Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
What a great way to send your transaction data directly to the NSA for evaluation.

You think they aren't getting it already

----------

Does training also includes pretending all other payment methods suddenly take about 50% more time than usual?

Once set up, Apple pay will take like three seconds. So other payments will take 5. How is that a major issue
 
Last edited:
Wait, I thought Apple has no idea what you are buying, how can they make a Mint replacement if they don't know what you are buying?
You're more than naive if you actually believe that. However I doubt very much that they would show their hand by making such an app.
 
Since it seems like Apple Pay transactions are debit transactions (since Apple Pay requires a participating bank), I wonder if it will be possible to get cash back when using Apple Pay to make a purchase? Example, my last trip to Walgreens was to buy a pack of gum so I could get $20 cash.
 
Once set up, Apple pay will take like three seconds. So other payments will take 5. How is that a major issue
Exactly. When I am already waiting for the cashier to total my purchases and bag my groceries I have way more than enough time to swipe my card and enter my PIN. How would :apple:Pay help me to save time? More secure sure, saving time no.
 
Do you have a source for this? I though the actual card number was stored securely on the device and a token was generated each time you use it.

This Business Insider Article references this source article from TUAW. Here is the relevant part:

Credit Card information isn't part of the equation

With Apple Pay, no credit card data -- even in encrypted form -- is ever stored on the iPhone or on Apple's servers. Similarly, no credit card data is ever transmitted to or stored on a merchant's servers.

When a user first signs up for Apple Pay, either via an existing iTunes credit card or by loading a new one onto the iPhone, the card information is immediately encrypted and securely sent to the appropriate credit card network. Upon determining that the credit card account is valid, a token is sent back down to the device whereupon it's safely stored within the iPhone's Secure Element.

The token is used in place of an actual credit card number and is what Apple, in its marketing materials, refers to as a unique Device Account Number.

It is a very good read for EVERYONE here who has any doubts about how secure and private :apple:Pay actually is, and I recommend it very highly.

There are two layers of tokenisation that are going on here. The first one is as above, and is a static token representing your CC number. The second one is the one-time use transaction token generated for each purchase upon initialisation. Seriously read the TUAW article, it explains everything very well.
 
I really wanna give this a try. I feel like Apple will change my h way we all pay while others failed. We shall see..

Nah, I've already been doing this with Google Wallet. Now I just have another source to pay with while I'm using my iPhone and hopefully NFC payments will start expanding a little bit faster.

----------

"Apple's training materials note that its retail employee should emphasize the simplicity and security of Apple Pay to lure customers into using the service."

Richard, unless the training materials actually say that, a respectable journalist would refrain from using the word "lure." Is this some scheme or are we fish?

Both

----------

What Apple should do is buy these NFC readers in huge quantities at a very good price and then offer them to small merchants for a nominal fee or even free. This would really get the ball rolling on Apple pay.
Edit: in Exchange for an Apple pay logo decal in every window.

Not impossible but extremely illogical. That would cost billions. Just think about how many POS terminals there are. Not stores but each POS in each store.
 
Apple should have anticipated this for the iPhone 5, or at least the iPhone 5S and built NFC right in. Then they could state there are already millions of compatible users out there.

Now, you have to have an iPhone 6, live in the US, have a credit card from a specific bank and shop in a specific shop. While these requirements may hold true for some very loyal apple fans, they're not for the rest of the world. No ordinary person will switch banks over this, or shop at another store.

I'm also worried about the robustness of the service. Every other day Siri tells me she cannot take requests right now, iTunes match is buggy and slow as hell, photo stream misses several of my photos, I would not trust my files with iCloud Drive based on years of experience with iCloud, ...

If Apple pay fails for somebody three times, they will never use it again, so I hope apple has worked long and hard on this one.

This! This right here is what people are missing. Some of you guys think that Apple Pay is going to take over all payments and be a big thing. It's not. It'll be great and do well but not to the degree that some you are talking about.

Using Apple Pay is NOT going to be as smooth as easy as some think. There will be complications that will bug some and they won't use it again. Such as, the NFC POS terminal doesn't work correctly, the questions that you still have to answer on the POS. I see it sometimes when I use Google Wallet. Things go wrong. I don't mind because I know how to work through it but some will get frustrated and quit.

Apple Pay is actually extremely limited to a select few people that can use it compared to the actual consumer population.
 
You're more than naive if you actually believe that. However I doubt very much that they would show their hand by making such an app.

Eh, I am only repeating what I could have sworn others were touting (especially as to why Apple Pay is better than Google Wallet). I have no cares if Apple sees it or not.
 
While that's true, it's highly likely to work, at the very least as a long-term business plan strategy – people are gonna want to use their phones to make payment rather than unnecessarily carrying around a wallet full of little plastic cards, as it makes sense to them from both practical and (if it works as it should) security angles (lost/stolen phones cannot be used to defraud anywhere near as easily as cards would).

Do the maths, and this really is one of Apple's biggest earners, for relatively little effort once launched and running smoothly.

Think about it, when this (or if this fails, Apple Pay v2!) eventually rolls out worldwide for people's everyday spending, collecting 0.15% per transaction is A LOT of money, even for Apple.

Americans alone spent last year $14 trillion on shopping. At 0.15% that's $21 billion. If Apple got 20% of that spending through Apple Pay; that's $4.2 billion.

Say Europe has the same figure; that's another $4.2 billion.
Add the same figure again for other (non-US/EU) developed countries; yet another $4.2 billion.
And perhaps add double that figure for the rest of world's shopping spending; another $8.4 billion.

We get to $21 billion EACH AND EVERY year in Apple Pay revenue for Apple, and that'd be growing. That's 12% of Apple's current annual revenue, so hardly chump-change.

And even if their other product lines started to slow in uptake, this one would grow year-on-year, as people will spend money on non-Apple things regardless.

I get what you are trying to say but your math is extremely flawed.

Apple users will not spend $2.8 trillion dollars all through Apple Pay. That's the 20% of the $14t you talked about.

You're not going to be buying a house, car, boat and many, many other things all through Apple Pay.
 
So many retailer's (bodies) are ready in Australia with all the NFC readers already installed, why weren't we a launch country :(

(That would sure help with the profit that needs to be made up for to make '$$$')

I can't wait to do all of my touch payments through my phone instead of taking out my card
 
This Business Insider Article references this source article from TUAW. Here is the relevant part:



It is a very good read for EVERYONE here who has any doubts about how secure and private :apple:Pay actually is, and I recommend it very highly.

There are two layers of tokenisation that are going on here. The first one is as above, and is a static token representing your CC number. The second one is the one-time use transaction token generated for each purchase upon initialisation. Seriously read the TUAW article, it explains everything very well.

Thank you! Very informative read.
 
This has the potential to make Apple more $$$ than anything else they've done so far. If the security turns out to be as ironclad as even the financial institutions are now saying, this is going to be a watershed moment for the company.

The potential for earnings growth with their payment system eclipses anything that came before.
Well done Cupertino!

I hope it is huge for Apple.

However Wallmart is working with another group of companies for a payment technology that any smartphone can use (it displays an image on the screen that the checkout scanners can read) and there isn't a Visa/Mastercard 2.x% fee associated with it. It's several months behind and will only link to a checking account (its basically digital cash). From the retailers not having to pay a fee to the ability for all smartphones to use it - that's likely to be huge if they deliver (that's the big question of course). Saying that as a 6 owner, looking forward to ApplePay.
 
Do you have a source for this? I though the actual card number was stored securely on the device and a token was generated each time you use it.

Only last 4 digits of cc# are stored on device. A DAN is generated at the time the card is scanned into your iphone and stored in, encrypted in the secure element. Only the DAN and a one-time use cryptogram are sent, via NFC, to the merchant who in turn sends it to the card network, than the issuing bank, and if approved, the transaction proceeds and is finalized with your fingerprint. All in seconds.

One IMPORTANT security note. If all the Target and Home Depot transactions had taken place via Apple Pay, there would have been NO MASSIVE CREDIT CARD BREACH. Why, because the token (or DAN) has no intrinsic value and is useless to hackers. Hackers can intercept the DAN (token) all they want via malware or memory scrapers. It will have NO IMPACT. So massive credit card breaches could be a thing of the past!

That's why Apple Pay is secure and seems to be much safer than the old magnetic stripe technology still in use in the U.S.
 
While Apple Pay (and NFC in general) has promise, I don't get all the excitement at launch day.

I can picture the grinning doofus on Saturday shoving his phone out eager to buy a pack of gum and a water in the exact same amount of time it would take to hand over a few bucks or swipe their debit card.

To that end, I see the security benefits outweighing the convenience benefits. After all, how long does it take to take out a card and swipe it. I think my wife would represent the US in the Olympics if that was a sport.

To me the security aspects of Apple Pay will really kick in when we get to see it used at places where you have to give someone your credit card. I'd really like to see the bar/restaurant industry utilize some sort of mobile NFC technology for servers/bartenders rather than giving them your card to take to to the back.
 
I'd really like to see the bar/restaurant industry utilize some sort of mobile NFC technology for servers/bartenders rather than giving them your card to take to to the back.

Many already use such systems; the carry it the small device with them to the diners' table or bar patron. Very small and very simple, it'll be akin to what Apple uses in their retail locations (I believe new iPod Touches may have NFC enable alongside their swiping mechanism currently used, but will also offer just an NFC payment device akin to a keychain in size).
 
i'd like to see a video of an Apple rep trying to explain to seniors how to use PAY


Ageism lifts its ugly head, once again, in this forum. Neither I nor any of the other 'seniors' I know have any trouble using the iPhone or any of its functions. I usually end up explaining these things to 20 and 30 something's that I deal with.

It will more likely be us 'seniors' explaining to the young clerks how their new card reader works.
 
Only last 4 digits of cc# are stored on device. A DAN is generated at the time the card is scanned into your iphone and stored in, encrypted in the secure element. Only the DAN and a one-time use cryptogram are sent, via NFC, to the merchant who in turn sends it to the card network, than the issuing bank, and if approved, the transaction proceeds and is finalized with your fingerprint. All in seconds.

One IMPORTANT security note. If all the Target and Home Depot transactions had taken place via Apple Pay, there would have been NO MASSIVE CREDIT CARD BREACH. Why, because the token (or DAN) has no intrinsic value and is useless to hackers. Hackers can intercept the DAN (token) all they want via malware or memory scrapers. It will have NO IMPACT. So massive credit card breaches could be a thing of the past!

That's why Apple Pay is secure and seems to be much safer than the old magnetic stripe technology still in use in the U.S.

Thank you. I was already provided a source. To be clear though, this is not a source. This is just a reiteration of the original claim with more detail added.
 
While Apple Pay (and NFC in general) has promise, I don't get all the excitement at launch day.

I can picture the grinning doofus on Saturday shoving his phone out eager to buy a pack of gum and a water in the exact same amount of time it would take to hand over a few bucks or swipe their debit card.

To that end, I see the security benefits outweighing the convenience benefits. After all, how long does it take to take out a card and swipe it. I think my wife would represent the US in the Olympics if that was a sport.

To me the security aspects of Apple Pay will really kick in when we get to see it used at places where you have to give someone your credit card. I'd really like to see the bar/restaurant industry utilize some sort of mobile NFC technology for servers/bartenders rather than giving them your card to take to to the back.

Convenience isn't the main driver of this. Its security. Moreover, it always takes longer to pay via cash and get change (or fish for exact change). No one is claiming it takes a long time to swipe a card. But why should you have to do that and expose your credit card data to the merchant? With Apple Pay, you don't even need to have a physical card on you.
 
Chip and pin is not more secure. There's no credit card information present or passed through the transaction with :apple:Pay.

I'm not arguing that chip and pin isn't secure. In the US, that alone should wipe out most non lost/stolen card present fraud.

I understood you to say chip and pin was less secure than what is currently in use in the US. I was not implying it was more secure than Apple Pay. However, both chip and pin and Apple Pay are both much more secure than the current system in the US.
 
I understood you to say chip and pin was less secure than what is currently in use in the US. I was not implying it was more secure than Apple Pay. However, both chip and pin and Apple Pay are both much more secure than the current system in the US.

Chip and pin is way more secure than what we have in the US, i just meant that :apple:Pay is more secure b/c of the lack of cc info present and in the eCommerce space, where fraud still is rampant.

The US is a breeding ground for cc theft, and it should go away with EMV, for brick and mortar retail that is. Statistically speaking, from the rest of the world, most fraud from brick and mortar is nonexistent thanks to EMV.
 
Do you have a source for this? I though the actual card number was stored securely on the device and a token was generated each time you use it.

"Full card numbers are not stored on the device or on Apple servers. Instead, a unique Device Account Number is created, encrypted, and then stored in the Secure Element. "

- iOS Security Guide

Does google wallet actually use and transmit the real credit card number. If so, that's why it is less fuss. Apple pay needs the banks to be able to create the alt id etc

Google Wallet uses a virtual account number. Since Google is the sole holder of this token for all the users's real accounts, the user's banks do not have to be involved in keeping track. That's why any card can be registered as a payment source.

Chip and pin isn't that much more secure. As for the lag in a switch over here in the USA that is due to the legal infrastructure around credit cards. Getting that signature is very important.

I don't know of any law requiring signatures. That's a contractual thing between the credit card companies and the merchants. For example, Visa's USA signature requirements (and exceptions) are listed in the Visa USA Operating Regulations.

There are two layers of tokenisation that are going on here. The first one is as above, and is a static token representing your CC number. The second one is the one-time use transaction token generated for each purchase upon initialisation. Seriously read the TUAW article, it explains everything very well.

The account number being represented by a token, is the piece that's new to EMV payments.

The one-time transaction cryptogram value is what Chip & PIN / Google Wallet / etc have used all these years to make each transaction unique and unrepeatable.

One IMPORTANT security note. If all the Target and Home Depot transactions had taken place via Apple Pay, there would have been NO MASSIVE CREDIT CARD BREACH.

Yep, or if people had used Google Wallet. But what are the odds of everyone paying via NFC? Zero.

So even better, all merchants should contract with a certified third party token vault, and tokenize their storage of each transaction.

That way, the storage of ALL credit card transactions would be safer... including the far more numerous payments using an actual card.

Convenience isn't the main driver of this. Its security.

Security and consumer trust are drivers, but convenience is also absolutely a main driver. If it was only about security, there'd be a requirement for photo id validation, a signature, and a PIN... whereupon there'd be almost zero fraud, but longer lines and fewer purchases.

The whole point of the CC companies pushing non-signature purchases, contactless purchases, and so forth, is because they want us to make as many purchases as possible, so that they make more money from the resulting fees. Onerous, ironclad security is the opposite of what the credit card companies want.
 
Last edited:
Or could be like when when ATT was the only vendor to supply the iPhone. After it got popular, Verizon, Sprint and T-Mobile wanted in.

It's not that they only wanted in after "it got popular", it's because AT&T invested heavily to have it exclusively for the first few years. Not an Apples to Apples comparison.

In order for Apple Pay to become popular, it needs mass usage. If only a handful of retailers are going to have it, can't really get popular now can it?
 
Since it seems like Apple Pay transactions are debit transactions (since Apple Pay requires a participating bank), I wonder if it will be possible to get cash back when using Apple Pay to make a purchase? Example, my last trip to Walgreens was to buy a pack of gum so I could get $20 cash.

Of course you can. It is just like chip+pin or current contactless payments; you will be charged as normal and the transaction is confirmed real time.
 
Of course you can. It is just like chip+pin or current contactless payments; you will be charged as normal and the transaction is confirmed real time.

I was wondering about this too - I read something that implied "debit cards" will revert to the "credit" side of things, which would preclude the cash back option. I guess we will find out in the coming weeks for sure how it is implemented in Apple Pay.

One question I guess is how does someones NFC "debit" card work at Walgreens (or someone else taking them) right now? Does it go as debit or credit?

I'd go try it but don't have a card like that - in fact I'll be able to use my phone before my banks rolls a chipped card out to me.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.