Canadian banks is fees that Apple is demanding. The 0.15% reportedly being paid in the US for credit cards is too much given how little that Apple actually does. And the banks don't make money on Interac transactions.

So likely what they want, and might actually be able to achieve, is dramatically lower fees for credit (in the 0.01-0.03% range I would estimate) and no fees for Interac debit.
[doublepost=1455688529][/doublepost]
Not sure if they've made improvements to it since.

Yes - those exploits were only successful when the transaction did not go online for authorisation. Despite Canada using offline PIN for verification, almost all transactions are authorised online.
 
  • Like
Reactions: kdarling
Timing of arriving Apple Pay in China is not that good. Anyway, I am more looking forward to a massive deployment of Apple Pay in Australia.

By the way, I might have a chance to tell someone, how to use Apple Pay on his/her iPhone 6 Plus.
 
I remember seeing a video a while back when chip cards first came to Canada where the guy basically had a laptop in his bag with a cable and fake card running through his sleeve. The fake card was inserted into the terminal and you could enter any PIN you wanted and the chip simply said "Yup, that's right!".

Not sure if they've made improvements to it since.

Yeah, they're constantly making improvements. It was pretty easy at first to fool merchant terminals. That's because EMV was at first not as much about security as convenience. E.g. being able to pay for a train ticket or parking space at a terminal with no constantly online connection.

One problem that often comes up, is when one of the payment pieces along the way simply fails to follow common sense and check all the card data. Like, there's been cases of payments claiming to be from a chip card, even though the issuer had never given one out! The old backend software went ahead and approved it.

One EMV hack that used to work years ago was the pre-play attack on contactless cards. You scan for local cards and present a "purchase" to them, and then store the card's computed response. Then you use the same data to do a real purchase of the same amount. This was fixed by making sure that merchant terminals don't repeat their nonce values, and by adding time stamps.

One of my favorites is a man-in-the-middle attack. Basically it's like the above pre-play, but in realtime. A thief taps a contactless card that is actually wired up his sleeve to instantly relay the terminal challenges to a base station which finds a nearby contactless card to do the actual "purchase"... and then copies the real card's response back to the evil card. It does require a large antenna to pull off, but it's been demonstrated by using a typical metal shopping cart for that purpose.

I think that kind of attack would even work on Apple Pay if the target phone was pre-triggered and ready to pay. (Imagine charging the iPhone user in line behind you for your purchase! heee!) One terminal guard against that is to time the responses down to the microsecond, and watch for suspicious delays.
 
I think that kind of attack would even work on Apple Pay if the target phone was pre-triggered and ready to pay. (Imagine charging the iPhone user in line behind you for your purchase! heee!) One terminal guard against that is to time the responses down to the microsecond, and watch for suspicious delays.

it would have to be incredibly well timed. you can't put your fingerprint on the scanner, wait 20 seconds and then present it to the payment terminal.
 
  • Like
Reactions: kdarling
One EMV hack that used to work years ago was the pre-play attack on contactless cards. You scan for local cards and present a "purchase" to them, and then store the card's computed response. Then you use the same data to do a real purchase of the same amount. This was fixed by making sure that merchant terminals don't repeat their nonce values, and by adding time stamps

Pre-play attacks like that are still theoretically possible for transactions run in MSD-Mode, including Apple Pay transactions (and in the US, most contactless transactions are still MSD-Mode).
 
  • Like
Reactions: kdarling
The whole idea of a signature is ridiculous. If I drop my card, anyone can pick it up and use it by scribbling a signature. A PIN number is way more secure.
The vibe I picked up from VISA covering this at the last Verifone Retail Payment conference was that the fraud that comes from cards being physically stolen/lost was so small, card issuers were likely to lose more money from lost revenue (if they required a PIN, making their card less desirable to use compared to signature cards) than from the actual fraud itself.

WOW ... take a real look at what companies use Wallet ... too few to mention.
My wallet is 6 cards thinner now because of Apple Wallet Passes -- Wegmans, Walgreens, Target, Starbucks, American Airlines, and AAA. I also appreciate not having to futz around with paper tickets when I fly, go see a movie, or hit up a Ticketmaster concert/show.

I mean, nobody's going to complain if more companies started using Apple Wallet Passes, but I'm pretty sure I'm not the only person who's getting some benefit from the current list of companies.

To me, Apple Wallet Pass is almost like iTunes Smart Playlists, or iCloud Keychain. It's another tool available that a lot of people will never use, but truly enjoyed by the folks that do use it.
 
The vibe I picked up from VISA covering this at the last Verifone Retail Payment conference was that the fraud that comes from cards being physically stolen/lost was so small, card issuers were likely to lose more money from lost revenue (if they required a PIN, making their card less desirable to use compared to signature cards) than from the actual fraud itself.

Would that lost revenue be more than the amount from people simply going back to using cash instead of dealing with EMV at all? (I've heard scattered reports of the latter happening but I'd like to think that's not all that frequent.)
 
Would that lost revenue be more than the amount from people simply going back to using cash instead of dealing with EMV at all? (I've heard scattered reports of the latter happening but I'd like to think that's not all that frequent.)
No mention from them of people stopping to use cards entirely just because of EMV. lol
 
The vibe I picked up from VISA covering this at the last Verifone Retail Payment conference was that the fraud that comes from cards being physically stolen/lost was so small, card issuers were likely to lose more money from lost revenue (if they required a PIN, making their card less desirable to use compared to signature cards) than from the actual fraud itself.


My wallet is 6 cards thinner now because of Apple Wallet Passes -- Wegmans, Walgreens, Target, Starbucks, American Airlines, and AAA. I also appreciate not having to futz around with paper tickets when I fly, go see a movie, or hit up a Ticketmaster concert/show.

I mean, nobody's going to complain if more companies started using Apple Wallet Passes, but I'm pretty sure I'm not the only person who's getting some benefit from the current list of companies.

To me, Apple Wallet Pass is almost like iTunes Smart Playlists, or iCloud Keychain. It's another tool available that a lot of people will never use, but truly enjoyed by the folks that do use it.



Ever heard about redundancy?

If one day your iPhone fails or gets stolen orvwhatever - you will be lost... Diversification of risk in place of concentrating the risk is a basic security principle... Same for master- passwords...
And to save about 18 grams by not even having cards on you is absolutely not worth it - just my 2 ct...
 
Ever heard about redundancy?

If one day your iPhone fails or gets stolen orvwhatever - you will be lost... Diversification of risk in place of concentrating the risk is a basic security principle... Same for master- passwords...
And to save about 18 grams by not even having cards on you is absolutely not worth it - just my 2 ct...
In your world (no eWallet), you have no diversification. Your physical cards are your only means of accessing your accounts, which makes them single-points-of-failure. If you lose your wallet (or an individual card), or something's stolen, "you will be lost". You have to report your cards stolen (or broken), which causes your issuers to cancel them, and you're dead in the water for the period of time that it takes all of your issuers to ship you replacement cards.

With an eWallet like Apple Pay, your digital cards are a second means of accessing your accounts. To me, that's diversification. So if your phone breaks or is lost/stolen, in the time it takes you to resolve that, you simply go back to using the physical cards that you had stored safely at home. Driving home and getting your physical card is inconvenient, but I wouldn't qualify that as "you will be lost" (as I would when a physical card breaks or is lost). Since the PAN of the digital cards are different from your physical cards, the digital cards can be cancelled without any effect to your physical cards. Once your phone situation is resolved, you can immediately reenroll your physical cards (and again store them away safely at home) and start using the digital ones. There is no wait for your card issuer to physically ship you anything, because they don't have to.

And FWIW, my OP to you was referring to Apple Wallet Passes, not Apple Pay. If my iPhone craps out and I'm unable to produce my Wegman's frequent shopper card, or AAA card if I need road side assistance, etc, etc, etc, there are easy ways to get around them without even having to drive home and get the redundant physical card. Having the Apple Wallet Pass just makes those processes faster.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.