I never carry rewards cards. The cashier can look it up on the computer with your home phone number so you and spouse can both receive rewards on the same account.
You realize that takes a *lot* of time? A well designed system can handle both discrete (individual) and shared loyalty program cards.
Note that the Japanese apparently have this solved.
NFC and secure should not be used in the same sentence. Anyone with the right device in their pocket can steal payment info from someone nearby foolish enough to brandish and use an NFC-equipped mobile device.
Quote:
Originally Posted by pmz
It can be easily hacked. Bluetooth can too. Wifi cannot. We're talking "easy" here.
The implementation of NFC on a smartphone isn't quite the same as a NFC chip in a credit card. NFC needs three things to function, a reader, a tag, and software to perform operations. NFC in a credit card is an example of a NFC tag. Smartphones fall into the reader category.
Can a ne'er do-well create a device that when in extremely close proximity of your credit card (we're talking inches) can read your credit card data which has a NFC tag in it? Unfortunately the answer is yes, it's true. It's highly unlikely, but it is possible. To read from a further distance is even possible, but not practical as it currently requires large pieces of hardware to accomplish. This is all because the chips in the credit cards are passive tags. Passive tags operate on LF or HFID microwaves and this limits the distance at which they can be read. There are also active tags which have batteries in them to brodcast at larger ranges, but tose tend to operate on HF or UHF microwaves and fall into the broader category of RFID instead of the more limited frequencies of NFC. Active tags are not in credit cards so this is a little besides the point, the distinction can be important as some people hear about the distance capabilities of one and think it applies to all.
Side Note: Those who are concerned about someone reading the NFC tag in thier US passport don't need to be. It didn't take long for a lining to be added on the outside of the passport which prevents it from being read when it's closed. If you're concerned about someone skimming the data off your credit card that has a NFC chip in it you can always buy a NFC blocking wallet or credit card sleeve.
Back on topic: A smartphone with NFC doesn't have your data sitting in a ready to read state as far as NFC is concerned. When one opens Google Wallet to make a purchase, verification is required in the form of a password and then the phone temporarily switches to act as a NFC tag to be read. Once the transaction is completed the phone goes back to being a NFC reader. As Soli mentioned above, the NFC capability can be turned on and off with a smartphone, but this is just turning on and off the ability to act as a reader. It wasn't acting as a tag waiting to be read in the first place. This could also serve as a benefit to using a service like Google Wallet or Apple's service (if they make one) as opposed to carrying the physical card. It would provide added security in the one out of a billion chance1 that someone tried to use a reader to lift your credit card number.
1Source for one in a billion figure: pulled it out of my a$$
I just dont see them overlying their Payment Network on top of Mastercard and Visa, or any other credit card company for that matter. They already changes a % depending on volume. I suspect it is lower then 2% given the Volume Apple process. And depending on country where it could be as low as 1.5 - 1%.
But it could also be a move Apple sending signal to Mastercard and Visa. Lower your fees, or else we invent our own. And if there are any company on earth that could disrupt the credit card payment industry, it would likely be Apple, and only Apple.
I would very much like Apple to be the Payment platform and system, with Top up from either Direct Debit from Banks, Credit Card, or Top up Card.
Apple, take your time and get this right. There is no imminent threat. Google Wallet has been a massive failure. Square is still pretty niche, and is only a system for accepting payments. If Apple does this right, they can near instantly dominate the space and become a defacto standard.
There were stories floating around yesterday that Square was bleeding money pretty badly and are desperately looking to sell.
From reading the descriptions of various Apple patents re: payments, I do not think the type or security of the data exchanged is an issue.
As I understand it, the process would go something like this: [LIST=1] [*] you are shopping and add items to your cart [*] you start the checkout process [*] the vendor's system summarizes the transaction for approval: |[U] date/time [/U]|[U] vendor ID [/U]|[U] amount [/U]| [*] the vendor generates a Purchase Token # for this specific transaction, say, [B][U]Purchase Token #1432[/U][/B] [*] the vendor contacts iTunes with the transaction data: |[B][U] Purchase Token #1432 [/U][/B]|[U] date/time [/U]|[U] vendor ID [/U]|[U] amount [/U]| [*] the vendor sends you the [B][U]Purchase Token #1432[/U][/B] [*] through TouchID or normal iTunes login you tell iTunes you want to pay for [B][U]Purchase Token #1432[/U][/B] [*] iTunes generates a Payment Token returns it to you, say, [B][U]Payment Token #9876[/U][/B] [*] you decide to complete the transaction and send the [B][U]Payment Token #9876[/U][/B] to the vendor [*] the vendor sends the [B][U]Payment Token #9876[/U][/B] to iTunes to authorize payment [*] the vendor sends confirmation to you [*] iTunes sends confirmation to you [/LIST]
The only data that are exchanged are innocuous Tokens and Transaction Summary info
~~Apple's "ambitions are very, very serious," one source told the publication
Wow, cant wait till they are very, very, very, very, very serious. Because, you know, very very serious is not, well, as serious as very very very very serious. /s
Seriously? But seriously: this is serious; I'm serious.
In other news today, the New York Times, who's traditionally been anti-Apple (and likely sucking at Samsung's teat), released a comparison between the new Samsung Galaxy S5 and the seven-month-old Apple 5s announced the following results:
According to The New York Times, the brand new Galaxy S5 really doesn’t complete on any level with the iPhone 5s, which is nearly seven months old at this point.
“By just about every major measure you’ll care about, from speed to design to ease of use to the quality of its apps, Samsung’s phone ranks behind the iPhone, sometimes far behind,” Manjoo wrote. “If you’re looking for the best phone on the market right now, I’d recommend going with the iPhone 5S.”
Like the iTunes Store and the App Store and third party hardware support and accessories and… oh, wait.
So your only complaint would be that you can’t buy Dell computers or Samsung phones through Apple’s payment service.
What idiot would buy a Dell computer or a Samsung phone in the first place?! What on Earth makes you think those companies would even SUPPORT Apple’s payment service?! It’s a moot point.
Just shut up and go away.
So you're defense to this is to use examples of products that I didn't use which totally negated the spirit of my comment in the first place? I'm guessing you did this because my examples were spot on and true to the pattern/trend Apple has already demonstrated in their thought processes when it comes to 'working with partners'. Dell computers? I mean come on.. if you're going to be defensive at least use the real information in my post.Tell me... what other music stores does are available on iOS? What other e-book stores are available on iOS? What other media based services where you purchase electronic goods are on iOS? Heck I can't even buy audio books through audible because iBooks contains some (very few) audiobooks and Apple won't allow me to use my own subscription with the audible app to buy audio books. I have to buy it on the web and then use the app to play it. Anyhow if they do physical goods I'm sure they will have some crazy stipulations making it very difficult for the end user to parse out what to purchase and not to purchase on a given shopping trip. They could surprise and actually not do this but I doubt it. Time will tell.
So you’re defense to this is to use examples of products that I didn’t use…
Yes, my defense is to give examples of exactly what you’re claiming doesn’t happen in order to debunk your statement. It worked.
I’m guessing you did this because my examples were spot on…
What examples? The ones about subjects you didn’t understand, you mean?
Dell computers?
Ah, I see; it is physically impossible to purchase a Dell computer, and therefore it wouldn’t even be a consideration in Apple’s payment service.
Because what else could you mean by the above?
…at least use the real information in my post.
The problem with that is you will refuse to educate yourself on why you are fundamentally incorrect, rendering any time and effort spent on my part useless. I’ve played this game for too long to let you do that. Try telling us how many browsers are available in iOS, however. Oh, and how many music playback apps there are. Hint: “one” is not an acceptable answer for either.
Anyhow if they do physical goods I'm sure they will have some crazy stipulations making it very difficult for the end user to parse out what to purchase and not to purchase on a given shopping trip.
YEP, YOU SURE DO HAVE A LOT OF PROOF FOR THIS FUD. Shut up.
This has to stop. TouchID IS ABOUT CONVENIENCE. NOT SECURITY.
TouchID requires a pass code backup to even use. TouchID is NO more secure than the passcode that backs it.
So can we please stop the charade that TouchID is "secure" or "highly secure".
It's merely an impenetrable natural alternative to entering your own password all day long. And it's great at it.
It's secure in the sense that the fingerprint data itself cannot be offloaded or otherwise revealed with a software hack. Apple goes as far as requiring matched identifiers on the Touch ID unit and the A7 SoC. Having a closed mobile payment system in which the fingerprint data never leaves the phone seems more secure than Samsung opening up the fingerprint reader to third party apps and doing multiple setups for individual vendors. That's what I was referring to.
As far as passcodes go, you're right. Concurrently, Touch ID greatly improves security by simply providing incentive for more people to secure their phones in the first place.
Comments
I never carry rewards cards. The cashier can look it up on the computer with your home phone number so you and spouse can both receive rewards on the same account.
You realize that takes a *lot* of time? A well designed system can handle both discrete (individual) and shared loyalty program cards.
Note that the Japanese apparently have this solved.
NFC and secure should not be used in the same sentence. Anyone with the right device in their pocket can steal payment info from someone nearby foolish enough to brandish and use an NFC-equipped mobile device.
It can be easily hacked. Bluetooth can too. Wifi cannot. We're talking "easy" here.
The implementation of NFC on a smartphone isn't quite the same as a NFC chip in a credit card. NFC needs three things to function, a reader, a tag, and software to perform operations. NFC in a credit card is an example of a NFC tag. Smartphones fall into the reader category.
Can a ne'er do-well create a device that when in extremely close proximity of your credit card (we're talking inches) can read your credit card data which has a NFC tag in it? Unfortunately the answer is yes, it's true. It's highly unlikely, but it is possible. To read from a further distance is even possible, but not practical as it currently requires large pieces of hardware to accomplish. This is all because the chips in the credit cards are passive tags. Passive tags operate on LF or HFID microwaves and this limits the distance at which they can be read. There are also active tags which have batteries in them to brodcast at larger ranges, but tose tend to operate on HF or UHF microwaves and fall into the broader category of RFID instead of the more limited frequencies of NFC. Active tags are not in credit cards so this is a little besides the point, the distinction can be important as some people hear about the distance capabilities of one and think it applies to all.
Side Note: Those who are concerned about someone reading the NFC tag in thier US passport don't need to be. It didn't take long for a lining to be added on the outside of the passport which prevents it from being read when it's closed. If you're concerned about someone skimming the data off your credit card that has a NFC chip in it you can always buy a NFC blocking wallet or credit card sleeve.
Back on topic: A smartphone with NFC doesn't have your data sitting in a ready to read state as far as NFC is concerned. When one opens Google Wallet to make a purchase, verification is required in the form of a password and then the phone temporarily switches to act as a NFC tag to be read. Once the transaction is completed the phone goes back to being a NFC reader. As Soli mentioned above, the NFC capability can be turned on and off with a smartphone, but this is just turning on and off the ability to act as a reader. It wasn't acting as a tag waiting to be read in the first place. This could also serve as a benefit to using a service like Google Wallet or Apple's service (if they make one) as opposed to carrying the physical card. It would provide added security in the one out of a billion chance1 that someone tried to use a reader to lift your credit card number.
1Source for one in a billion figure: pulled it out of my a$$
I just dont see them overlying their Payment Network on top of Mastercard and Visa, or any other credit card company for that matter. They already changes a % depending on volume. I suspect it is lower then 2% given the Volume Apple process. And depending on country where it could be as low as 1.5 - 1%.
But it could also be a move Apple sending signal to Mastercard and Visa. Lower your fees, or else we invent our own. And if there are any company on earth that could disrupt the credit card payment industry, it would likely be Apple, and only Apple.
I would very much like Apple to be the Payment platform and system, with Top up from either Direct Debit from Banks, Credit Card, or Top up Card.
Apple, take your time and get this right. There is no imminent threat. Google Wallet has been a massive failure. Square is still pretty niche, and is only a system for accepting payments. If Apple does this right, they can near instantly dominate the space and become a defacto standard.
There were stories floating around yesterday that Square was bleeding money pretty badly and are desperately looking to sell.
As I understand it, the process would go something like this:
[LIST=1]
[*] you are shopping and add items to your cart
[*] you start the checkout process
[*] the vendor's system summarizes the transaction for approval: |[U] date/time [/U]|[U] vendor ID [/U]|[U] amount [/U]|
[*] the vendor generates a Purchase Token # for this specific transaction, say, [B][U]Purchase Token #1432[/U][/B]
[*] the vendor contacts iTunes with the transaction data: |[B][U] Purchase Token #1432 [/U][/B]|[U] date/time [/U]|[U] vendor ID [/U]|[U] amount [/U]|
[*] the vendor sends you the [B][U]Purchase Token #1432[/U][/B]
[*] through TouchID or normal iTunes login you tell iTunes you want to pay for [B][U]Purchase Token #1432[/U][/B]
[*] iTunes generates a Payment Token returns it to you, say, [B][U]Payment Token #9876[/U][/B]
[*] you decide to complete the transaction and send the [B][U]Payment Token #9876[/U][/B] to the vendor
[*] the vendor sends the [B][U]Payment Token #9876[/U][/B] to iTunes to authorize payment
[*] the vendor sends confirmation to you
[*] iTunes sends confirmation to you
[/LIST]
The only data that are exchanged are innocuous Tokens and Transaction Summary info
|[B][U] Purchase Token #1432 [/U][/B]|[U] date/time [/U]|[U] vendor ID [/U]|[U] amount [/U]|
|[B][U] Purchase Token #1432 [/U][/B]|
|[B][U] Payment Token #9876 [/U][/B]|
Further, the tokens are perishable * and [B][I]only good for [COLOR=blue]this transaction[/COLOR] with [COLOR=blue]this vendor.[/COLOR][/I][/B]
Optionally, the customer or vendor can set limits on the transaction amount.
* A token must be redeemed within a specified time (say, 5 minutes) or it is no longer valid. Once a token is redeemed, it is no longer valid.
This process is analogous to "Take a Number" (token) in a crowded store and paying for your purchase when your "Number" (token) is called.
The customer need not provide/transmit any personal, financial, identity data to the vendor as part of the transaction.
Loyalty programs could be implemented, anonymously, by retaining the redeemed tokens.
~~Apple's "ambitions are very, very serious," one source told the publication
Wow, cant wait till they are very, very, very, very, very serious. Because, you know, very very serious is not, well, as serious as very very very very serious.
/s
Seriously? But seriously: this is serious; I'm serious.
In other news today, the New York Times, who's traditionally been anti-Apple (and likely sucking at Samsung's teat), released a comparison between the new Samsung Galaxy S5 and the seven-month-old Apple 5s announced the following results:
According to The New York Times, the brand new Galaxy S5 really doesn’t complete on any level with the iPhone 5s, which is nearly seven months old at this point.
“By just about every major measure you’ll care about, from speed to design to ease of use to the quality of its apps, Samsung’s phone ranks behind the iPhone, sometimes far behind,” Manjoo wrote. “If you’re looking for the best phone on the market right now, I’d recommend going with the iPhone 5S.”
Maybe this leopard is changing its spots.
Like the iTunes Store and the App Store and third party hardware support and accessories and… oh, wait.
So your only complaint would be that you can’t buy Dell computers or Samsung phones through Apple’s payment service.
What idiot would buy a Dell computer or a Samsung phone in the first place?! What on Earth makes you think those companies would even SUPPORT Apple’s payment service?! It’s a moot point.
Just shut up and go away.
So you're defense to this is to use examples of products that I didn't use which totally negated the spirit of my comment in the first place? I'm guessing you did this because my examples were spot on and true to the pattern/trend Apple has already demonstrated in their thought processes when it comes to 'working with partners'. Dell computers? I mean come on.. if you're going to be defensive at least use the real information in my post.Tell me... what other music stores does are available on iOS? What other e-book stores are available on iOS? What other media based services where you purchase electronic goods are on iOS? Heck I can't even buy audio books through audible because iBooks contains some (very few) audiobooks and Apple won't allow me to use my own subscription with the audible app to buy audio books. I have to buy it on the web and then use the app to play it. Anyhow if they do physical goods I'm sure they will have some crazy stipulations making it very difficult for the end user to parse out what to purchase and not to purchase on a given shopping trip. They could surprise and actually not do this but I doubt it. Time will tell.
Yes, my defense is to give examples of exactly what you’re claiming doesn’t happen in order to debunk your statement. It worked.
What examples? The ones about subjects you didn’t understand, you mean?
Ah, I see; it is physically impossible to purchase a Dell computer, and therefore it wouldn’t even be a consideration in Apple’s payment service.
Because what else could you mean by the above?
The problem with that is you will refuse to educate yourself on why you are fundamentally incorrect, rendering any time and effort spent on my part useless. I’ve played this game for too long to let you do that. Try telling us how many browsers are available in iOS, however. Oh, and how many music playback apps there are. Hint: “one” is not an acceptable answer for either.
YEP, YOU SURE DO HAVE A LOT OF PROOF FOR THIS FUD. Shut up.
Maybe it was never a leopard in the first place.
This has to stop. TouchID IS ABOUT CONVENIENCE. NOT SECURITY.
TouchID requires a pass code backup to even use. TouchID is NO more secure than the passcode that backs it.
So can we please stop the charade that TouchID is "secure" or "highly secure".
It's merely an impenetrable natural alternative to entering your own password all day long. And it's great at it.
It's secure in the sense that the fingerprint data itself cannot be offloaded or otherwise revealed with a software hack. Apple goes as far as requiring matched identifiers on the Touch ID unit and the A7 SoC. Having a closed mobile payment system in which the fingerprint data never leaves the phone seems more secure than Samsung opening up the fingerprint reader to third party apps and doing multiple setups for individual vendors. That's what I was referring to.
As far as passcodes go, you're right. Concurrently, Touch ID greatly improves security by simply providing incentive for more people to secure their phones in the first place.