Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Restricting Use of NFC Antenna in iPhone 6 and 6 Plus to Apple Pay
- Thread starter MacRumors
- Start date
- Sort by reaction score
There are at least two kinds of caps:
1) There's often a cap on contactless payments before you have to submit authentication.
This limit can be, and often is, in both the EMV card / mobile NFC app (perhaps even something you set) and the merchant's terminal. The lowest limit presented is the decision maker.
On apps like Google Wallet, below this cap you can simply tap & go. Otherwise you get prompted to enter your PIN to authenticate, and then tap again.
Apple Pay can get challenged by the merchant terminal in the same way, except that we're always prompted to enter our fingerprint ahead of time, so it's already prepared to respond with authentication.
2) There's our regular credit cap with risk analysis. That's the amount of credit we have left and/or they're willing to allow for this purchase at this location on this day.
Google Wallet has no purchase cap itself, except our credit limit. No doubt Apple Pay will be the same.
Flipping hell. Enclosed OS.
Frankly I'm excited as Hell about this news. I want
Pay to be secure and solid, and I don't want some basement dwelling "developer" walking on the white carpet with his muddy shoes. Once it's been in place for a year or so, and Apple is comfortable with the firewalls they've built around Pay, they'll open it up. Besides, I don't have any desire to bump phones to exchange soft core porn with my significant other. I have AirDrop.
& did any of the ridiculously silly things he mentioned sound plausible to you???
If somebody sneaks in while you're sleeping & touches your thumb to your iPhone without waking you, then sneaks away with your unlocked iPhone (preposterous amount of work & chance of being caught... I know) does said improbable thief then "have" your fingerprint?? NO. No they do not. Even in this silly hypothetical situation they'd only have your unlocked iPhone to make calls on until the screen blacks out... then they'd be sneaking back in to your house again, lol.
In the even more ridiculous scenario, where they literally sever your thumb for the same gain they could get in a MUCH less heinous crime, do you really think your worry would be: "gee, what if I have a hard time changing my biometric passwords to a different appendage" or "hmm, I wonder if NO LONGER HAVING A THUMB will be proof enough to reverse fraudulent charges?" I think you'd be more thinking- "omg, I need to get to a hospital!" or "wow, I can't believe that guy is going to get twenty years in prison for maiming me... I only had $17 in my account".
Please stop playing devil's advocate & encouraging him!!!!!!!
Fact is: he's being VERY silly.
Then they need to hurry up and actually have Apple Pay in my country if they are not letting third parties on board.
I see them opening up
Pay in other countries before they open up the NFC exchange to other apps. If I had to guess I'd say pretty early next year.
I've researched this by looking very carefully at apple's patent. Apple has a patent on the overall system - the relationship between the user, the provider (Apple) and the bank. The key to the privacy is not just that there is a token, but how it's handled and encrypted so that Apple and the merchant have no way of knowing anything about it or the user. That's what apple invented.
Of course the issuing bank has your credit/debit card info. They are either loaning the money to you to make a credit card transaction, or they hold the money you are using to make a debit card transaction. And if you use
But, Apple doesn't handle the transaction. IT GOES THROUGH EXISTING PAYMENT NETWORKS. Sorry for the shouting, but if you don't comprehend anything else, hopefully you'll get this.
The one part that I'm still unclear on: how does the Device Account Number (it's called an "alias" in Apple's patent) get associated with your credit card number? During the keynote, Apple said you could enter it into your Passbook by simply snapping a picture. But, how does the issuing bank learn about the association?
Does the Passbook app send it to Apple, who then sends it to the bank? Or does the Passbook app communicate directly with the bank's servers? If I were the bank, I'd insist on the latter. Passbook would have to know which bank to contact , but that's an an easy mapping of a few numbers to a URL (it's encoded in the first digits of the credit card number).
the transaction can easily be made 100% safe... Apple could based on your hardware create a new key every time you try to access it... the point Apple is trying to make here is your cc-number is never shown in the transfer, which is good of course... but in the end your cc will handle the communication to your bank (unless Apple starts their own credit/debit-handeling... in that case Apple would need your account-info)
you see you still pay with your VISA, only Apple will guarantee no fraud (as long as you use ApplePay)...
this way VISA (maybe) will pay a smaller fee to the makers of the terminal and Apple will get a small fee (a safe transfer)
NFC and RFID are very similar, to a point. RFID is read-only. NFC is two-way.
http://electronics.howstuffworks.com/difference-between-rfid-and-nfc.htm
Assuming they are different technologies -- I have paid with one of these cards at McDonald's before. How do we differentiate a module that accepts these old cards, versus NFC? So I don't look like an idiot waving my phone at an incompatible module.
If a point-of-sale terminal has the NFC symbol (it looks like the WiFi signal indicator on the iPhone, turned sideways), either your Mastercard or your iPhone should work. To the PoS terminal, both look the same.
Honestly, it's okay if you go to Android land. I don't have a camera that needs NFC, so your problem doesn't affect me, but I don't deny you have an issue, and it's up to you to decide whether your issues with Apple are important enough to you to cause you to change phones.
I've never encountered an Android feature that was enticing enough for me to abandon the iPhone, but if Apple stopped meeting my needs I would definitely start looking elsewhere. It isn't the Apple brand that I'm loyal to. Anyone who thinks that's all it is is merely deluded. I'm loyal to the satisfaction I get from most of the Apple products I use. When (or if) I stop being satisfied, I'll consider moving on to something else.
Of course the issuing bank has your credit/debit card info. They are either loaning the money to you to make a credit card transaction, or they hold the money you are using to make a debit card transaction. And if you use
But, Apple doesn't handle the transaction. IT GOES THROUGH EXISTING PAYMENT NETWORKS. Sorry for the shouting, but if you don't comprehend anything else, hopefully you'll get this.
The one part that I'm still unclear on: how does the Device Account Number (it's called an "alias" in Apple's patent) get associated with your credit card number? During the keynote, Apple said you could enter it into your Passbook by simply snapping a picture. But, how does the issuing bank learn about the association?
Does the Passbook app send it to Apple, who then sends it to the bank? Or does the Passbook app communicate directly with the bank's servers? If I were the bank, I'd insist on the latter. Passbook would have to know which bank to contact , but that's an an easy mapping of a few numbers to a URL (it's encoded in the first digits of the credit card number).
From what I understand, its the latter. Apple uses banks' already-existing tokenization process. Apple uses your card number to communicate with the bank directly to authorize ApplePay to access the banks' system and doesn't store the card number (aside from the last 4 digits so you can easily identify which card is which).
According to Apple's patent, a transaction counter is indeed included in the transaction security code. So, it is effectively a new key for every transaction.
Do you have a reading comprehension problem? I've already explained -- repeatedly -- that Apple isn't handling transactions between merchants and the issuing bank.
you see you still pay with your VISA, only Apple will guarantee no fraud (as long as you use ApplePay)...
this way VISA (maybe) will pay a smaller fee to the makers of the terminal and Apple will get a small fee (a safe transfer)
The financial terms of Apple's agreement WITH THE ISSUING BANKS, not the merchants, or the payment processors has already been disclosed: 15 cents per $100, on every transaction. The bank is giving up a small portion of their percentage in exchange for the additional protection from fraud.
I followed the link in your sig to the article you wrote: it's really informative, and if you don't mind I'll repost it for anyone else that is interested:
http://www.applenews.zone/2014/09/pay-tokenization-for-security.html
My name is on a few patents, individually and joint. I'm always amazed at how the information I send to the patent attorney gets turned into something I barely recognize.
It took me a while to learn how to read and interpret a patent, even only to reconcile it with the stuff I originally wrote! So, I appreciate the time you took to write this article.
if you are buying something with ApplePay... what information have you given to Apple?!? your bankaccount or your credit/debit-card?!? now try and tell me how your bank can see any transaction?!? the transaction is via VISA/MasterCard/AmEx or whatever... how would Apple bypass their fees?!?
edit: or even better how would the bank know you are using VISA/ApplePay and NOT plain VISA...
Sorry for the duplicate reply, but I wanted to be sure you saw this patent application:
http://www.freepatentsonline.com/y2014/0019367.html
METHOD TO SEND PAYMENT DATA THROUGH VARIOUS AIR INTERFACES WITHOUT COMPROMISING USER DATA
It has a lot of interesting details about the actual transaction. I was hoping you might be interested.
No, there's nothing wrong with NFC persé, but this could be related to how
Pay interacts with it. A security breach is the last thing Apple needs if it hopes for their new pay initiative to take off in a big way.
It depends on how it is implemented.
I just posted a link to another poster's article about the card setup process: adding a credit card to the Passbook requires authorization from the issuing bank and assignment of the device account number (or alias). The patent isn't clear about who does it: it could be Apple that does it, or it could be the bank's own systems. It's not difficult to determine the issuing bank from the first few digits of the account number.
I'll ask again: do you have a reading comprehension problem? I explained this earlier, and offered two possible alternatives.
OK, step back and read this slowly:
AN
PAY PURCHASE TRANSACTION IS SENT THROUGH EXISTING SYSTEMS.As far as the merchant and the card payment processor is concerned, it's just another credit card transaction. They handle it as if it was any other transaction. When the transaction arrives at the bank, the bank recognizes the account number is an "alias" and translates it to the appropriate account number, then authorizes it. When the payment is settled, the same thing happens. At no point in the transaction does anyone other than the bank know the real account number.
Apple isn't bypassing any fees. They have an agreement with the issuing bank(s) to give Apple 15 cents for every $100 of
pay transactions. The bank is accepting this cost in exchange for the additional security: it comes out of their bottom line.Rather than making the same discredited points over and over again, and asking the same questions again and again, why don't you do some reading? Apple's patents or applications are available online, and many articles have been written about them -- and their arrangements with financial institutions.
Stop wasting our time and stop trying to mislead people with misinformation.
Last edited:
And ensure Apple Pay secures a stronghold before letting competitors use iPhone's NFC for payment.
No doubt Apple's implementation of NFC payment will be excellent, but if it's restricted to iPhones, it's restricted to a minority of smartphone users. How does Apple Pay become dominate when Android is the more ubiquitous platform? The most likely outcome is that we'll be able to use Apple Pay at large retailers, but mom and pop stores will opt for the most popular NFC payment system.
This could bite Apple in the arse. If the iPhone isn't open to other payment systems, then Apple Pay becomes another hurdle for anyone contemplating switching from Android to iOS. It sort of reminds me of the era when Macs couldn't easily network with Windows systems.
Sorry for the duplicate reply, but I wanted to be sure you saw this patent application:
http://www.freepatentsonline.com/y2014/0019367.html
METHOD TO SEND PAYMENT DATA THROUGH VARIOUS AIR INTERFACES WITHOUT COMPROMISING USER DATA
It has a lot of interesting details about the actual transaction. I was hoping you might be interested.
Thanks. I've been looking at it and will write about it soon. (Huge backlog of things to write about!)
ok then.. I guess by your Apple-logic everyone should be very exited about ApplePay... if some are not exited at all, you would not understand...
we´ll see in a year ok...
Any NFC standard PoS terminal will be able to process
Pay payments. The trick isn't even getting the banks on board in the different countries. The trick will be displacing the current dominant Chip+PIN PoS terminals in Europe. These generally don't have contactless/NFC capability.In the US, the timing is right as merchants nationwide are being forced to upgrade their PoS terminals by the credit card companies, and most of these new terminals will have NFC capabilities, especially now with the announcement of
Pay. Most of the significant retailers in the US already have NFC capable terminals, and simply need to activate them, but haven't for a variety of different reasons, mostly to do with trying to keep control of the transaction and the data surrounding it.It will probably take longer for
Pay to get a foothold in Europe, but I could be wrong.