Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Said to Be Using Tokenization Technology to Secure Mobile Payments Service
- Thread starter MacRumors
- Start date
- Sort by reaction score
I hope it's not retailer specific otherwise it will take years to implement. I don't know much about this technology but it surely has to work with what's out there in the retailers already to gain widespread adoption. I just recently got a new debit card from my bank with Wireless function. I just hold it next to the terminal and it's paid. Hopefully I will be able to do the same with my iPhone.
In light of the past days iCloud hack clusterfrack (alright, not really a hack), Apple may very well be on its way to revolutionize how your credit card could be stolen 
Apple, banks, retailers wonder why people choose to use easy to guess passwords.
Wow! I'm surprised Apple hasn't been using Token tech for their ( my ) payments. I've been writing token payment code for a little over two years.
It's not like it's a new idea.
----------
----------
Just to scare everyone, I could easily setup a capture at the fuel pump and grab your swipe. I'm curious on how 'they' can make this secure, possibly include a manual PIN?
It's not like it's a new idea.
----------
AND choose NOT to use two-part authentication.
----------
Same way as your credit card mate. Just swipe your phone near the 'pad'.
Just to scare everyone, I could easily setup a capture at the fuel pump and grab your swipe. I'm curious on how 'they' can make this secure, possibly include a manual PIN?
if any one of the celebs that got hacked could tell me what tokenization means, i would give them everything i have.
You state that you have been writing token payment code for two years, yet you don't know how it can be secure? You mean you write code for a technology that you don't understand?
Wut?!
HobeSoundDarryl
macrumors G5
I have been talking about this. I think it's another lightning/thunderbolt/proprietary hard drive connector in iMacs/etc thing. I suspect Apple is going to put it's own twist on the NFC standard, spinning a "get it right" message while actually setting up a licensing revenue stream. I can easily imagine Apple requiring the retailers to buy a little (new) hardware from them and/or cut Apple in on a slice of each sale made via iDevices.
There would be a lot of money in both of those, especially the latter. But the downside is anticipated below...
I'm with Shaun, UK on this topic. I hope it works with the established standard rather than require a new level of adoption. To implement something proprietary, for every big chain (CVS, Nordstroms, Walgreens), there are probably hundreds of "mom & pops" that would also need to make a deal with Apple. Then, think about the pace of that on a global scale so this could work well everywhere.
Is this going to be something like wifi (which just works everywhere) or something more closed like FaceTime? We'll find out in the next few days.
Increased computational complexity deters the kinds of hackers that steal credit cards. They are not doing it because the math is interesting.
Wow, a debit card that removes cash from your bank account wirelessly. That seems really safe.
I'm guessing (and hoping!) it's something that works out-of-the-box with most retailers, but provides increased security for those that upgrade their systems to conform to Apple's approach.
With recent revelations about credit card info being stolen at point-of-sale at such retailers at Target and Home Depot, I know that I would be much more interested in shopping at a place that had implemented enhanced security measures. And I think a lot of other people would as well.
How many could you capture moving through a crowded subway car, where you could, without raising suspicion, actually get into physical contact with someone?
No, everyone knows why people don't use 2-part-authentication. It is a pain in the ass and unnecessary for most applications.
In your specific case, none. The phone is not emitting at that point, so nothing to capture. BUT, using your example I could capture tens of thousands using their phones to process though the gates. IMHO that would be too risky for any real threat, as the area is well monitored. It is much easier to grab the data at other less obvious locations. Mind you, I'm a researcher, not a criminal. I wouldn't want your data, I just know how to get it. If I do, then a less scrupulous individual can as well.
To grab the data, the criminal doesn't need to be in contact with the device or the person. They actually would do best to not even be in the area at all.
----------
I agree, it is a PITA. I wrack my brain daily to come up with a better solution. I fear Star Trek may have the best solution. The combination of a carried device and voice recognition may be the way of the future. Pundits argue that it fails during sickness ( laryngitis ). That is true but recognition can be based off more than JUST sound: cadence, intonation, ect. This combined with a wee bit more powerful processing and a physically carried device might be the best way.
Again, I wrack my brain daily; trying to come up with the billion dollar answer.
At least those in the UK have to be really blimmin' close to the reader.
I use the contactless-payment ability of my debit card every day at the newsagent two doors down from my house. Get a newspaper and a drink every day. Takes about a second to pay. Only thing is, 'contactless' is a bit of a misnomer, since the card seems to actually have to touch the terminal to work. It doesn't work with the card in my wallet (I've tried -- and it's just a normal leather wallet, not a paranoia-laden tin foil-wrapped wallet).
Same goes for my NFC enabled speaker, I have to actually touch the back of the phone to the speaker to get them to pair.
This tokenization process, believe google wallet implementation is the same, should protect phone users from that subway scenario in addition to the uber low range.
This tokenization process, believe google wallet implementation is the same, should protect phone users from that subway scenario in addition to the uber low range.
Somewhere celebs are wondering and then asking their agents just what the hell tokenization is. And then why they couldn't have it first.
Thanks for the need to not clarify things The article already stated everything we needed to know! I hope you feel better!!
Wow, a debit card that removes cash from your bank account wirelessly. That seems really safe.
You don't have these in the US? I must admit I was not sure at first but it does have some security. Firstly you have the card with you and hold it next to the terminal. Secondly there is a limit to how many times you can use it and how much you can spend before it asks for a PIN number. So I guess if someone does steal it at least they can't spend too much before the card would ask for a PIN or you report it stolen and it's immediately blocked.
I'm not sure it's all that less secure than a chip and PIN debit card which can be skimmed by the cashier without you even knowing. That way they get your PIN number and access to a whole lot more cash at the ATM.
It's a handy and quick way to pay for small purchases. The idea is to replace cash wherever possible which I like the idea of. If there was an alternative option to pre-load my iPhone with cash and use the that as a wireless payment device instead I would prefer that as it wouldn't be linked to my bank account.
Coin shot themselves in the head already. Delayed production deliveries and chip & pin on the horizon, Coin will be nothing but a tech antique to own soon.
I would assume verification would come via a TouchID scan.
----------
Sucks too.....was really looking forward to it.
But I went to my local Target yesterday and Wal-Mart the day before that. BOTH have new terminals for the "chip and pin" now.
Unless Coin saw this and decided to delay to include support for the chip (which I can't imagine), it'll be useful until October when consumers will be highly encouraged to change over and all our cards will have chips in them anyhow.
I really hope this helps push physical money closer to obsolescence. Obviously cash will always be useful, but I'd really like to get rid of coins.