Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
My bank debt card has the Visa logo so wouldn't it work? I'm with a small cu so I bet they would never make the list but the card is visa.


You need a card from Visa, MasterCard or American Express... that's issued by a supported bank.
 
So... My Walmart accepts NFC payments, but not apple pay. I would like to know if I might still be able to use Apple pay just to piss Walmart off? Or are they going to refuse payment because I don't want them tracking my purchasing history anymore?
WalMart is not going to promote that they accept ApplePay, because they have their own branded NFC payment product. But will their system accept it?

Is George Washington on the $1 bill, and Queen Elizabeth II on the £1 note? It's not a matter of which kind of money you use (cash, check, credit, debit... anything but barter), but whether you spend today and return to spend more tomorrow.

The banks are going to give retailers a financial incentive to encourage these payments, as fraud losses are expected to be substantially reduced. WalMart is not going to walk away from that!
 
Apple was smart and went with the evolution of an evolving and decided industry initiative (one use codes per transaction) that VISA and AMEX (IIRC) both agreed on last year.

You're right, Apple was smart to go with an industry standard.

As for one-time transaction specific authentication codes, they have been used with EMV for many years. That part is not new.

Using account tokens is the recent addition. (Not a new idea, mind you, but a long overdue implementation, and frankly, something that should be done by merchants for ALL transaction, not just NFC ones.)

It's beyond secure and more secure then Google Wallet, much more secure then Google Wallet, (... snip...) with its local-based tokenization as opposed to cloud-based tokenization on Google Wallet

Both payment wallets use account tokens and generate transaction-specific authentication codes from secret keys. Both are considered Card Present purchases. With both, we're covered for fraud.

The biggest implementation difference is that Google's cloud-based(*) tokens and keys are constantly changed, versus the single provisioning that Apple Pay uses.

Of course, with either wallet, if we ever use the same credit card outside of the wallet (either physically or online), the account number is fair game for thieves. Just one online hack or sneaky card skimmer can render all the other secure wallet token purchases as meaningless.

(*) One neat oft-talked about possibility that cloud-based tokens bring, is the ability to easily provision ones that are only good for certain merchants and a limited time. One could imagine in the near future that we'd be able to say, transfer to our kids specific card tokens for food & drink while they're at the beach, while preventing other purchases.
 
You're right, Apple was smart to go with an industry standard.

As for one-time transaction specific authentication codes, they have been used with EMV for many years. That part is not new.

Using account tokens is the recent addition. (Not a new idea, mind you, but a long overdue implementation, and frankly, something that should be done by merchants for ALL transaction, not just NFC ones.)



Both payment wallets use account tokens and generate transaction-specific authentication codes from secret keys. Both are considered Card Present purchases. With both, we're covered for fraud.

The biggest implementation difference is that Google's cloud-based(*) tokens and keys are constantly changed, versus the single provisioning that Apple Pay uses.

Of course, with either wallet, if we ever use the same credit card outside of the wallet (either physically or online), the account number is fair game for thieves. Just one online hack or sneaky card skimmer can render all the other secure wallet token purchases as meaningless.

(*) One neat oft-talked about possibility that cloud-based tokens bring, is the ability to easily provision ones that are only good for certain merchants and a limited time. One could imagine in the near future that we'd be able to say, transfer to our kids specific card tokens for food & drink while they're at the beach, while preventing other purchases.

One point I've wondered about. If someone gets your card info (either through skimming or some other act) they could conceivably put the info into their iPhone and start using it. I wonder if this issue will eventually be used to push liability back to the account holder.

Apple Pay sounds pretty good. So good for Apple that I bought another 200 shares of APPL today. And it just might be the thing that pushes me to buy an iPhone next time.

Guess I have time to wait and see how it all works.
 
I like the idea of not using my credit card at the store, reduces the possibility of skimming. I also like that my bank is already in the list along with two of my favorite stores. Now I just can't wait until Monday!

By October 2015 liability is moving from the banks to the stores unless they accept NFC is my understanding, so why wouldn't merchants jump on this technology? They have less liability, it all goes to the bank.

As for security, is anything really 100% secure? No, unless you are paying for everything with cash! The way I look at it, we can all be paranoid and not want to use any of this new technology and go back to making all of our transactions in cash. I actually had this conversation with an older lady at my church yesterday. We are going to start accepting credit cards for the weekly collection and she is adamantly against it, to the point of she was in tears in this meeting. She is also in her mid-80's. She has seen things go everyone paying for everything primarily with cash to writing checks to using credit cards to actually having debit cards attached to your checking account instead of writing a check. We were talking about the evolution of technology and how things change, including the way we transfer money from one person to another, and I started explaining NFC and :apple:Pay to her and she was fascinated.

This is just another part of the evolution of financial transactions. Will there be hiccups? Of course there will, there always is! But it is a great technology and is the future of how we will shop.
 
I wonder which banks are going to be ready on Day 1? All of the ones in the top tier that Apple showed? I have an Amex that I normally use only at Costco and also a Chase card that I use for restaurant and gas purchases, so presumably I could get those enrolled right away. However my primary "everything else" card is a BarclayCard and my company's Corporate Card is from USBank which are listed in the "Coming Later This Year" list...I wonder how much later?

Also does anyone know where we can see the 500 banks that Apple has supposedly signed up? The logos went by really fast in the keynote. I'm guessing most of those banks actually use just a handful of credit card processing companies that Apple has to get brought online....maybe each bank can opt in or out, but I would guess that the technology doesn't have to be implemented on the individual bank level.

Well, I guess I might have to go to McDonald's with my Chase card on Monday at least!
 
One point I've wondered about. If someone gets your card info (either through skimming or some other act) they could conceivably put the info into their iPhone and start using it. I wonder if this issue will eventually be used to push liability back to the account holder.

Apple Pay sounds pretty good. So good for Apple that I bought another 200 shares of APPL today. And it just might be the thing that pushes me to buy an iPhone next time.

Guess I have time to wait and see how it all works.

And then every fraudulent transaction would easily be traced back to that phone. That would be a very dumb criminal and they would be easily caught.
 
One point I've wondered about. If someone gets your card info (either through skimming or some other act) they could conceivably put the info into their iPhone and start using it.

Not likely at all. The process of adding a card to a phone is more complex than just having someone else's card in your hand and putting it into your own phone. The process includes:

"Additionally, as part of the Link and Provision process, Apple shares information from the device with the issuing bank or network, like the last four digits of the phone number, the device name, and the latitude and longitude of the device at the time of provisioning, rounded to
whole numbers. Using this information, the issuing bank will determine whether to approve adding the card to Apple Pay."

Also:

"Additional verification:
A bank can decide whether a credit or debit card requires additional verification. Depending on what is offered by the card issuer, the user may be able to choose between different options for additional verification, such as a text message, email, customer service call, or a method in an approved third-party app to complete the verification. For text messages or email, the user selects from contact information the bank has on file. A code will be sent, which the user will need to enter into Passbook. For customer service or verification using an app, the bank performs their own communication process."

So if the issuing bank sees a phone number that is not connected to you or a device that is not connected to you, it will likely trigger the additional verification procedures (particularly if your card is already registered for Apple Pay):

See iOS Security Guide October 2014:

http://images.apple.com/privacy/docs...e_Oct_2014.pdf
 
Not likely at all. The process of adding a card to a phone is more complex than just having someone else's card in your hand and putting it into your own phone. The process includes:



"Additionally, as part of the Link and Provision process, Apple shares information from the device with the issuing bank or network, like the last four digits of the phone number, the device name, and the latitude and longitude of the device at the time of provisioning, rounded to

whole numbers. Using this information, the issuing bank will determine whether to approve adding the card to Apple Pay."



Also:



"Additional verification:

A bank can decide whether a credit or debit card requires additional verification. Depending on what is offered by the card issuer, the user may be able to choose between different options for additional verification, such as a text message, email, customer service call, or a method in an approved third-party app to complete the verification. For text messages or email, the user selects from contact information the bank has on file. A code will be sent, which the user will need to enter into Passbook. For customer service or verification using an app, the bank performs their own communication process."



So if the issuing bank sees a phone number that is not connected to you or a device that is not connected to you, it will likely trigger the additional verification procedures (particularly if your card is already registered for Apple Pay):



See iOS Security Guide October 2014:



http://images.apple.com/privacy/docs...e_Oct_2014.pdf


Hmm....not sure how I feel about this...I use a Google Voice number as my primary number and that's what's on file with each of my card companies. If they get the last 4 digits of my actual mobile number there will be a mis-match. Will be interesting to see how smooth enrollment goes next week.
 
You're right, Apple was smart to go with an industry standard.

As for one-time transaction specific authentication codes, they have been used with EMV for many years. That part is not new.

Using account tokens is the recent addition. (Not a new idea, mind you, but a long overdue implementation, and frankly, something that should be done by merchants for ALL transaction, not just NFC ones.)

Ah, I knew I wasn't totally correct on terms. Thanks for the clarification!
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.