My bank debt card has the Visa logo so wouldn't it work? I'm with a small cu so I bet they would never make the list but the card is visa.
You need a card from Visa, MasterCard or American Express... that's issued by a supported bank.
My bank debt card has the Visa logo so wouldn't it work? I'm with a small cu so I bet they would never make the list but the card is visa.
WalMart is not going to promote that they accept ApplePay, because they have their own branded NFC payment product. But will their system accept it?So... My Walmart accepts NFC payments, but not apple pay. I would like to know if I might still be able to use Apple pay just to piss Walmart off? Or are they going to refuse payment because I don't want them tracking my purchasing history anymore?
Apple was smart and went with the evolution of an evolving and decided industry initiative (one use codes per transaction) that VISA and AMEX (IIRC) both agreed on last year.
It's beyond secure and more secure then Google Wallet, much more secure then Google Wallet, (... snip...) with its local-based tokenization as opposed to cloud-based tokenization on Google Wallet
You're right, Apple was smart to go with an industry standard.
As for one-time transaction specific authentication codes, they have been used with EMV for many years. That part is not new.
Using account tokens is the recent addition. (Not a new idea, mind you, but a long overdue implementation, and frankly, something that should be done by merchants for ALL transaction, not just NFC ones.)
Both payment wallets use account tokens and generate transaction-specific authentication codes from secret keys. Both are considered Card Present purchases. With both, we're covered for fraud.
The biggest implementation difference is that Google's cloud-based(*) tokens and keys are constantly changed, versus the single provisioning that Apple Pay uses.
Of course, with either wallet, if we ever use the same credit card outside of the wallet (either physically or online), the account number is fair game for thieves. Just one online hack or sneaky card skimmer can render all the other secure wallet token purchases as meaningless.
(*) One neat oft-talked about possibility that cloud-based tokens bring, is the ability to easily provision ones that are only good for certain merchants and a limited time. One could imagine in the near future that we'd be able to say, transfer to our kids specific card tokens for food & drink while they're at the beach, while preventing other purchases.
One point I've wondered about. If someone gets your card info (either through skimming or some other act) they could conceivably put the info into their iPhone and start using it. I wonder if this issue will eventually be used to push liability back to the account holder.
Apple Pay sounds pretty good. So good for Apple that I bought another 200 shares of APPL today. And it just might be the thing that pushes me to buy an iPhone next time.
Guess I have time to wait and see how it all works.
One point I've wondered about. If someone gets your card info (either through skimming or some other act) they could conceivably put the info into their iPhone and start using it.
Not likely at all. The process of adding a card to a phone is more complex than just having someone else's card in your hand and putting it into your own phone. The process includes:
"Additionally, as part of the Link and Provision process, Apple shares information from the device with the issuing bank or network, like the last four digits of the phone number, the device name, and the latitude and longitude of the device at the time of provisioning, rounded to
whole numbers. Using this information, the issuing bank will determine whether to approve adding the card to Apple Pay."
Also:
"Additional verification:
A bank can decide whether a credit or debit card requires additional verification. Depending on what is offered by the card issuer, the user may be able to choose between different options for additional verification, such as a text message, email, customer service call, or a method in an approved third-party app to complete the verification. For text messages or email, the user selects from contact information the bank has on file. A code will be sent, which the user will need to enter into Passbook. For customer service or verification using an app, the bank performs their own communication process."
So if the issuing bank sees a phone number that is not connected to you or a device that is not connected to you, it will likely trigger the additional verification procedures (particularly if your card is already registered for Apple Pay):
See iOS Security Guide October 2014:
http://images.apple.com/privacy/docs...e_Oct_2014.pdf
You're right, Apple was smart to go with an industry standard.
As for one-time transaction specific authentication codes, they have been used with EMV for many years. That part is not new.
Using account tokens is the recent addition. (Not a new idea, mind you, but a long overdue implementation, and frankly, something that should be done by merchants for ALL transaction, not just NFC ones.)