• Did you order new AirTags? We've opened a dedicated AirTags forum.

SD-B

macrumors 6502
Original poster
Apr 1, 2009
399
14
Hi. Apple'fied to the max at home.

Was early iPhone user for a long time - went android for large screen 5 years or so back.
Been there, done that.

Back to an iPhone for the first time yesterday. Smaller, SE model.
Really just need it for odd phone call, odd text message, etc.
No fancy apps needed.

BUT, I am curious about all these pay options.
I have avoided applying technology to even debit cards where you can scan your payments with a swipe, I think it is?
Always feared losing the card and someone else having a party on my swipes.

Can someone please explain to me how I would not need to fear losing my iphone for the same to happen?
Yes, I know, if lost i could turn off the phone, etc but in the heat of panic, we dont always think straight, remember necessary password to do so, etc.


T.I.A.
 

IFRIT

macrumors 6502a
Oct 15, 2012
840
137
You would hate Android Pay then as you can make contactless payments for a maximum of £30 in my country simply by waking the phone but then again the banks would re-imburse me if something happened. Do you not get the same insurance in the U.S.A. ?
 
  • Like
Reactions: SD-B
Comment

joeblow7777

macrumors 604
Sep 7, 2010
6,725
7,994
As mentioned above, you need to have your finger placed on the home button to use Apple Pay. It will be useless to anyone else who possesses your phone unless they also possess your hand.
 
Comment

SD-B

macrumors 6502
Original poster
Apr 1, 2009
399
14
Am in Canada.
Buy online frequently but only use one bank account/one card for that account-associated with PayPal.
Would not allow other accounts to be used online so no need for insurance, keep only certain amounts
in that account.

Am perhaps a bit hyper about security as I shop in China online daily.
Using a phone for banking is a bit out of my comfort zone.
Even though I would not link it to other accounts.
Hackers are tricky though :p

Thanks, so fingerprints will really work. At least for now.

K, thanks
 
Comment

kdarling

macrumors P6
As mentioned above, you need to have your finger placed on the home button to use Apple Pay. It will be useless to anyone else who possesses your phone unless they also possess your hand.

Or a good copy of your fingerprint. But that's unlikely with a lost phone.

As Newtons Apple pointed out above, your passcode will work too. However, that would only be a vulnerability if someone shoulder-surfed your passcode. If you use Touch Id all the time, that won't happen.

The short answer is, it's secure enough for all but very exceptional circumstances.
 
Last edited:
  • Like
Reactions: SD-B
Comment

Applejuiced

macrumors Westmere
Apr 16, 2008
40,672
6,532
At the iPhone hacks section.
I think it's more secure than swiping a regular debit or credit card.
The merchant never has access to your real card number and expiration date. Everything is tokenized.
If there's a breach of security like target or Home Depot for example the hackers will not get your real info unlike millions of valid credit card and expiration numbers they stole that was used for fraudulent purchases your contactless payment is safe.
 
Comment

baypharm

macrumors 68000
Nov 15, 2007
1,808
774
As mentioned above, you need to have your finger placed on the home button to use Apple Pay. It will be useless to anyone else who possesses your phone unless they also possess your hand.
For now. Someone/something stole the fingerprints of every federal employee and applicants. This was not random. There was method to their madness. Technology is being developed to exploit these fingerprints. Don't say I didn't tell you...
 
  • Like
Reactions: SD-B
Comment

joeblow7777

macrumors 604
Sep 7, 2010
6,725
7,994
For now. Someone/something stole the fingerprints of every federal employee and applicants. This was not random. There was method to their madness. Technology is being developed to exploit these fingerprints. Don't say I didn't tell you...

The average person is much more likely to have a PIN number stolen or guessed than a fingerprint. That's not changing anytime soon. There will always be ways to bypass any security feature. The question is how practical and probably are they for the average thief.
 
  • Like
Reactions: SD-B
Comment

baypharm

macrumors 68000
Nov 15, 2007
1,808
774
The average person is much more likely to have a PIN number stolen or guessed than a fingerprint. That's not changing anytime soon. There will always be ways to bypass any security feature. The question is how practical and probably are they for the average thief.

As I said i disagree with you 100 per cent. The people who are behind fingerprint cloning/exploiting technology are not common thieves. They are highly motivated as well as intelligent with advanced degrees from American universities. My own company proved to a major hospital client that fingerprint authentication was not secure. You go ahead and keep believing that your devices are safe. Good luck
 
  • Like
Reactions: SD-B
Comment

Applejuiced

macrumors Westmere
Apr 16, 2008
40,672
6,532
At the iPhone hacks section.
As I said i disagree with you 100 per cent. The people who are behind fingerprint cloning/exploiting technology are not common thieves. They are highly motivated as well as intelligent with advanced degrees from American universities. My own company proved to a major hospital client that fingerprint authentication was not secure. You go ahead and keep believing that your devices are safe. Good luck

What is secure nowadays?
Passwords or PIN numbers are not either.
 
  • Like
Reactions: SD-B
Comment

joeblow7777

macrumors 604
Sep 7, 2010
6,725
7,994
Lifting a fingerprint is never going to be easier than just watching someone type in a PIN, or guessing it because a surprising amount of people use something dumb like 1-2-3-4
 
Comment

eoblaed

macrumors 68030
Apr 21, 2010
2,685
2,315
If I lose my phone, I have zero fear that someone is going to somehow find my fingerprint, replicate it onto a substrate in a way they can fake me, and get into the device.

And even if they could do that, by then the phone would require the passcode to get in. The only option would be for someone to get my fingerprints ahead of time, do all that work, and then steal my phone ... and let's face it: if they have the time, patience, and ability to do all those things, I'm screwed anyway.

I simply don't have anything on my phone worth that level of effort to anyone.... it's not like I'm carrying state secrets on it.
 
Comment

IFRIT

macrumors 6502a
Oct 15, 2012
840
137
Americans worried about card security, when i think the majority still pay with mag strip and signature...
 
Last edited:
  • Like
Reactions: SD-B
Comment

Applejuiced

macrumors Westmere
Apr 16, 2008
40,672
6,532
At the iPhone hacks section.
Either way all my cards have 0 fraud liability to the end customer.
Would someone go as far as lifting my fingerprint and then steal my phone in order to make fraudulent purchases with Apple Pay?
If they go that far but I highly doubt they would I still won't be responsible for any of those charges.
 
  • Like
Reactions: SD-B
Comment

joeblow7777

macrumors 604
Sep 7, 2010
6,725
7,994
If I lose my phone, I have zero fear that someone is going to somehow find my fingerprint, replicate it onto a substrate in a way they can fake me, and get into the device.

And even if they could do that, by then the phone would require the passcode to get in. The only option would be for someone to get my fingerprints ahead of time, do all that work, and then steal my phone ... and let's face it: if they have the time, patience, and ability to do all those things, I'm screwed anyway.

I simply don't have anything on my phone worth that level of effort to anyone.... it's not like I'm carrying state secrets on it.

And that's what I meant about the average person and the average thief.
 
  • Like
Reactions: Chatter and SD-B
Comment

eoblaed

macrumors 68030
Apr 21, 2010
2,685
2,315
And that's what I meant about the average person and the average thief.

Yeah. My point being that it would take an extraordinary thief going through extraordinary measures to make any use of my phone and if those sorts of forces are being levied against me, that thief would be better served going after other areas of my life -- or even better, someone else's life. Those sorts of efforts are best used to secure extraordinary loot, the kind of which very few people have, let alone could be accessed through their phone.
 
  • Like
Reactions: SD-B
Comment

rigormortis

macrumors 68000
Jun 11, 2009
1,813
229
All you have to do is suspend apple pay or remove the cards with find my iPhone if you misplace it.



Its been reported that in situations where your iPhone has been used fraudulently, apple is the liable party for the transactions, and you, the bank and the merchant is not. this was part of the deal that apple signed up for in exchange for cut of the transactions
[doublepost=1466466716][/doublepost]Notice no one is saying anything about regular swipe transactions and how merchants aren't requiring you to sign for transactions for under $25 and how most of them don't even care that you are ALL DOING IT WRONG!!! By refusing to sign the back of your card!!!!!! , and you are allowed to swipe your own card!!!!! , and the merchant doesnt even get to look at your card to make sure its not counterfeit

Back in the old days, we merchants were allowed to pick up stolen cards. But were not allowed to do that anymore. In some situations its necessary to call the bank and get a manual authorization, but I've worked retail at several places that personally banned me from calling them

When I worked retail, my pet peeve was people who did not sign the back of the cards. You must sign the back of the card for the card to be valid. Check id is not good enough!!! Any signature on the back of the card makes it the authorized signature

I tried to explain to management that "call center" will go away as soon as someone actually calls the center. And if you keep taking your card to various places to try and buy food and no one "calls center", it makes it look worse.
 
Last edited:
Comment

kdarling

macrumors P6
Yeah. My point being that it would take an extraordinary thief going through extraordinary measures to make any use of my phone and if those sorts of forces are being levied against me, that thief would be better served going after other areas of my life -- or even better, someone else's life. Those sorts of efforts are best used to secure extraordinary loot, the kind of which very few people have, let alone could be accessed through their phone.

Yeah, regular thieves or phone finders aren't going to bother. The perpetrators to worry about, are those who are near enough to you to take their time to get a good fingerprint and perhaps even test it while you're not watching. Like people you work or live with.

I think it'd make a great TV detective show episode to have someone frame their spouse by using their iPhone to make a purchase by fake fingerprint near a murder scene. Good luck proving you didn't do it! :D

Its been reported that in situations where your iPhone has been used fraudulently, apple is the liable party for the transactions, and you, the bank and the merchant is not. this was part of the deal that apple signed up for in exchange for cut of the transactions

That story was a myth. The banks are still liable, since it's their code that's doing the actual payment transactions. Apple has nothing to do with tokenization, NFC transactions, etc. The only parts they play are in card registration ( even then, all the registration fraud that happened was laid on the banks), and verifying our passcode/print.

When I worked retail, my pet peeve was people who did not sign the back of the cards. You must sign the back of the card for the card to be valid. Check id is not good enough!!!

Exactly. The signature is the user's acceptance of the contract. "Check Id" means the card is invalid.
 
  • Like
Reactions: SD-B
Comment

SD-B

macrumors 6502
Original poster
Apr 1, 2009
399
14
Interesting.

I purchase daily on an onsite hong kong url that is one of the busiest in its area of electronics.
Using PayPal.

We have just undergone a situation whereby many of us (not myself) kept gift certificates online and had done so for ages, on and off.
Suddenly there was a rash of stolen GCs, all being re-directed to various Russian addresses.
Customer service was bogged down.
When a real customer noticed the address change within their account, they could not get to CS in time to stop the shipment from going out.

In the end, it was determined that someone was stealing cookies that contained passwords, etc.
Never tracked down exactly how and where.
In my case, I run strict firewalls, CCleaner, various tools, always sign out, clean cookies from various sites and in the end, likely the reason why my account was not one of those hacked.
Passwords were changed yet several more took place afterwards.

Think it has slowed down but suffice to say, it was a wake up call about security.
I tend not to surf such sites on my phone though.

But naturally, am always curious as to how much can be pulled.
No matter how secure I think I am, there seems to always be an exploit available around the corner.

Hence, I am reluctant to include banking, etc, on a cell phone.
 
Comment

baypharm

macrumors 68000
Nov 15, 2007
1,808
774
Interesting.

I purchase daily on an onsite hong kong url that is one of the busiest in its area of electronics.
Using PayPal.

We have just undergone a situation whereby many of us (not myself) kept gift certificates online and had done so for ages, on and off.
Suddenly there was a rash of stolen GCs, all being re-directed to various Russian addresses.
Customer service was bogged down.
When a real customer noticed the address change within their account, they could not get to CS in time to stop the shipment from going out.

In the end, it was determined that someone was stealing cookies that contained passwords, etc.
Never tracked down exactly how and where.
In my case, I run strict firewalls, CCleaner, various tools, always sign out, clean cookies from various sites and in the end, likely the reason why my account was not one of those hacked.
Passwords were changed yet several more took place afterwards.

Think it has slowed down but suffice to say, it was a wake up call about security.
I tend not to surf such sites on my phone though.

But naturally, am always curious as to how much can be pulled.
No matter how secure I think I am, there seems to always be an exploit available around the corner.

Hence, I am reluctant to include banking, etc, on a cell phone.

You are doing everything you are supposed to do on your end to maintain security. One of the most basic as you point out is deleting cookies, cache files, and brouser history and logging out of web sites after using them. Everyone should be doing this. I never access any banking or credit card sites while on public WIFI. Too many sniffers out there drinking coffee next to me masquerading as an innocent student while gathering passwords. It is bad enough while on cellular with so many quasi cell towers in use in the U.S now. In my example above, we showed our contract client how easily a fingerprint file could be used for prescribing, ordering, and administering medication to a patient while in a hospital setting. This fingerprint "file" was obtained from a supposedly protected server.

With so many companies requiring criminal background checks on its applicants and existing employees, the future of fingerprint exploitation is surely to explode. As more companies require fingerprint checks through the FBI database, more and more fingerprint files will be gathered. When you submit to a background check your prints are not destroyed regardless of the outcome of the employment offer. A few years ago every employee of the U.S Government (including those who ever applied for employment) had their fingerprints stolen. To date no one knows who or what was behind this massive breach. Whoever was behind it is not your typical high school dropout corner store thief or bank robber with a gun. Today's criminal is ultra sophisticated, very smart, and most of all very patient. Some people may ask what is the perceived value of having millions of fingerprint files and other personal data - we don't really know at this juncture. We're still in the infancy of this technological breakthrough.

Another practice that should be avoided is the use of a remote control device to lock and unlock your car door while in a heavily populated area. There are BT devices readily available that can capture the signal and create a file so that a thief could later access the vehicle for clandestine purposes. Ok my lunch break is over now. Back to the grind.
 
  • Like
Reactions: SD-B
Comment

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,388
19,440
Another practice that should be avoided is the use of a remote control device to lock and unlock your car door while in a heavily populated area. There are BT devices readily available that can capture the signal and create a file so that a thief could later access the vehicle for clandestine purposes.
In a heavily populated area wouldn't it be somewhat hard to specifically capture a particular signal and have it associated with a particular vehicle that is known? Seems like it would have to be a fairly targeted and specifically executed type of thing, which in a sense makes it all that less likely as far as the likelihood of running into that for an average person, let alone the likelihood of it actually working out properly for the thief.
 
  • Like
Reactions: baypharm and SD-B
Comment

SD-B

macrumors 6502
Original poster
Apr 1, 2009
399
14
@baypharm

re: remote control device - Hmmmmmmm. Guess it pays to be a bit paranoid then, after reading all of that.

Still reluctant to do banking or online purchases online with a mobile phone.
Thanks.
 
Comment

Applejuiced

macrumors Westmere
Apr 16, 2008
40,672
6,532
At the iPhone hacks section.
@baypharm

re: remote control device - Hmmmmmmm. Guess it pays to be a bit paranoid then, after reading all of that.

Still reluctant to do banking or online purchases online with a mobile phone.
Thanks.

It's your choice.
People nowadays are still reluctant to use a debit or credit card and either use cash or write a check at the register.
Some are reluctant to do any online purchases, they dont like to use an ATM and rather wait at the teller line.
It's all personal choice and what one feels comfortable with.
I like to take advantage of all the latest tech. I deposit checks to my account using my cellphone inside my kitchen while I'm eating breakfast:)
 
Last edited:
  • Like
Reactions: baypharm
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.