Mastercard to add fingerprint sensors to cards, won't follow strict Apple Pay security pol...

13»

Comments

  • Reply 41 of 45
    adm1 said:
    also "In any case, there's no way they can implement the same kind of security policy that Apple developed for Touch ID and Apple Pay"

    Here's a tip DED - Apple Pay is just VSTS - Visa Token Services https://usa.visa.com/partner-with-us/payment-technology/visa-digital-solutions.html and guess what, it's just as secure as the other systems. 


    The issue isn't tokenization. it's how the hardware can be attacked. If you read the article that jumps out rather clearly. 

    Also, you don't hand your phone to random merchants. You do frequently do this with cards, particularly in the US. That give anyone access to a card with your prints already all over it for a long enough time to capture your print data while in possession of the card. 

    So all around, having a sensor on the card is radically worse in terms of real world security than having an expensive phone that you don't hand around to others. 

    Your criticism is welcome, but if you keep posting abusive comments your account will be terminated. Forums are provided for intelligent discourse on articles. 
    Steady on, I didn't see anything "abusive" in that post. If anything, his follow up posts contributed "intelligent discourse" as requested. Don't go all power mad on us.

    @Adm1:

           Actually DED was referring to the below post which was probably deleted by moderators, which we are unable to view now but Soli got a chance to read and reply to.


    Soli said:
    "Mastercard's reported implementation is also radically different in its security policy compared to Touch ID and Apple Pay"
    "Additionally, it's less clear how the chip stores the data."

    Why the hell does AI keep this idiot around with his articles? What a disgrace.
    What issue are taking with those sentences?
    Question to moderators: There are other forums which I read where abusive comments are deleted like AI. But the difference is - when others have already replied to that before the comment was deleted, the actual deleted content won't appear as such post deletion. It would just show "Deleted post" once the original comment is deleted for the entire thread. Can that not be implemented in this forum as well? Also an option to "Report" abusive comments like we have the "Like", "Informative" options?

    I believe the quoted comment is merely a string of characters in the reply post, so i don't think they can expunge it. 

    yes you can report absusive comments -- use the Flag link near the post's time stamp. i know i did.
    Ah, thanks for the information. I did not notice it earlier.
  • Reply 42 of 45
    gatorguygatorguy Posts: 15,920member
    adm1 said:
    also "In any case, there's no way they can implement the same kind of security policy that Apple developed for Touch ID and Apple Pay"

    Here's a tip DED - Apple Pay is just VSTS - Visa Token Services https://usa.visa.com/partner-with-us/payment-technology/visa-digital-solutions.html and guess what, it's just as secure as the other systems. 


    The issue isn't tokenization. it's how the hardware can be attacked. If you read the article that jumps out rather clearly. 

    Also, you don't hand your phone to random merchants. You do frequently do this with cards, particularly in the US. That give anyone access to a card with your prints already all over it for a long enough time to capture your print data while in possession of the card. 

    So all around, having a sensor on the card is radically worse in terms of real world security than having an expensive phone that you don't hand around to others. 

    Your criticism is welcome, but if you keep posting abusive comments your account will be terminated. Forums are provided for intelligent discourse on articles. 
    Steady on, I didn't see anything "abusive" in that post. If anything, his follow up posts contributed "intelligent discourse" as requested. Don't go all power mad on us.

    @Adm1:

           Actually DED was referring to the below post which was probably deleted by moderators, which we are unable to view now but Soli got a chance to read and reply to.


    Soli said:
    "Mastercard's reported implementation is also radically different in its security policy compared to Touch ID and Apple Pay"
    "Additionally, it's less clear how the chip stores the data."

    Why the hell does AI keep this idiot around with his articles? What a disgrace.
    What issue are taking with those sentences?


    Question to moderators:  an option to "Report" abusive comments like we have the "Like", "Informative" options?

    Use the FLAG button, next to the date/time on each post, to report spam and abusive comments. Just don't waste moderator's time reporting comments you don't simply like or that you disagree with. Those won't be removed anyway and mods have better things to do than spend time going over otherwise acceptable posts that follow AI rules. 
    edited April 21
  • Reply 43 of 45
    gatorguy said:
    adm1 said:
    also "In any case, there's no way they can implement the same kind of security policy that Apple developed for Touch ID and Apple Pay"

    Here's a tip DED - Apple Pay is just VSTS - Visa Token Services https://usa.visa.com/partner-with-us/payment-technology/visa-digital-solutions.html and guess what, it's just as secure as the other systems. 


    The issue isn't tokenization. it's how the hardware can be attacked. If you read the article that jumps out rather clearly. 

    Also, you don't hand your phone to random merchants. You do frequently do this with cards, particularly in the US. That give anyone access to a card with your prints already all over it for a long enough time to capture your print data while in possession of the card. 

    So all around, having a sensor on the card is radically worse in terms of real world security than having an expensive phone that you don't hand around to others. 

    Your criticism is welcome, but if you keep posting abusive comments your account will be terminated. Forums are provided for intelligent discourse on articles. 
    Steady on, I didn't see anything "abusive" in that post. If anything, his follow up posts contributed "intelligent discourse" as requested. Don't go all power mad on us.

    @Adm1:

           Actually DED was referring to the below post which was probably deleted by moderators, which we are unable to view now but Soli got a chance to read and reply to.


    Soli said:
    "Mastercard's reported implementation is also radically different in its security policy compared to Touch ID and Apple Pay"
    "Additionally, it's less clear how the chip stores the data."

    Why the hell does AI keep this idiot around with his articles? What a disgrace.
    What issue are taking with those sentences?


    Question to moderators:  an option to "Report" abusive comments like we have the "Like", "Informative" options?

    Use the FLAG button, next to the date/time on each post, to report spam and abusive comments. Just don't waste moderator's time reporting comments you don't simply like or that you disagree with. Those won't be removed anyway and mods have better things to do than spend time going over otherwise acceptable posts that follow AI rules. 

    Already @StrangeDays shared the information. Anyways, Agreed and thanks for the information.
  • Reply 44 of 45
    Soli said:
    Scenario: I lose my credit card.
    Action: I have to order a new card, and remove that card from my Watch, iPhone, iPad, and Mac.

    Scenario: I lose my iPad.
    Action: I can hopefully find my iPad via Find my iPhone, but if not I can report it Lost, have it ping me if/when it comes online, and have all cards associated with Apple Pay removed, without having it affect my other devices or require me to replace a single physical card.

    I'll take the second scenario any day.
    Soli said:
    Scenario: I lose my credit card.
    Action: I have to order a new card, and remove that card from my Watch, iPhone, iPad, and Mac.

    Scenario: I lose my iPad.
    Action: I can hopefully find my iPad via Find my iPhone, but if not I can report it Lost, have it ping me if/when it comes online, and have all cards associated with Apple Pay removed, without having it affect my other devices or require me to replace a single physical card.

    I'll take the second scenario any day.
    Your scenario one is wrong. You have to remove nothing from devices (doing so is pointlessly counter productive).

    Report lost card, new card will arrive in ca 2 days, Apple Pay info will be updated on device in like 5 minutes after call (device numbers info not changed because this is not comprimised, only "...1234" reference to card/acct number changes in your devices). 

    Same thing happens when card hits expiration date. New card will arrive and card issuer and Apple will update expiration date info in your devices automatically. 
  • Reply 45 of 45
    Soli said:
    gatorguy said:
    I think the takeaway should be a fingerprint enabled CC should be more secure than a chip-only card. Tap and pay with a mobile phone is a different animal. Both types of secure payment are complementary since there are times your smart device may not be usable for whatever reason thus requiring you to pull out a wallet and use an actual CC card. I would probably prefer one with a fingerprint chip if I need it. 
    But how is it secure if there's no passcode to verify your biometric between power cycles or too many failed attempts? How is it secure when you're sending your fingerprint data through countless hands and computers over just keeping it local. I trust Samsung Pay more than this setup.
    Soli said:
    gatorguy said:
    I think the takeaway should be a fingerprint enabled CC should be more secure than a chip-only card. Tap and pay with a mobile phone is a different animal. Both types of secure payment are complementary since there are times your smart device may not be usable for whatever reason thus requiring you to pull out a wallet and use an actual CC card. I would probably prefer one with a fingerprint chip if I need it. 
    But how is it secure if there's no passcode to verify your biometric between power cycles or too many failed attempts? How is it secure when you're sending your fingerprint data through countless hands and computers over just keeping it local. I trust Samsung Pay more than this setup.
    Your trust is probably justified even though Samsung Pay is built atop Android, the Swiss cheese of operating systems that the vast majority are not able to update due to handset mfgrs and telecom cos not forwarding updates even when there are root level exploits accumulating in the wild. 
Sign In or Register to comment.