Apple Pay Shown to Work Internationally Using U.S.-Based Credit Cards

[newtestleper]

iCloud web page background

It has changed from the floating circles to a coloured background. What, have I noticed a change that is even too small to report? Say it ain't so!

 

[kdarling]

Well, I haven't known, and it wasn't because of forums. I haven't seen anything shared by Apple or news sites that said it was possible. I also have known nothing about NFC--until Apple Pay discussions started. That's why this is all a little confusing to me.

The problem is that Apple PR always tries to make it sound like they invented something and/or are exclusive with it. (E.g. the "220,000" NFC spots which already existed.) This confuses people, which is of course their intention.

Since they get their percentage from the bank, I'm guessing that's why some banks don't support it yet. Or am I mistaken?

Yes, that's likely part of it. Also see post above about having to support tokens, either themselves or via their processors.

I see where your confusion comes from. If Apple Pay is different, how can it work with existing NFC terminals?

That's because Apple Pay creates one time tokens that are formatted to look like real card numbers and expiration dates to the terminal.

Yes, however, the Apple Pay device account number tokens are not one time tokens.

They're static token numbers with a special bank id prefix, and are provisioned once per device. (Up to eight iOS devices can point to the same real account number. Each will have its own particular token associated with that real account number.)

The tokens only need to change if your device is stolen or your real account number is compromised. (Actually, for the latter, they could in theory simply point the same device token to a new real account number.)

 

[yg17]

Well, I haven't known, and it wasn't because of forums. I haven't seen anything shared by Apple or news sites that said it was possible. I also have known nothing about NFC--until Apple Pay discussions started. That's why this is all a little confusing to me.

Since they get their percentage from the bank, I'm guessing that's why some banks don't support it yet. Or am I mistaken?

Apple mentioned during the keynote that AP could be used anywhere you saw the NFC/Touch-to-Pay logo.

 

[MyopicPaideia]

agreed, I get debit cards are bank deals but I thought Visa is Visa no matter what country you are in

Yeah, but VISA & Mastercard don't issue their own cards, financial institutions actually issue the cards. This is unlike American Express and Discovery, who both typically issue their own cards in addition to being the payment network, although Amex also does also issue cards via banks.

 

[nick42983]

The guy in the video is annoying. Making videos about Apple Pay working is one of the lamest trends out there.

 

[Jimrod]

Jesus christ, what is up with you folks...This is a deal that Apple has to do with each bank....And NO, they can't do it with just VISA and boom its done. That's because the tokens that are issued are tied to cards issued out by guess who - the BANKS. Apple can't conceivably make deals with banks all over the world in one shot. Relax or let your bank know that you really want this feature.

At least give Apple a chance to show foreign banks not next door that it works and have an easier time getting them onboard.

So what about iTunes Radio (not that it's a desperate feature) - it's been well over a year since launch and still nothing, so what exactly is the time frame on this? You see, from the point of view of people buying iPhones outside the US - we see the Keynote offering all these features and kind of expect to be able to use them at some point during the lifespan of the device we're purchasing. The pace Apple seem to try to implement features outside the US suggests we should probably wait until the iPhone 7 for Apple Pay.

I just think we end up paying premium prices for ever sloppier service from Apple of late, broken updates, missing features etc etc. The Android devices, built just as well in many cases and with an ever-improving OS for a lot less outlay are starting to look more and more tempting. Just a bit of a rant, my iPad 2 keeps pushing me to update but I know iOS 8 will near brick it, the whole Apple push lately seems to be trying to get people to get their latest and greatest devices while not putting the same amount of effort into their execution (Mac Mini for example), or their OS which also seems to be having plenty of issues - let alone iCloud and it's incredibly sloppy implementation.

Apple was always supposed to "Just work" but I find this sentiment less true day by day.

 

[please22]

The problem is that Apple PR always tries to make it sound like they invented something and/or are exclusive with it. (E.g. the "220,000" NFC spots which already existed.) This confuses people, which is of course their intention.



Yes, that's likely part of it. Also see post above about having to support tokens, either themselves or via their processors.



Yes, however, the Apple Pay device account number tokens are not one time tokens.

They're static token numbers with a special bank id prefix, and are provisioned once per device. (Up to eight iOS devices can point to the same real account number. Each will have its own particular token associated with that real account number.)

The tokens only need to change if your device is stolen or your real account number is compromised. (Actually, for the latter, they could in theory simply point the same device token to a new real account number.)

Never mind I think we are mostly saying the same thing. I'm using the wrong terminology.

 

[ElectronGuru]

Apple Pay Shown to Work Internationally Using U.S.-Based Credit Cards

Many banks are slow. My bank still doesn't support deposits through smartphones when most of the other banks in my area do.

I wonder if the Europeans here would be shocked to hear that what you mean is that high tech money transfer in the US means accepting a paper check and then photographing it with a camera vs having to drive it to your bank?

 

[please22]

So what about iTunes Radio (not that it's a desperate feature) - it's been well over a year since launch and still nothing, so what exactly is the time frame on this? You see, from the point of view of people buying iPhones outside the US - we see the Keynote offering all these features and kind of expect to be able to use them at some point during the lifespan of the device we're purchasing. The pace Apple seem to try to implement features outside the US suggests we should probably wait until the iPhone 7 for Apple Pay.

I just think we end up paying premium prices for ever sloppier service from Apple of late, broken updates, missing features etc etc. The Android devices, built just as well in many cases and with an ever-improving OS for a lot less outlay are starting to look more and more tempting. Just a bit of a rant, my iPad 2 keeps pushing me to update but I know iOS 8 will near brick it, the whole Apple push lately seems to be trying to get people to get their latest and greatest devices while not putting the same amount of effort into their execution (Mac Mini for example), or their OS which also seems to be having plenty of issues - let alone iCloud and it's incredibly sloppy implementation.

Apple was always supposed to "Just work" but I find this sentiment less true day by day.

You can expect that Apple isn't the one holding back the deal. They do need to make a deal locally with music labels. If Apple could make a deal with music labels that covers the entire globe, they would have done that yesterday.

Yes it is terrible from the consumer's perspective but knowing the industry you can certainly see how most often its the music industry that's dragging its feet, not the other way around. They profit by segmenting each market and extracting a deal separately. That's why you can see songs mysteriously disappear from online music stores. It's not that the store is technically inept, but sometimes labels will allow deals to expire, etc.

 

[kdarling]

Incorrect.

Each token is generated separately for each transaction and what happens is a handshake that makes sure its a match.

You're confusing the Device Account Number (token), with the one-time cryptograms that go along with the transaction.

The account token does not change. It is not even a secret. Its sole purpose is so that the real account number cannot be stolen and used to make online purchases.

The transaction cryptograms change, which is what secures the purchase.

 

[bbeagle]

Since they get their percentage from the bank, I'm guessing that's why some banks don't support it yet. Or am I mistaken?

I'm guessing it has more to do with the management and the IT team of the banks. Some banks are so small that they have 1-2 IT people, or even outsource their IT and have management that doesn't follow the latest news, other banks have hundreds of developers, were on top of this months ago.

 

[ptb42]

Incorrect.

Each token is generated separately for each transaction and what happens is a handshake that makes sure its a match.

While I barely sympathize for the "confusion" for most nerds here the fud here is mind boggling. There was a deluge of information when the keynote happened a few weeks ago.

No, he is correct. But, so are you -- to a point.

The Device Account Number (which I'll refer to as a "token") is static. It is created when you add a card to your Passbook, once the issuing bank approves. Then, both the bank and your phone know this token.

For each transaction, a one-time cryptogram is generated to accompany the token -- you can think of it as an "enhanced CVV". The cryptogram includes an sequence number (that changes for each transaction) unique to the device, and probably other information like the merchant's ID, the amount of the transaction, and perhaps the date. This is indeed unique to each transaction, and is only good for this transaction. Without it, the token is useless.

(An aside: kdarling has reported a lot of "inside" information on the EMV tokenization standard used by Pay. Unless you have specific information to the contrary from an authoritative source, you should presume it is accurate)

 

[TWHH]

I wonder if the Europeans here would be shocked to hear that what you mean is that high tech money transfer in the US means accepting a paper check and then photographing it with a camera vs having to drive it to your bank?

No we wouldn't cos the 'global' tech press banged on and on about it as if it was/is available everywhere. Bit like this Apple Pay vapourware*

*if you have the audacity of living outside the USA

 

[Thunderhawks]

That will happen.

However by just cutting the middle man in the restaurant, hotel, and grocery store from your personal information is a significant win win. Many other examples...

In some countries, the complete credit card information is printed. Apple pay will eliminate that altogether.

Having been a victim of fraud at hotels and gas stations that is a first step.

Don't know if the Apple pay set up can also be used for online purchases, which would again eliminate personal info.

also, there is a concept out there that all passwords , user names etc. reside on ones computer and not with companies. Don't know what is happening with that.

But, I liked the idea.

 

[kerrikins]

Google uses “Host Card Emulation”(HCE) in place of a physical Secure Element. In other words, Google’s servers store your card number and are involved with every transaction you make.
When one makes a payment with Google Wallet, the app interacts with the card reader over NFC and then sends the details of the transaction to Google’s server. In a fraction of a second, a temporary card number is generated for the purchase and sent to the stores payment processor. The actual card number never passes through the merchant’s point-of-sale system.

Apple does not collect data on every purchase you make - Google does.

And this is why I would not want to use Google Wallet even if I had an Android phone. I'm trying to cut Google's influence OUT of my life, not give them more access.

 

[ThisIsNotMe]

I understand that perhaps they need to make arrangements with banks for debit card support, but credit cards like VISA, MC, AMEX should be able to be used in any country.

VISA and Master Card do not issue credit cards. They are payment processors.
While American Express does 'issue' credit cards (really charge cards) the payment processing and underwriting are two distinct divisions.

 

[Truffy]

international iphone owners can also take advantage of apple pay if they have a supported u.s.-based credit card, ... Need to change the region for their phones from their home countries to the united states.

Lame!

 

[bbeagle]

I just tried Apple pay for the first time today.

So super simple. I went to Office Depot. I just took my phone out, brought it up about a foot from the NFC terminal, the lock screen immediately showed my credit card and the amount to charge. I touched the Touch ID button. That's it. Charged. The lady gave me my receipt, and I was done.

No going into apps, nothing. Just there immediately on a locked phone. I will definitely use this all the time. Apple has a true winner here. Bye, bye touching the credit card terminal, to choose 'credit', swiping the card, it asking 'Is this amount okay?' then clicking 'OK', then signing.

I wonder if I have more than 1 credit card that can be used how it works? Are both shown and you swipe/pick between them?

How does this work on Google Wallet? Is the card on the lock screen as well? Is it verified with a passcode? Do you need to sign or transact with the credit card terminal in any way?

 

[frostiex]

Well..I am trying to setup apple pay with my 6+, however. upon changing the region to US. The Add credit card option is still not showing in passbook. Anyone know why?

 

[Stewie]

Am I the only one that doesn't get this whole Apple Pay thing?

How is this different than existing NFC solutions that have been around for years?

It seems like we see articles for retailers supporting "Apple Pay", but then Apple Pay works with any NFC terminal?! Why do retailers need to support Apple Pay specifically instead of just using stabdard NFC? Is it possible for a retailer to support Apple Pay, but not other NFC solutions (such as Google Wallet)?

I understand Apple Pay introduces some security improvements over standard NFC, but it also seems like Apple Pay works with standard NFC terminals, and standard NFC devices will work where Apple Pay does...

From you using it, it is no different at all. Any existing NFC terminal will work with your iphone if it works with google wallet. What makes it different is how things work on the backend, which makes no difference to how/where you use it.

 

[ptb42]

So what about iTunes Radio (not that it's a desperate feature) - it's been well over a year since launch and still nothing, so what exactly is the time frame on this?.

iTunes Radio is likely hung up by licensing agreements with the music distributors. I'm not privy to the negotiations, but if Apple has only the rights for distribution in the US, it will be limited to the US.

In order to expand outside the US, Apple would need a licensing agreement for that. They would also need agreements with non-US music distributors, so you could play music that originates in your own country or region, and not just from the US.

 

[Tech198]

Changing your county to U.S to make this work, is like Netflix supporting the idea outsiders streaming Netflix content without being in the U.S

All i can say is "WOW" I really didn't think Apple would actually be willing to have a reason to bypass this....

Well,,, there u go...

I guess they did this on purpose..

No, he is correct. But, so are you -- to a point.

The Device Account Number (which I'll refer to as a "token") is static. It is created when you add a card to your Passbook, once the issuing bank approves. Then, both the bank and your phone know this token.

If the Device Account Number is static, then its static... Wouldn't that be a weakness?

 

[macfacts]

From what I understand, the difference with Apple is the extra security. Your actual card data is never given to the retailer so if they are hacked, they get nothing of use. Whereas I think with other NFC payments, it like swiping your card… so the hackers get it all.

Im in canada and have a chip+pin card. If the retailer already has my card info, why do I have to tap or insert my card when I do a return/refund?

From what I understand, the difference is the apple logo. Nothing else.

 

[ptb42]

Im in canada and have a chip+pin card. If the retailer already has my card info, why do I have to tap or insert my card when I do a return/refund?

The retailer is supposed to only keep the card info long enough to authorize the transaction. For that short period, even the account number, cvv, etc. is unencrypted in RAM for the PoS terminal.

That's been long enough for large scale breaches at several retailers in the US. A trojan/worm captured the card info and transmitted it outside the retailer's network.

But, not even the standalone terminals are safe. Thousands of them in the UK were compromised during or immediately after manufacture, and were transmitting card info via the cell phone network to a server in Pakistan.

----------

If the Device Account Number is static, then its static... Wouldn't that be a weakness? Regardless of how secure it may be...? I would have felt a bit better it was was a changing token, not a static one. The bank would have the have the same dynamic token, since the bank knows if you when u do a transaction anyway.

The DAN is useless without the one-time cryptogram that accompanies it for every transasction.

 

[JAT]

No we wouldn't cos the 'global' tech press banged on and on about it as if it was/is available everywhere. Bit like this Apple Pay vapourware*

*if you have the audacity of living outside the USA

Wow, it's been available for exactly 24 hours and 5 minutes on the planet, in precisely the manner in which Apple claimed it would be, and here you are calling it vapor.

Maybe your definitions and worries are a bit mixed up?