Apple to Add Near Field Communication (NFC) Payments to iPad 2 and iPhone 5?

[mytdave]

Cool, but

Now there's a technology just waiting to be exploited. I suspect it means some type of embedded RFID chip. They better have an 'off' button in Settings that requires a password to turn NFC on. While in 'off' mode, they better have a way for the RFID antenna to be shorted so that someone with a sniffer won't be able to scan the device.

 

[mentholiptus]

This sounds like a HUGE security risk to me. Anybody know enough about this technology to know whether I am being paranoid?

The gov't had tested RFID in florida a few years back, and all a person needed to do was to come within a few feet of a someone (carrying an RFID ID) with an RFID reader and they could duplicate their credentials.

Who knows. All these new developments seem to be geared towards finding better ways for me to part with my money. I'm starting to question if I need anything more than what I already have. A nice work station to do my digital work, and my pocket communicator. I'm done with TV. Still prefer CD's & records. I prefer physical books over eBooks. I spend ~2% of my week "gaming" in some fashion...and I'm starting to lean towards board games.

Anyway, I'd say it's better to be paranoid than naive. You're safer not to trust it.

 

[mytdave]

not really

yes banking system is so far behind in the US, I would laugh if it wouldn't be so sad.

After coming here from Europe, where you can make electronic payments from bank account to bank account and the money will transfere almost instantly, I was shocked to see that I here have to write and mail actual checks. Since a couple of years you can do your payments online and I thought finally they move to the modern times. I was pretty shocked when I found out that all they do than is to print out a check and put it in the mail - WTF? Seems like the US is far away to be a technology leader and stuck somewhere in the colonial times.

That's not really the case in the U.S. Well, there could be some financial institutions where that is the case, however most are up with the times.

My bank can do everything by electronic transfer. I do my banking online and they send payments by electronic transfer. They will print out paper checks and mail them, but only to recipients that aren't up with the times. For any payee that has their act together and can receive electronically, that's how it's sent. Most banks are tech savvy, but not all businesses are.

 

[VulchR]

Actually in thinking about this perhaps the risk is no more than carrying cash. Indeed, I can imagine using the phone to make electronic payment even more secure: If Apple were smart they'd use the Facetime camera and face recognition software as a way of authenticating the user. Or perhaps the touch-screen imprint of 3 fingers (not fingerprints but the relative widths/lengths of the fingertips). Or voice-print. Hmm....

 

[nylonsteel]

Hoping for the day I dont have to hassles with coins and change
I predict it will be a long time before all the grocery stores adopt this
Even now some credit card swipe terminals are so clunky and buggy and on top of that some still require you to sqribble your name on an old beat up stamp sized screen
btw: i love self check out lines -

 

[0815]

That's not really the case in the U.S. Well, there could be some financial institutions where that is the case, however most are up with the times.

My bank can do everything by electronic transfer. I do my banking online and they send payments by electronic transfer. They will print out paper checks and mail them, but only to recipients that aren't up with the times. For any payee that has their act together and can receive electronically, that's how it's sent. Most banks are tech savvy, but not all businesses are.

In europe there is no need to print checks ever (only exception if the recipient has no bank account). All you need is the name and bank account number of the recipient. With all the banks I tried here, this can't be done. When I have to pay rent, a check has to be printed, no matter if the recipient has even a bank account with the same bank. This is just stupid - it is the BANK that does not support it - has nothing to do with my landlord not being up to the times. Even worth, the bank takes it out of my account the day they send the printed letter, not when it arrives on the recipients account. Also in Europe it works with EVERY bank, not a might or might not, maybe, depends.

 

[mr.steevo]

I'd be more concerned that someone has my phone than being concerned that they may be able to buy a Starbucks Coffee from my account...

 

[rtdunham]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

This isn't just a matter of Apple incorporating an NFC payment capability, it's a question of whether the infrastructure is there in the first place. Great, so I've got my NFC-equipped iPhone 5 - now, where to use it? Jeez, in the luddite-infested town I live in most people still won't use credit/debit cards because they've only just got used to the concept of cheques. It's fine for countries who've adopted this some time ago (mostly Far Eastern) and the big cities, but Apple bringing this technology to the rest of us isn't going to increase adoption until the card processors roll out the infrastructure to a wider population. It's a bit chicken and egg I guess. Maybe Apple's implementation will raise the profile of contactless payments and set the ball rolling?

I can imagine it being an asset on the iphone, but usefulness on an iPad eludes me.
As for your objections, substitute a few words and you've expressed exactly the skepticism when apple dropped floppy drives or adopted FireWire, solid state memory and the cloud, etc. Apple often intros change before we're "ready" for it and then helps ys discover why we care. I imagine apple now has iOS devices at the critical mass to make this popular.

 

[spotlight07]

Actually in thinking about this perhaps the risk is no more than carrying cash. Indeed, I can imagine using the phone to make electronic payment even more secure: If Apple were smart they'd use the Facetime camera and face recognition software as a way of authenticating the user. Or perhaps the touch-screen imprint of 3 fingers (not fingerprints but the relative widths/lengths of the fingertips). Or voice-print. Hmm....

Another factor of authentication will be needed for sure. Especially if the phone becomes a wallet, ID card, and a key ring. The ultimate authentication is a biometric like you mentioned or a chip in the body that constantly communicates to the phone. Combined with GPS and a data connection with a static IP address (IPv6) the phone and the body become a one-two punch to knockout fraud and make transactions dead simple. Stuff like this always creeps me out though, as the warning from John replays in my head (Rev. 14: 9-11).

 

[DrFreeman]

There is little known about NFC security, but it is questionable at least.

The idea of NFC is to keep the range very short (about 4 inches). This is intentional. If you hold your device close enough to the reader you are authenticated. No need to enter a PIN or password. The reason is to authenticate a ot of people quickly (example: use as a ticket in public transport).
But this can be abused by anyone who has stolen your device. This is probably ok as long it is a prepaid system and only a limited amount can be stolen. But when it is really coupled to your iTunes account or even the credit card.... ?

Bad luck.

The other problem is: There is close to nothing known about technical security (encryption etc). So security experts cannot evaluate the system. Security by obscurity has never been a trustworthy approach and has failed many times in the past.

Christian

NFC offers much better security with respect to the current technology. It is widespread in Japan and South Korea. So in this regard, the US and EU are 5 years behind East Asia.

For security analysis on NFC you can look at the link below, or just search NFC security in Google:
http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002 - Security in NFC.pdf

Snippet of the conclusion for this article states
NFC by itself cannot provide protection against eavesdropping or data modifications. The only solution to achieve this is the establishment of a secure channel over NFC. This can be done very easily, because the NFC link is not susceptible to the Man-in-the-Middle attack. Therefore, well known and easy to apply key agreement techniques without authentication can be used to provide a standard secure channel. This resistance against Man-in-the-Middle attacks makes NFC an ideal method for secure pairing of devices. Additionally, we introduced an NFC specific key agreement mechanism, which provides cheap and fast secure key agreement

 

[louis Fashion]

Nothing is 100% Secure

You can lose your wallet. Lose your cash. Lose your credit card. Lose your phone. Hackers can rip you off. Lay-abouts at the StarBucks can remotely scan your cards.

Just use the new tech and hope for the best, that is what most of us do everyday.

 

[Yankee617]

Security Is Not The Only Issue

The stack of credit/loyalty cards I carry is smaller than an iPhone/iPad.

Here in Boston, I carry my "Charlie Card" in my wallet and just wave
my wallet at a little reader to gain access to our subway/bus systems.
It would be far more awkward to pull my iPad out of my backpack and
wave it at a reader.

One *possible* advantage is to have the iPhone/iPad consolidate all
my various credit/loyalty/whatever cards... but that's a lot further
down the road (maybe). Even if all the security issues were solved,
its not clear that NFC with iPhone/iPad will help make my life better.

I'd rather see them (a) enlarge the battery capacity, (b) reduce the
weight, (c) include autofocus/flash in the rear camera, (d) enlarge
the memory, (e) include GPS, or (f) include all, worldwide, 3G and
wireless comms capabilities in the iPad... before including NFC.

 

[ciTiger]

Too soon? Too late?

Well I'd definitely like to be able to use this on a daily basis.
But regularly flashing a gadget worth 600 € isn't exactly what I had in mind lol

 

[ortuno2k]

I agree with most about posing a huge security risk.
But how about this -- instead of jut waving the iDevice by the reader, users will be required to also enter a pin... it could be a four digit pin (like a debit card now), or a fingerprint, to confirm that the user is indeed the intended one.

I've seen a few stores which have those readers, and are compatible with my bank card, but I've never used them. I tried once, but it wasn't set-up, so I never tried again.

 

[cvaldes]

Is NFC a common payment system in the USA?

I have seen NFC in other applications (example: authentication in a car sharing system), but not as a payment system.

Christian

No, NFC contactless payment is not commonplace in the USA, at least amongst retailers. Many of the major regional transit systems are now using NFC cards.

Locally, there is a very small operation called Bling Nation that issues RFID stickers for your cellphone; most of the POS terminals are in downtown Palo Alto.

Japan and South Korea are heavily using NFC contactless payment systems.

As a matter of fact, you will see a lot of paranoia from US commentors about this system, simply because they are ignorant of the fact that the Japanese have been using this for about six years without major issues. You treat your phone like your wallet; don't lose it. If you lose either one, you'll end up calling a bunch of people to notify them of a lost card/"osaifu keitai" (literally "wallet phone").

 

[fabianjj]

Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; sv-se) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

I hope you're not referring to those old magnetic stripe cards? The security of those is a joke, they should have been banned years ago.

 

[0815]

You can lose your wallet. Lose your cash. Lose your credit card. Lose your phone. Hackers can rip you off. Lay-abouts at the StarBucks can remotely scan your cards.

Just use the new tech and hope for the best, that is what most of us do everyday.

Guess we need some chip that we can implant under the skin and you justs have to swipe your finger to pay ... of course there is still the danger that you loose your finger, ....

 

[3282868]

Use your iPhone, payment charged through iTunes, credit card on iTunes charged, iTunes takes a percentage of interest rate through charges?

How bout a finger print? They're unique to everyone. Scan your thumb, chose a CC associated with your finger print, the kiosk shows your picture for verification, done. No worry about your CC, wallet, iDevice being stolen.

 

[VulchR]

Guess we need some chip that we can implant under the skin and you justs have to swipe your finger to pay ... of course there is still the danger that you loose your finger, ....

Please don't give the governments ideas....

 

[xdhd350]

Too late.

Visa are already rolling out an RFID based system in the UK and have been for over 2 years. No chance that Apple will be able to compete at this stage.

Quite possibly the dumbest comment I've seen on this forum. And now for the history lesson.

Apple wasn't first with MP3 players.. but then came the iPod.
Apple wasn't first with cell phones... but then came the iPhone.

In both instances, all the pundits said Apple was way too late and would never be able to compete with existing providers of said technology.

Sorry to say this, but you grossly underestimate Apple's ability to compete at any stage of the game.

 

[MikeDTyke]

I can imagine it being an asset on the iphone, but usefulness on an iPad eludes me.
As for your objections, substitute a few words and you've expressed exactly the skepticism when apple dropped floppy drives or adopted FireWire, solid state memory and the cloud, etc. Apple often intros change before we're "ready" for it and then helps ys discover why we care. I imagine apple now has iOS devices at the critical mass to make this popular.

Most if not all new devices Apple ships in 2011 will be NFC enabled, not because of ePayments, but rather the other NFC applications they have thought of ie.

http://www.patentlyapple.com/patently-apple/2011/01/apple-dreams-up-a-new-user-friendly-connector-system.html#more
http://www.patentlyapple.com/patently-apple/2010/07/apples-itravel-app-to-plug-into-hotel-servers-for-in-room-services.html
http://www.patentlyapple.com/patently-apple/2010/05/a-new-social-workflow-patent-from-apple-highlights-facebook.html#more
http://www.patentlyapple.com/patently-apple/2010/04/nfc-iphone-to-control-all-of-your-in-home-electronics-more.html
http://www.patentlyapple.com/patently-apple/2010/02/apple-getting-serious-about-near-field-communication-on-the-iphone.html
http://www.patentlyapple.com/patently-apple/2009/11/apple-developing-grab-go-application-for-life-in-the-fast-lane.html#more

There's a lotta reading in here, but it all lines up to a lot of NFC benefits that have nothing to do with paying someone.

 

[firestarter]

Quite possibly the dumbest comment I've seen on this forum. And now for the history lesson.

Apple wasn't first with MP3 players.. but then came the iPod.
Apple wasn't first with cell phones... but then came the iPhone.

In both instances, all the pundits said Apple was way too late and would never be able to compete with existing providers of said technology.

Sorry to say this, but you grossly underestimate Apple's ability to compete at any stage of the game.

And neither of those examples are relevant to this discussion.

How much infrastructure did Apple have to build to compete when they launched the iPod? How many shops had to be fitted with hardware?
How many cell towers did they build when they launched the iPhone?

Absolutely NONE. The products were self contained and operated within an existing infrastructure.

So, if Apple choose to do contact-less payment and use Visa network's readers (which they're currently rolling out at great expense) then they might have a nice me-too product - along with the credit card companies and other phone manufacturers.

But if they're planning to go it alone, and fit all the infrastructure needed in shops and small businesses to read these RFIDs they don't stand a chance! They're a good three or four years behind Visa and Barclays (in the UK) and they have no where near the same market penetration as the banks/credit card companies.

Educate yourself!

Around 12m contactless cards are currently in circulation and accepted at 26,000 locations across the UK, including Pret A Manger, Caffe Nero, EAT, Subway, Co-operative, and Ikea stores on the High Street.

Visa - the driving force behind the technology - says it expects the number of cards being used to double this year, hitting 20m by the end of 2011.

 

[Jcoz]

I personally don't see a big issue. Besides, RFID has been used in Japan on Cell phones for a few years now and they seem to have it working fine as far as I know. The way I look at it, if someone really wants to rip me off, they'll figure out a way.

The silliest security out there today is the signature on the back of your credit cards. What security does that offer? None. Anyone could sign it. It's so small it never looks like your real signature. It's silly.

Exactly, if it was really very unsafe, where are the horror stories rolling out of Japan?

Seriously, if anyone knows of any, I'd like to read up on them...

 

[Jcoz]

Most if not all new devices Apple ships in 2011 will be NFC enabled, not because of ePayments, but rather the other NFC applications they have thought of ie.

http://www.patentlyapple.com/patently-apple/2011/01/apple-dreams-up-a-new-user-friendly-connector-system.html#more
http://www.patentlyapple.com/patently-apple/2010/07/apples-itravel-app-to-plug-into-hotel-servers-for-in-room-services.html
http://www.patentlyapple.com/patently-apple/2010/05/a-new-social-workflow-patent-from-apple-highlights-facebook.html#more
http://www.patentlyapple.com/patently-apple/2010/04/nfc-iphone-to-control-all-of-your-in-home-electronics-more.html
http://www.patentlyapple.com/patently-apple/2010/02/apple-getting-serious-about-near-field-communication-on-the-iphone.html
http://www.patentlyapple.com/patently-apple/2009/11/apple-developing-grab-go-application-for-life-in-the-fast-lane.html#more

There's a lotta reading in here, but it all lines up to a lot of NFC benefits that have nothing to do with paying someone.

Agree, there is alot you can do with it besides pay people.

 

[grimmace]

Dont lose your phone

So now I can find my phone and also see the bills they rack up when I find out my phone was stolen.