Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,681
39,587


Stripe today announced a closed beta program for Apple's upcoming "Tap to Pay on iPhone" feature, with a sign-up form available on its website. The payment platform said the feature is "coming this spring" in the United States.

tap-to-pay-on-iphone-credit-card.jpeg

Tap to Pay on iPhone will allow newer iPhones to accept payments via Apple Pay, contactless credit and debit cards, and other digital wallets, with no additional hardware required. Apple said Stripe will be the first payment platform to offer Tap to Pay on iPhone to its partners, including Shopify for its Point of Sale app "this spring."

Tap to Pay on iPhone will allow individual merchants and small businesses in the U.S. to accept contactless payments in supported apps with an iPhone XS or newer. At checkout, the merchant will simply prompt the customer to hold their own iPhone or Apple Watch, contactless credit or debit card, or other digital wallet near the merchant's iPhone, and the payment will be securely completed using NFC technology.

Apple's new feature will turn iPhones into contactless payment terminals without additional hardware like a Square Reader, providing for a simple and convenient experience. It appears that the feature will be exclusive to the U.S. at launch.

Tap to Pay on iPhone will work with contactless credit and debit cards from leading payment networks, including American Express, Discover, Mastercard, and Visa, according to Apple. The feature will be available to participating payment platforms and their app developer partners in an upcoming iOS beta version.

Article Link: Stripe Launches 'Tap to Pay on iPhone' Beta Program Ahead of 'Spring' Release
 
I'm trying to understand how it does not become easier to steal someone's credit card money. What are the safety features? Is it because all transactions made through it can be traced back to you?
 
I'm trying to understand how it does not become easier to steal someone's credit card money. What are the safety features? Is it because all transactions made through it can be traced back to you?
I’m pretty sure it’s secure just like Apple Pay. All the data will be encrypted. Think of it as using an Apple Card.
 
  • Like
Reactions: svish and SFjohn
I’m pretty sure it’s secure just like Apple Pay. All the data will be encrypted. Think of it as using an Apple Card.
That's not what Konigi is worried about.

What's to prevent someone from holding their iPhone next to someone's buttocks wallet where the contactless credit card is and initiating a payment? Nothing.

I'm sure someone will come along and say you'll need a merchant account to accept payments and all that, but it's not as if people haven't had their identities stolen. All a thief needs to do is buy a burner iPhone, set it up with fake/stolen credentials, and create a merchant account with the same stolen credentials.

Once they've targeted enough people and completed enough transactions, withdraw the money to an external account that's also been set-up with stolen credentials and then transfer those fund to some offshore account or something.
 
That's not what Konigi is worried about.

What's to prevent someone from holding their iPhone next to someone's buttocks wallet where the contactless credit card is and initiating a payment? Nothing.

I'm sure someone will come along and say you'll need a merchant account to accept payments and all that, but it's not as if people haven't had their identities stolen. All a thief needs to do is buy a burner iPhone, set it up with fake/stolen credentials, and create a merchant account with the same stolen credentials.

Once they've targeted enough people and completed enough transactions, withdraw the money to an external account that's also been set-up with stolen credentials and then transfer those fund to some offshore account or something.
Its a stupid concern given the hundreds of tap to pay terminals that already exist and are far smaller and easier to hide. I have yet to see a wallet more than $5 that doesn't have RFID protection. The last thing we need is for this to be another Airtag that started off so useful but now is beyond useless thanks to overly ridiculous concerns.
 
Its a stupid concern given the hundreds of tap to pay terminals that already exist and are far smaller and easier to hide. I have yet to see a wallet more than $5 that doesn't have RFID protection. The last thing we need is for this to be another Airtag that started off so useful but now is beyond useless thanks to overly ridiculous concerns.
Exactly. You can grab a card reader for a couple bucks on eBay and have been able to for years. And yet, it's not a widespread issue.

If it does happen (which it's not common) your credit card company covers you for unauthorized purchases.
 
What's to prevent someone from holding their iPhone next to someone's buttocks wallet where the contactless credit card is and initiating a payment? Nothing.
What's to prevent someone from holding a payment terminal next to someone's buttocks? Nothing, except that PIN entry is still required for plastic NFC cards over certain amounts, you need to be registered as a merchant and go through a KYC process at a PSP like Stripe and not get money paid out if multiple people start chargebacks over dubious payments, and with most wallets it won't even work in the first place.

Still, regardless of what kind of NFC card / ID / passport etc. you're carrying with you, it's always a good idea to put it into some kind of enclosure that 100% blocks NFC. I do this for all my cards even though I know the likelihood of me losing money and/or data is pretty slim.
 
  • Like
Reactions: Dandoodle
I'm trying to understand how it does not become easier to steal someone's credit card money. What are the safety features? Is it because all transactions made through it can be traced back to you?
This is what keeps you from stealing someone's money: https://paymentdepot.com/blog/merchant-account-requirements/

You need a merchant account. To get one, you need to satisfy those requirements. If someone steals it all, then fine, they will be able to get the money for a short while, when people start complaining about charges they don't remember, they will shut down the account, and use any information to report the fraud to authorities, who will have the tools to prove the fraud in court and send you to prison. If you're good enough to get away with this, then you probably have skills to steal way more money and you're wasting your time. If you're not too good you'll go to prison. It's a high-risk low-reward scenario. And yes you can go around with a payment loaded in a reader (no iPhone needed actually), and tap it to people's pants to get contactless cards (not Apple Pay/other phone payments, notably, because you have to start the transaction and authenticate), but this is defeated by RFID-blocking wallets.

So if you're worried still, then know that you have 0 fraud liability. Check your statements and report any suspected fraud within 30 days, and you'll have no liability for fraud. And use RFID-blocking wallets.
 
Nothing, except that PIN entry is still required for plastic NFC cards over certain amounts
They're probably speaking about the USA where we don't have chip and PIN, it's literally chip and nothing (used to be signature but literally no one checked signatures and so they dropped the sig requirement). For contactless cards you can tap cards and accept payments with no security aside from the card itself. For Apple Pay and other phone payments they use authentication and you have to initiate Apple Pay to get started.
 
I'm trying to understand how it does not become easier to steal someone's credit card money. What are the safety features? Is it because all transactions made through it can be traced back to you?
The safety feature is, it’s Apple! ???
 
That's not what Konigi is worried about.

What's to prevent someone from holding their iPhone next to someone's buttocks wallet where the contactless credit card is and initiating a payment? Nothing.

I'm sure someone will come along and say you'll need a merchant account to accept payments and all that, but it's not as if people haven't had their identities stolen. All a thief needs to do is buy a burner iPhone, set it up with fake/stolen credentials, and create a merchant account with the same stolen credentials.

Once they've targeted enough people and completed enough transactions, withdraw the money to an external account that's also been set-up with stolen credentials and then transfer those fund to some offshore account or something.
I would hope some kind of popup asking to confirm, but who knows ??‍♂️
 
Do we think this will eventually pave the way to being able to tip people with credit cards/Apple Pay?

I’m so sick of carrying cash when traveling to tip various people. I’d even pay transaction fees if needed because of the small dollar amounts.
 
  • Like
Reactions: SFjohn
Do we think this will eventually pave the way to being able to tip people with credit cards/Apple Pay?

I’m so sick of carrying cash when traveling to tip various people. I’d even pay transaction fees if needed because of the small dollar amounts.
Credit cards are meant for merchants only. If you want to setup a merchant account, then you're good. But a homeless guy taking cash isn't going to have the time, money, resources, etc to set up a merchant account.

It's like with Venmo you can add credit cards but you pay cash advance fees (hefty ones too). But debit cards are fee-free.

Unless you meant to say will people use this to tip a worker doing a job in an already incorporated business, could you use your regular credit card or Apple Pay and they can use their phone, well their phone would have to have Stripe or other loaded, then you're just paying the business that it's signed into, the business then has to pay the worker but guess what, there's no guarantee they get anything, businesses can pocket the tips in credit card transactions. That's why actually tipping with cash tends to make sure the worker gets the tip and not just the business.
 
  • Like
Reactions: ASentientBot
That's not what Konigi is worried about.

What's to prevent someone from holding their iPhone next to someone's buttocks wallet where the contactless credit card is and initiating a payment? Nothing.

I'm sure someone will come along and say you'll need a merchant account to accept payments and all that, but it's not as if people haven't had their identities stolen. All a thief needs to do is buy a burner iPhone, set it up with fake/stolen credentials, and create a merchant account with the same stolen credentials.

Once they've targeted enough people and completed enough transactions, withdraw the money to an external account that's also been set-up with stolen credentials and then transfer those fund to some offshore account or something.
What’s to stop someone from doing the same thing already with a Square reader? This is going to be a useful feature that I hope takes off because I hate having to carry extra hardware on the job.
 
Credit cards are meant for merchants only. If you want to setup a merchant account, then you're good. But a homeless guy taking cash isn't going to have the time, money, resources, etc to set up a merchant account.

It's like with Venmo you can add credit cards but you pay cash advance fees (hefty ones too). But debit cards are fee-free.

Unless you meant to say will people use this to tip a worker doing a job in an already incorporated business, could you use your regular credit card or Apple Pay and they can use their phone, well their phone would have to have Stripe or other loaded, then you're just paying the business that it's signed into, the business then has to pay the worker but guess what, there's no guarantee they get anything, businesses can pocket the tips in credit card transactions. That's why actually tipping with cash tends to make sure the worker gets the tip and not just the business.
I guess I’d just like to see someone like Venmo incorporate this feature, so I can easily tap a debit card and give someone 2 bucks.
 
  • Like
Reactions: SFjohn
What’s to stop someone from doing the same thing already with a Square reader? This is going to be a useful feature that I hope takes off because I hate having to carry extra hardware on the job.
He thinks people are gonna go around subways with iPhones and tap people's pants with a transaction loaded (after getting a merchant account with stolen credentials). And it'll work for contactless cards, until most people get RFID blocking wallets or stop carrying physical cards entirely, and a few people report fraudulent transactions and the merchant account gets shut down and all info attached to the account gets reported to the government as fraud and a "tough on crime" prosecutor indicts them and they get 10 years. Then after they get out of prison they'll tell others not to do this and instead run a pump-and-dump crypto scam that's untraceable.

Anyways the point is people can see a reader and act on it more than they think a person with an iPhone is trying to scam them. Problem with that is they would keep the reader in their pants or coat or bag and bump into them instead of tapping any kind of device to their pants. You do have a distance limitation so maybe sew a reader into a pocket on the outside with very little fabric between, I don't know.
I guess I’d just like to see someone like Venmo incorporate this feature, so I can easily tap a debit card and give someone 2 bucks.
I don't know if debit rules let you directly transfer between 2 non-business accounts though. You can do debit to a cash account then cash account to cash account, but doing it directly over the payment networks I've not heard of. It's more likely they could connect two Venmo accounts together, potentially over NFC but also through QR, and transfer using the app and not do it through the debit networks.
 
Last edited:
  • Like
Reactions: mnsportsgeek
He thinks people are gonna go around subways with iPhones and tap people's pants with a transaction loaded (after getting a merchant account with stolen credentials). And it'll work for contactless cards, until most people get RFID blocking wallets or stop carrying physical cards entirely, and a few people report fraudulent transactions and the merchant account gets shut down and all info attached to the account gets reported to the government as fraud and a "tough on crime" prosecutor indicts them and they get 10 years. Then after they get out of prison they'll tell others not to do this and instead run a pump-and-dump crypto scam that's untraceable.

Anyways the point is people can see a reader and act on it more than they think a person with an iPhone is trying to scam them. Problem with that is they would keep the reader in their pants or coat or bag and bump into them instead of tapping any kind of device to their pants. You do have a distance limitation so maybe sew a reader into a pocket on the outside with very little fabric between, I don't know.

I don't know if debit rules let you directly transfer between 2 non-business accounts though. You can do debit to a cash account then cash account to cash account, but doing it directly over the payment networks I've not heard of. It's more likely they could connect two Venmo accounts together, potentially over NFC but also through QR, and transfer using the app and not do it through the debit networks.
The transaction would be made with Venmo as they are the vendor in the transaction. There is no real monetary value in the numbers you see in your Venmo account, they're just moving numbers about (Still true for actual banks however).

Therefore, unless its against the terms of use, Venmo should have no problem incorporating this feature
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.