Hands-On First Impressions of Apple's New Payment Initiative, Apple Pay

[kdarling]

Your credit card information isn't saved to iCloud. There's a secure element in there like there is for TouchID.

Yep. The NFC Secure Element is almost certainly in the NFC chip. It's almost always either there or in the SIM.

I've yet to hear all widespread breaches of TouchID that have actually meant something other than for testing purposes.

Of course, previously there was little reason to take the time to pre-plan getting someone's print just to look at stuff on their stolen phone. Now there's monetary incentive. Should be a rare occurrence though.

Your or her credit card info won't be in iCloud.

Right, not in iCloud. It's stored in other systems, likely such as the ones at First Data, who are providing the request authentication side.

First Data’s Big Role in New Apple Payment Plan

 

[shoulin333]

You still need lug around these debit cards and credit cards. Because not every where accept phone payment and certainly banks won't take it when you need withdraw cashes or make money orders... or deposit money or cheques into your account

For now.

 

[Eduardo1971]

I'm actually more excited over this than the new larger screens on the new phones.

 

[iSee]

Apple Pay looks great... but the network seems very sparse.

They actually listed individual companies in a not-too-dense slide. I don't think I'll have much opportunity to use it.

... And, I don't like the idea of downloading an app for any online retailer I might want to use this with. Most of the online retail store apps are really, really bad -- much worse than the corresponding web site. Probably not worth the trouble just to get a slick check out. I guess I might do it if something like 1-800-flowers supports this.

 

[mrgraff]

"Hey kid, thumb a hundred bucks will ya, help save the clock tower."

Next , flying cars!

 

[ksuyen]

I guess most of the surprise and aww and magic is from American audience where swipe and sign is by far the dominant form of credit card transactions.

Here in Canada PayWave, PayPass and whatever-Amex-calls-it are very popular. On my MasterCard which I use for small transactions like coffee, groceries, etc. I don't even remember what the PIN is.

Further to that apps like this have been around for a while:
https://www.cibc.com/ca/features/mobile-payment.html

Obviously no app for iPhone so far so I haven't tried it. It's not just payments either, I see people tapping their phones on bus/subway where Presto cards are accepted. I'm not sure if that's an official app or just some "hack".

Paypass is a norm here. 90% of the shops accept any credit/debit cards that support paypass. But Apple implementation make it easier. Instead of carrying multiple cards in your wallet, or installing multiple apps in your phone, iPhone stores all of them in 1 convenience-1-touch-ID payment. No need to unlock ur phone and open a specific apps. No need to stick an NFC card at the back of your phone. Your iphone is THE credit card. And so is your Apple Watch later.

 

[nagromme]

I may be wrong, but I doubt it is that sophisticated. My assumption is that the card numbers are stored on the phone with encryption. To decrypt, you must provide your thumbprint, which then you can select the card you wish to submit for payment. At that point, the card number is sent to the NFC receiver.

Wrong. Apple explained all this. They are WAY ahead. Your card number is NOT stored on your device, nor shared with the retailer.

Think of the Target hack: credit card numbers received by Target were vulnerable. Now imagine that Target never GOT your card number--they got a one-time-use code that got used. Once. Your'e now safe, while the dinosaurs swiped used plastic cards are chasing down false transactions.

 

[darcyf]

There's a subliminal "STOP" in the Apple Pay segment when Tim Cook is talking about credit cards.

There's a giant credit card on the screen and when they flip it around to the back, the last four digits, now on the left, read "STOP" (9015 backwards).

Probably just Apple having a bit of fun, but it can't be a coincidence.

 

[danielsutton]

The thing about that is, they would have to roll out iBeacons to stores before it could be used. The version they introduced can already be used in a lot of places.

iBeacons are very small and cheap, only costing a few dollars. Apple does not have to make its own Beacons, there are third party devices that are being sold, and can be easily integrated into existing POS systems. Customers can receive push notifications such as promotional codes, circulars, and receipts, reducing paper usage. Also, customers can check out without having to be super-close to the POS terminal, reducing the amount of time that they have to wait in line. Wi-Fi can be encrypted, and fingerprints and tokenization of transactions add another layer of security.

By using NFC, Apple is not differentiating iDevices enough, and are further helping their competition by cementing the same technology that they use.

I do hope that over the next year, as Apple Pay becomes more popular, Apple will start implementing Beacon technology and will begin moving away from NFC. NFC is a legacy technology that does not provide any major benefits.

 

[RangerOne]

I'm sure Jennifer Lawrence can't wait to get her credit card info into iCloud

Uh... she probably has her credit card info in iCloud, since she obviously has an iPhone and has probably purchased something from iTunes at some point.

The question is, will she use a reasonably complex and unique password? An account is only as secure as its password. The vast majority of individual-account breaches happen because of weak passwords.

 

[danielsutton]

One step at a time... build trust first with close proximity transactions, then expand the iBeacon network - which won't even require the NFC radios.



Why are you even here? Choose to be stuck in the stone ages if you want. The rest of us will be enjoying the new convenience.

I do hope that you are right I would love to see a large scale iBeacon deployment in retail establishments, as well as in other public places (parks, sports stadiums, etc.). Also, iBeacons in the enterprise would be awesome, proximity-based access to proprietary company information and the like. When employees step outside the office, access is restricted, helping to prevent disclosure of sensitive information.

 

[dampfnudel]

I'm looking forward to using Apple Pay. Well, maybe not as much as some Russian hacker, but....

 

[SirLance99]

iBeacons are very small and cheap, only costing a few dollars. Apple does not have to make its own Beacons, there are third party devices that are being sold, and can be easily integrated into existing POS systems. Customers can receive push notifications such as promotional codes, circulars, and receipts, reducing paper usage. Also, customers can check out without having to be super-close to the POS terminal, reducing the amount of time that they have to wait in line. Wi-Fi can be encrypted, and fingerprints and tokenization of transactions add another layer of security.

By using NFC, Apple is not differentiating iDevices enough, and are further helping their competition by cementing the same technology that they use.

I do hope that over the next year, as Apple Pay becomes more popular, Apple will start implementing Beacon technology and will begin moving away from NFC. NFC is a legacy technology that does not provide any major benefits.

Yet, Apple didn't do anything like that. Why? Because if you think globally, NFC is THE standard for mobile payments backed, funded and implemented by the CC companies.

 

[javaJunkie]

First of all, you're interpreting that article incorrectly. They don't make money off transactions, they just struck a deal for the transactions to cost less.

Secondly, why do you even care? Apple would just be another middle-man inbetween your merchant and the bank, especially in online payments. There are hundreds of those already, yet you don't seem intent on avoiding them.

I can almost guarantee you are wrong. Apple will be getting a cut off off every transaction. As much as I like Apple it is foolish to think that they did this out of the good ness of their heart. Most likely the bank will be able determine that the generated Card number came from Apple. Apple will get either a fixed amount or a percentage. Payments is something everyone has been wanting to get into for a while but it is very complicated due to the peers involved (Banks, Merchants, card associations) wanting to get a slice of the pie. I think Apple had the resources and the will to get everyone working together. If i remember correctly Google was trying to bypass the Card associations and I looks like Apple is working with them. That will give Apple a better chance a success. Also Google was looking at this a another means of data collection when Apple is looking at it solely as a revenue generator

 

[VenusianSky]

Wrong. Apple explained all this. They are WAY ahead. Your card number is NOT stored on your device, nor shared with the retailer.

Think of the Target hack: credit card numbers received by Target were vulnerable. Now imagine that Target never GOT your card number--they got a one-time-use code that got used. Once. Your'e now safe, while the dinosaurs swiped used plastic cards are chasing down false transactions.

Ok, I stand corrected. I did not watch the presentation. Thing is that there has to be some way to route the transaction and verify there are sufficient funds. In theory it should be more secure than using a card, but that comes down to how secure the backend system is.

 

[CausticPuppy]

how so? I would avoid using it until Apple proven their security... with recent iCloud hack... I trust Apple even less... especially with all these private info...

There was no iCloud hack.

There was a targeted attack at certain individuals who used weak security questions/answers to protect their account.

 

[ke-iron]

Dual verification touch ID and pin number.

You still need lug around these debit cards and credit cards. Because not every where accept phone payment and certainly banks won't take it when you need withdraw cashes or make money orders... or deposit money or cheques into your account

For now true, but I can definitely see this technology pave the way for a wireless withdrawal method from an ATM. You approach the ATM terminal and the NFC in your phone communicates with the ATM and prompts you to use your finger print on TouchID to verify you want to access the ATM, then after thumb print verification on your phone the ATM asks you to enter your pin number. Kind of double security and no physical card involved to access your account. Now if this method is used at gas stations and other card terminals this way, this will tremendously reduce credit card fraud, copying, skimming or whatever its called. Double verification method with no card involved, sweet.

 

[itguy06]

This works the same way Google Wallet works on Android. You register your cards. The app generates a 1 time use MasterCard number that is beamed via NFC to the store. They process that as payment and then Google/the bank charges your registered card.

What this does is make it much simpler.

I don't have to remember to launch Google Pay to sync (it must sync once in 24 hours). I don't have to remember to wake my phone up (since it uses touch ID it's on). It's easier to choose a card.

I love the NFC pay aspect of my GS5. This makes it much better/easier.

I like it. That and the other niceties makes me want to pitch the GS5.... Anyone want a T-Mobile Samsung GS5?

 

[MisakixMikasa]

For now true, but I can definitely see this technology pave the way for a wireless withdrawal method from an ATM. You approach the ATM terminal and the NFC in your phone communicates with the ATM and prompts you to use your finger print on TouchID to verify you want to access the ATM, then after thumb print verification on your phone the ATM asks you to enter your pin number. Kind of double security and no physical card involved to access your account. Now if this method is used at gas stations and other card terminals this way, this will tremendously reduce credit card fraud, copying, skimming or whatever its called. Double verification method with no card involved, sweet.

For now.

I can make a bet that this won't happen in 5 or more years. Banks are the one move really slowly on technologies. Some banks are still using Windows XP and DOS like system on their computers. NFC equipped ATM? I can see it coming and installed in new locations, but it gonna be hard to get banks replacing their old ATM with newer one. This just won't happen in near future.

Beside... Unless everyone in the earth equipped with iPhone, then you will still see physics card issued and there is no real incentive for merchants, FIs to upgrade their facilities.

 

[H2SO4]

I am disappointed that Apple went the NFC route, they have a much better and more interactive and engaging experience with iBeacon. NFC requires a very close proximity to the POS terminal, while iBeacon is very secure, and can be used within farther distances. iBeacon also supports push notifications.

Because everybody else has gone NFC.
Apple products, love em. They suit me, (at the moment), and what I like and I’m lucky enough to be able to afford one.
But Apple execs are complete douchebags. They are so ridiculous when it comes to speaking about their products. Whether you think he’s great or not Jony Ive makes the most contrived and stomach turning videos I’ve, (excuse the pun), ever seen.
As for Schiller and Cook they are out of touch. Everything has to be cool. Why? U2 certainly ain’t cool.

Anyway this particular artcle I find weird. Tim Cook commented that Apple Pay is "incredibly safe” Eh??? Whilst it may turn out that way, you can’t possibly have carried out widespread testing yet TC.
That’s akin to Luca Di Montezemolo saying his cars are the fastest and best handling when only motoring journos have tested it. They can do all the laps of Nurburgring and cold weather testing in the world but until it hits the street they just don’t know.

 

[peterskim]

Will Apple Pay require a network connection? I've tried using Google Wallet and after a few instances where the transaction failed because I had poor reception, I gave up. I don't want to be fumbling with my phone, dealing with poor reception, etc. when all I want to do is pay for my purchase.

If Apple Pay requires a network connection like Google Wallet does, I don't think it's going to take off, especially in the US where good cell reception is far from ubiquitous. And even though I live in NYC, which arguably has the best cell coverage in America, there are just a lot of places indoors where you don't get cell reception.

 

[Luke Redpath]

I may be wrong, but I doubt it is that sophisticated. My assumption is that the card numbers are stored on the phone with encryption. To decrypt, you must provide your thumbprint, which then you can select the card you wish to submit for payment. At that point, the card number is sent to the NFC receiver. The data may or may not be transmitted with encryption. It doesn't really matter at that point since it is near field communication. The risk is the nearly same, or less as swiping your card yourself or using a card with a smart chip. The only thing mentioned is that the cashier will not get your card information since you don't have to hand it to them. I am pretty sure the merchant will still obtain the card number in the system, which then it would be encrypted and transmitted to the card's bank to submit the transaction.

This is not how Apple Pay works. The credit card number does not leave the device. It uses secure tokens instead.

http://investor.visa.com/news/news-...ra-of-Payments-on-Mobile-Devices/default.aspx

 

[twigman08]

Maybe I missed it or maybe it is in another video, but I would like to see what happens if you use the wrong fingerprint with Touch ID. What is the error message.

Also is it linked to all the fingerprints you have stored in TouchID or is it only linked to a certain one. Just seeing if, lets say, someone and their wife could put both their fingerprints so that way both of them can use the phone pay. Or maybe you can select which one it uses? Maybe I missed it somewhere but has anyone heard about these?

 

[Velin]

If this is as secure, and if it is as seemless, as Cook says, I will use it. I may even upgrade to iPhone 6 early if enough businesses upgrade to the terminals permitting transactions.

 

[patent10021]

There's a subliminal "STOP" in the Apple Pay segment when Tim Cook is talking about credit cards.

There's a giant credit card on the screen and when they flip it around to the back, the last four digits, now on the left, read "STOP" (9015 backwards).

Probably just Apple having a bit of fun, but it can't be a coincidence.

View attachment 489716

Great catch! I also like how Phil specifically talks about the Monarch butterfly to get into macro photography. These things combined with the push for NFC is no coincidence. Apple is just another participant in the global agenda. Oh well. As long as we are AWARE.