I'm sure Jennifer Lawrence can't wait to get her credit card info into iCloud
Do people actually read anything?
Your credit card info isn't stored in iCloud.
----------
How familiar are you with iBeacon?
I'm pretty sure it's not as secure as NFC.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hands-On First Impressions of Apple's New Payment Initiative, Apple Pay
- Thread starter MacRumors
- Start date
- Sort by reaction score
Do people actually read anything?
Your credit card info isn't stored in iCloud.
----------
How familiar are you with iBeacon?
I'm pretty sure it's not as secure as NFC.
Exactly. Once you buy your iPhone you've given Apple their one time source of revenue excluding their 30% cut of iTunes and App Store purchases but now they have another way to milk customers for even more over the lifespan of their device. But hey, that's capitalism and convenience isn't free.
One step at a time... build trust first with close proximity transactions, then expand the iBeacon network - which won't even require the NFC radios.
Why are you even here? Choose to be stuck in the stone ages if you want. The rest of us will be enjoying the new convenience.
Your credit card information isn't saved to iCloud. There's a secure element in there like there is for TouchID.
I've yet to hear all widespread breaches of TouchID that have actually meant something other than for testing purposes.
Well, it also helps if the really important bit never leaves the phone. There's ways to authenticate a transaction came from a particular phone with a particular "secret" using RSA-style keys. The device holds the secret (generated randomly), and gives out a public key to the bank. During payment, the phone's secure encryption piece does some work with the secret and the transaction details, and generates a one-time payment authorization. The bank can then confirm that the authorization is genuine, by confirming it came from the secret key that matches the public one.
Apple doesn't give enough information to say that this is what they are doing, but it is similar in style. The bank has enough information to validate the transaction came from a specific phone, but the merchant would have to break the encrypted transaction code in order to forge their own. And as the key would be (presumably) large and random, much tougher than a password to break.
No, that's not a "fact". It was a "rumor", before Apple did their investigation and confirmed what really happened. It wasn't just a weak password -- it was a password recovery with questions that were easily guessed. And since Apple would have sent out an email saying the password was changed, the victims would have known exactly when it happened, if they were paying attention.
Which is demonstrably insecure. With the 16 digit number, expiration date, and CVV, your account can be emptied or run up to the credit limit. Even when merchant systems follow PCI standards and don't store the credit card and encrypt all communication, the card info is still unencrypted in the POS terminal's memory for a brief period. All you need is something that can monitor that memory and snag the info, and it's gone. That's what happened to Target. And, it's probably what happened to Home Depot.
Apple doesn't store your credit card info: it stores a device identifier that can only be used with a transaction-specific security code to authenticate your transaction. That's what is sent to the merchant's POS system. It's only good for one transaction. And the merchant's system never sees your credit card number/expiration/CVV.
I don't know enough about the EMV (chip) cards to know if they do something similar. That technology dates back to the 80's, so it is probably not as secure.
I quoted Apple's web page on the iPhone 6 above, but I think you basically have it right. There's a "Device Account Number" (which identifies the phone), but there's also a transaction-specific security code which presumably can only be used once.
Apple didn't change anything. Mobile payment existed for years now, but people tend not to use it because they don't trust the tech. Nothing will change now either. This might help push the tech in US (US only, not Asia where this tech has been used for a while), but they didn't change anything. When it comes to mobile payments in US, I prefer LevelUp because it's universal for different OSes and you get bonuses for using it wherever it is accepted.
Which one is it? I work for one of the big 4 and they used to have that policy (albeit poorly enforced because employees got phones on launch days all the time) but they scrapped it around the time of the iPhone 5 launch.
Don't want to rain on anyone's parade but you can already do this in Canada with several Android and BlackBerry phones. MasterCard Paypass, Visa Paywave and Interac Flash (debit, basically) are all contactless and are widely available in Canada.
There was no iCloud hack, and the recently-closed hole that allowed too many password guesses wasn't used either.
What happened was: a bunch of photos were stolen, by various means involving guessing poor passwords, detective work to get celebs security answers, and the like, over several years, from Google and Android. AND from many other services. Including Apple, which mysteriously got all the headlines, because that misleading slant sells ads on "news" sites.
Meanwhile, with Apple Pay, your credit card is WAY, WAY more secure than anything else you could do with it at a cash register. A one-time code is used, and the code--not even your credit card number--is stored securely on your device, unlocked by fingerprint. If that scares you, how can you ever survive handing your card to a cashier, or swiping it through a box you didn't build yourself?
The funny thing is the Jobs worshippers seem to dislike Cook despite Cook being the guy Jobs handpicked to succeed him.
The information does not go to iClouds, if you watched the Keynotes you should know this. The information is sent straightly to your bank/financial account who issue the credit cards. Apple can't touch any of this or they will risk being sued.
Plenty of specials on iPhone 6. It's a matter of perspective.
I may be wrong, but I doubt it is that sophisticated. My assumption is that the card numbers are stored on the phone with encryption. To decrypt, you must provide your thumbprint, which then you can select the card you wish to submit for payment. At that point, the card number is sent to the NFC receiver. The data may or may not be transmitted with encryption. It doesn't really matter at that point since it is near field communication. The risk is the nearly same, or less as swiping your card yourself or using a card with a smart chip. The only thing mentioned is that the cashier will not get your card information since you don't have to hand it to them. I am pretty sure the merchant will still obtain the card number in the system, which then it would be encrypted and transmitted to the card's bank to submit the transaction.
I guess most of the surprise and aww and magic is from American audience where swipe and sign is by far the dominant form of credit card transactions.
Here in Canada PayWave, PayPass and whatever-Amex-calls-it are very popular. On my MasterCard which I use for small transactions like coffee, groceries, etc. I don't even remember what the PIN is.
Further to that apps like this have been around for a while:
https://www.cibc.com/ca/features/mobile-payment.html
Obviously no app for iPhone so far so I haven't tried it. It's not just payments either, I see people tapping their phones on bus/subway where Presto cards are accepted. I'm not sure if that's an official app or just some "hack".
Here in Canada PayWave, PayPass and whatever-Amex-calls-it are very popular. On my MasterCard which I use for small transactions like coffee, groceries, etc. I don't even remember what the PIN is.
Further to that apps like this have been around for a while:
https://www.cibc.com/ca/features/mobile-payment.html
Obviously no app for iPhone so far so I haven't tried it. It's not just payments either, I see people tapping their phones on bus/subway where Presto cards are accepted. I'm not sure if that's an official app or just some "hack".
First of all, you're interpreting that article incorrectly. They don't make money off transactions, they just struck a deal for the transactions to cost less.
Secondly, why do you even care? Apple would just be another middle-man inbetween your merchant and the bank, especially in online payments. There are hundreds of those already, yet you don't seem intent on avoiding them.
We have that here but not that widespread. Many gas stations have a quick pay card, where you just wave your card at the NFC receiver at the pump to pay.
I doubt Apple will even be that. There is no reason for your credit card numbers to go through Apple in order for this to work. The only thing Apple needs to provide are NFC receivers that can communicate with the iPhone. From there, the receivers send the transactions directly to the bank.