Security - Payments - iPhones

Discussion in 'iPhone' started by SD-B, Jun 19, 2016.

  1. SD-B macrumors 6502

    SD-B

    Joined:
    Apr 1, 2009
    #1
    Hi. Apple'fied to the max at home.

    Was early iPhone user for a long time - went android for large screen 5 years or so back.
    Been there, done that.

    Back to an iPhone for the first time yesterday. Smaller, SE model.
    Really just need it for odd phone call, odd text message, etc.
    No fancy apps needed.

    BUT, I am curious about all these pay options.
    I have avoided applying technology to even debit cards where you can scan your payments with a swipe, I think it is?
    Always feared losing the card and someone else having a party on my swipes.

    Can someone please explain to me how I would not need to fear losing my iphone for the same to happen?
    Yes, I know, if lost i could turn off the phone, etc but in the heat of panic, we dont always think straight, remember necessary password to do so, etc.


    T.I.A.
     
  2. Newtons Apple Suspended

    Newtons Apple

    Joined:
    Mar 12, 2014
    Location:
    Jacksonville, Florida
    #2
    You have the have security turned on and it would require either your fingerprint or a passcode to do Apple Pay. It is all very safe.
     
  3. IFRIT macrumors 6502a

    Joined:
    Oct 15, 2012
    #3
    You would hate Android Pay then as you can make contactless payments for a maximum of £30 in my country simply by waking the phone but then again the banks would re-imburse me if something happened. Do you not get the same insurance in the U.S.A. ?
     
  4. joeblow7777 macrumors 601

    Joined:
    Sep 7, 2010
    #4
    As mentioned above, you need to have your finger placed on the home button to use Apple Pay. It will be useless to anyone else who possesses your phone unless they also possess your hand.
     
  5. SD-B thread starter macrumors 6502

    SD-B

    Joined:
    Apr 1, 2009
    #5
    Am in Canada.
    Buy online frequently but only use one bank account/one card for that account-associated with PayPal.
    Would not allow other accounts to be used online so no need for insurance, keep only certain amounts
    in that account.

    Am perhaps a bit hyper about security as I shop in China online daily.
    Using a phone for banking is a bit out of my comfort zone.
    Even though I would not link it to other accounts.
    Hackers are tricky though :p

    Thanks, so fingerprints will really work. At least for now.

    K, thanks
     
  6. kdarling, Jun 19, 2016
    Last edited: Jun 19, 2016

    kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    First university coding class = 46 years ago
    #6
    Or a good copy of your fingerprint. But that's unlikely with a lost phone.

    As Newtons Apple pointed out above, your passcode will work too. However, that would only be a vulnerability if someone shoulder-surfed your passcode. If you use Touch Id all the time, that won't happen.

    The short answer is, it's secure enough for all but very exceptional circumstances.
     
  7. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #7
    I think it's more secure than swiping a regular debit or credit card.
    The merchant never has access to your real card number and expiration date. Everything is tokenized.
    If there's a breach of security like target or Home Depot for example the hackers will not get your real info unlike millions of valid credit card and expiration numbers they stole that was used for fraudulent purchases your contactless payment is safe.
     
  8. baypharm macrumors 65816

    baypharm

    Joined:
    Nov 15, 2007
    #8
    For now. Someone/something stole the fingerprints of every federal employee and applicants. This was not random. There was method to their madness. Technology is being developed to exploit these fingerprints. Don't say I didn't tell you...
     
  9. joeblow7777 macrumors 601

    Joined:
    Sep 7, 2010
    #9
    The average person is much more likely to have a PIN number stolen or guessed than a fingerprint. That's not changing anytime soon. There will always be ways to bypass any security feature. The question is how practical and probably are they for the average thief.
     
  10. baypharm macrumors 65816

    baypharm

    Joined:
    Nov 15, 2007
    #10
    As I said i disagree with you 100 per cent. The people who are behind fingerprint cloning/exploiting technology are not common thieves. They are highly motivated as well as intelligent with advanced degrees from American universities. My own company proved to a major hospital client that fingerprint authentication was not secure. You go ahead and keep believing that your devices are safe. Good luck
     
  11. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #11
    What is secure nowadays?
    Passwords or PIN numbers are not either.
     
  12. joeblow7777 macrumors 601

    Joined:
    Sep 7, 2010
    #12
    Lifting a fingerprint is never going to be easier than just watching someone type in a PIN, or guessing it because a surprising amount of people use something dumb like 1-2-3-4
     
  13. eoblaed macrumors 68000

    eoblaed

    Joined:
    Apr 21, 2010
    #13
    If I lose my phone, I have zero fear that someone is going to somehow find my fingerprint, replicate it onto a substrate in a way they can fake me, and get into the device.

    And even if they could do that, by then the phone would require the passcode to get in. The only option would be for someone to get my fingerprints ahead of time, do all that work, and then steal my phone ... and let's face it: if they have the time, patience, and ability to do all those things, I'm screwed anyway.

    I simply don't have anything on my phone worth that level of effort to anyone.... it's not like I'm carrying state secrets on it.
     
  14. Newtons Apple Suspended

    Newtons Apple

    Joined:
    Mar 12, 2014
    Location:
    Jacksonville, Florida
    #14
    So far we have not seen the Apple Pay system hacked. But I am a firm believer that sooner or later someone will figure out a way.
     
  15. IFRIT, Jun 20, 2016
    Last edited: Jun 22, 2016

    IFRIT macrumors 6502a

    Joined:
    Oct 15, 2012
    #15
    Americans worried about card security, when i think the majority still pay with mag strip and signature...
     
  16. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #16
    Either way all my cards have 0 fraud liability to the end customer.
    Would someone go as far as lifting my fingerprint and then steal my phone in order to make fraudulent purchases with Apple Pay?
    If they go that far but I highly doubt they would I still won't be responsible for any of those charges.
     
  17. joeblow7777 macrumors 601

    Joined:
    Sep 7, 2010
    #17
    And that's what I meant about the average person and the average thief.
     
  18. eoblaed macrumors 68000

    eoblaed

    Joined:
    Apr 21, 2010
    #18
    Yeah. My point being that it would take an extraordinary thief going through extraordinary measures to make any use of my phone and if those sorts of forces are being levied against me, that thief would be better served going after other areas of my life -- or even better, someone else's life. Those sorts of efforts are best used to secure extraordinary loot, the kind of which very few people have, let alone could be accessed through their phone.
     
  19. rigormortis, Jun 20, 2016
    Last edited: Jun 20, 2016

    rigormortis macrumors 68000

    rigormortis

    Joined:
    Jun 11, 2009
    #19
    All you have to do is suspend apple pay or remove the cards with find my iPhone if you misplace it.



    Its been reported that in situations where your iPhone has been used fraudulently, apple is the liable party for the transactions, and you, the bank and the merchant is not. this was part of the deal that apple signed up for in exchange for cut of the transactions
    --- Post Merged, Jun 20, 2016 ---
    Notice no one is saying anything about regular swipe transactions and how merchants aren't requiring you to sign for transactions for under $25 and how most of them don't even care that you are ALL DOING IT WRONG!!! By refusing to sign the back of your card!!!!!! , and you are allowed to swipe your own card!!!!! , and the merchant doesnt even get to look at your card to make sure its not counterfeit

    Back in the old days, we merchants were allowed to pick up stolen cards. But were not allowed to do that anymore. In some situations its necessary to call the bank and get a manual authorization, but I've worked retail at several places that personally banned me from calling them

    When I worked retail, my pet peeve was people who did not sign the back of the cards. You must sign the back of the card for the card to be valid. Check id is not good enough!!! Any signature on the back of the card makes it the authorized signature

    I tried to explain to management that "call center" will go away as soon as someone actually calls the center. And if you keep taking your card to various places to try and buy food and no one "calls center", it makes it look worse.
     
  20. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    First university coding class = 46 years ago
    #20
    Yeah, regular thieves or phone finders aren't going to bother. The perpetrators to worry about, are those who are near enough to you to take their time to get a good fingerprint and perhaps even test it while you're not watching. Like people you work or live with.

    I think it'd make a great TV detective show episode to have someone frame their spouse by using their iPhone to make a purchase by fake fingerprint near a murder scene. Good luck proving you didn't do it! :D

    That story was a myth. The banks are still liable, since it's their code that's doing the actual payment transactions. Apple has nothing to do with tokenization, NFC transactions, etc. The only parts they play are in card registration ( even then, all the registration fraud that happened was laid on the banks), and verifying our passcode/print.

    Exactly. The signature is the user's acceptance of the contract. "Check Id" means the card is invalid.
     
  21. SD-B thread starter macrumors 6502

    SD-B

    Joined:
    Apr 1, 2009
    #21
    Interesting.

    I purchase daily on an onsite hong kong url that is one of the busiest in its area of electronics.
    Using PayPal.

    We have just undergone a situation whereby many of us (not myself) kept gift certificates online and had done so for ages, on and off.
    Suddenly there was a rash of stolen GCs, all being re-directed to various Russian addresses.
    Customer service was bogged down.
    When a real customer noticed the address change within their account, they could not get to CS in time to stop the shipment from going out.

    In the end, it was determined that someone was stealing cookies that contained passwords, etc.
    Never tracked down exactly how and where.
    In my case, I run strict firewalls, CCleaner, various tools, always sign out, clean cookies from various sites and in the end, likely the reason why my account was not one of those hacked.
    Passwords were changed yet several more took place afterwards.

    Think it has slowed down but suffice to say, it was a wake up call about security.
    I tend not to surf such sites on my phone though.

    But naturally, am always curious as to how much can be pulled.
    No matter how secure I think I am, there seems to always be an exploit available around the corner.

    Hence, I am reluctant to include banking, etc, on a cell phone.
     
  22. baypharm macrumors 65816

    baypharm

    Joined:
    Nov 15, 2007
    #22
    You are doing everything you are supposed to do on your end to maintain security. One of the most basic as you point out is deleting cookies, cache files, and brouser history and logging out of web sites after using them. Everyone should be doing this. I never access any banking or credit card sites while on public WIFI. Too many sniffers out there drinking coffee next to me masquerading as an innocent student while gathering passwords. It is bad enough while on cellular with so many quasi cell towers in use in the U.S now. In my example above, we showed our contract client how easily a fingerprint file could be used for prescribing, ordering, and administering medication to a patient while in a hospital setting. This fingerprint "file" was obtained from a supposedly protected server.

    With so many companies requiring criminal background checks on its applicants and existing employees, the future of fingerprint exploitation is surely to explode. As more companies require fingerprint checks through the FBI database, more and more fingerprint files will be gathered. When you submit to a background check your prints are not destroyed regardless of the outcome of the employment offer. A few years ago every employee of the U.S Government (including those who ever applied for employment) had their fingerprints stolen. To date no one knows who or what was behind this massive breach. Whoever was behind it is not your typical high school dropout corner store thief or bank robber with a gun. Today's criminal is ultra sophisticated, very smart, and most of all very patient. Some people may ask what is the perceived value of having millions of fingerprint files and other personal data - we don't really know at this juncture. We're still in the infancy of this technological breakthrough.

    Another practice that should be avoided is the use of a remote control device to lock and unlock your car door while in a heavily populated area. There are BT devices readily available that can capture the signal and create a file so that a thief could later access the vehicle for clandestine purposes. Ok my lunch break is over now. Back to the grind.
     
  23. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #23
    In a heavily populated area wouldn't it be somewhat hard to specifically capture a particular signal and have it associated with a particular vehicle that is known? Seems like it would have to be a fairly targeted and specifically executed type of thing, which in a sense makes it all that less likely as far as the likelihood of running into that for an average person, let alone the likelihood of it actually working out properly for the thief.
     
  24. SD-B thread starter macrumors 6502

    SD-B

    Joined:
    Apr 1, 2009
    #24
    @baypharm

    re: remote control device - Hmmmmmmm. Guess it pays to be a bit paranoid then, after reading all of that.

    Still reluctant to do banking or online purchases online with a mobile phone.
    Thanks.
     
  25. Applejuiced, Jun 22, 2016
    Last edited: Jun 22, 2016

    Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #25
    It's your choice.
    People nowadays are still reluctant to use a debit or credit card and either use cash or write a check at the register.
    Some are reluctant to do any online purchases, they dont like to use an ATM and rather wait at the teller line.
    It's all personal choice and what one feels comfortable with.
    I like to take advantage of all the latest tech. I deposit checks to my account using my cellphone inside my kitchen while I'm eating breakfast:)
     

Share This Page