It looks to me like Amazon is looking less competitive on their pricing recently. I compared items in Target versus Anazon and CVS and found Amazon and CVS way, way overpriced on some shaving products. Gotta give it to Target.
I love me some Amazon, but you're completely correct. Ordered a new crock pot last night from Target. Basically the same sales price as Amazon, but with the RedCard we got free shipping + 5% off. Not to mention an extra 30 days to return if needed.
Here's the catch: at some point the fraudulent charge policies in the U.S. will be changed: liability will pass from the bank to the merchant for swipe (i.e., magnetic strip) transactions, if the card being swiped has the security chip. Therefore, if this Amazon Local Register cannot read security chip cards, then you, the merchant, will be out the full amount of the transaction if the card is stolen and happened to have a security chip.
Square is already developing a card reader that handles both the security chip and the magnetic strip, and have sent notices out to its users that their new reader is forthcoming.
<div class="quote-container" data-huddler-embed="/t/181806/amazon-takes-on-square-paypal-with-new-ios-connected-local-register-card-reader#post_2578497" data-huddler-embed-placeholder="false"><span>Quote:</span><div class="quote-block">Originally Posted by <strong>Gatorguy</strong> <a href="/t/181806/amazon-takes-on-square-paypal-with-new-ios-connected-local-register-card-reader#post_2578497"><img src="/img/forum/go_quote.gif" class="inlineimg" alt="View Post"/></a><br/><br/><br />
...and the seller will appreciate the cash too. There's no discount rate to pay.</div></div><p> </p>
but if i dont have enough cash on me, he wont appreciate not geting the sale, since i wouldnt trust an android phone with that type of data.
LOL! It's more important that you trust the person you're giving your card to than what device the reader interfaces with. There's no difference in the security of that card reader whether it's attached to an Android or iOS product. Now if you just don't like anyone with an Android device that's certainly fair enough. It's your money. Sometimes the point you want to make is more important than the inconvenience it causes you.
It's not about trusting the person. It's about the malware the android phone may have picked up along it's way. Since android is a malware haven. So no something being attached to an android device is not safer. Not even close
LOL! It's more important that you trust the person you're giving your card to than what device the reader interfaces with. There's no difference in the security of that card reader whether it's attached to an Android or iOS product.
It's not about trusting the person. It's about the malware the android phone may have picked up along it's way. Since android is a malware haven. So no something being attached to an android device is not safer. Not even close
Yup, just as safe.
From Square:
"Your customers' credit card information is encrypted at the moment of swipe. Data is stored on our servers, not on your reader or device."
Rather than guessing you could spend a little time looking into it instead. Unless of course you didn't really care in the first place because it's iOS or nothing. Again that's certainly fair enough too. It's your business.
<div class="quote-container" data-huddler-embed="/t/181806/amazon-takes-on-square-paypal-with-new-ios-connected-local-register-card-reader#post_2578386" data-huddler-embed-placeholder="false"><span>Quote:</span><div class="quote-block">Originally Posted by <strong>Sector7G</strong> <a href="/t/181806/amazon-takes-on-square-paypal-with-new-ios-connected-local-register-card-reader#post_2578386"><img src="/img/forum/go_quote.gif" class="inlineimg" alt="View Post"/></a><br/><br/>if i see some one using a mobile payment device and its an android ill just pay cash</div></div>
Sadly, there aren't enough people with your (and my) attitude to make a difference.
As I recall you don't advocate using credit cards even on an iOS device due to potential privacy issues?
LOL! It's more important that you trust the person you're giving your card to than what device the reader interfaces with. There's no difference in the security of that card reader whether it's attached to an Android or iOS product. Now if you just don't like anyone with an Android device that's certainly fair enough. It's your money. Sometimes the point you want to make is more important than the inconvenience it causes you.
Quote:
Originally Posted by Sector7G
It's not about trusting the person. It's about the malware the android phone may have picked up along it's way. Since android is a malware haven. So no something being attached to an android device is not safer. Not even close
Guys, guys... It's not one or the other, it's BOTH.
You need to trust any retailer before you hand them your card to swipe. And you need to trust the entire processing chain, from the device manufacturer, the carrier, through the credit card processors and banks. There are a lot of eyeballs that have access to your data along the way.
And, given that nearly 100% of today's mobile malware is on Android, that should indeed raise big red flags if you see someone running your credit card through an Android device. If the device owner ever uses that device for anything other than credit card processing, it's a big concern.
But there's something relevant to Sector7G's post that most people don't understand, even GG, by the sounds of it (and yes, GG, I do appreciate your general knowledge and intellect, even if our viewpoints strongly disagree).
Malware isn't just about 3rd party crap that secretly finds its way onto your device. With iOS devices, Apple is in complete control of the device, from manufacturing through the final sale. The hardware, firmware and OS are delivered to Apple's specifications, period. (obviously, any device is subject to be physically opened before sale, tampered with, and re-sealed, but unless you've pissed off some three-letter govt agency, that's pretty unlikely)
Android devices, on the other hand, are designed to be set up, customized and configured by the carriers before delivery to retailers or end users. This is a huge security issue, and what most people don't know is that some of the carriers install what are essentially rootkits on the devices that can monitor everything, and they do indeed send data back to the carriers. Yes, this is spyware, very low-level, and yes I know for a fact that it exists in the Android ecosystem. I cannot (and will not) give you "proof", but I know multiple people that work in telco infrastructure. I don't know exactly which carriers and which phone models, and I wouldn't get into that level of detail anyway because I'm not going to get people I know in trouble, but it's there. The only way to know for sure if your device is affected is to buy or borrow a stingray device. Out of my league, but for anyone with the means, go for it.
I wouldn't even dream of using Android for enterprise (or banking or ecommerce) unless I had the ability to wipe the devices down to bare metal (not even sure if this is possible) and install only the open source portions of Android.
<div class="quote-container" data-huddler-embed="/t/181806/amazon-takes-on-square-paypal-with-new-ios-connected-local-register-card-reader#post_2578577" data-huddler-embed-placeholder="false"><span>Quote:</span><div class="quote-block">Originally Posted by <strong>Gatorguy</strong> <a href="/t/181806/amazon-takes-on-square-paypal-with-new-ios-connected-local-register-card-reader#post_2578577"><img src="/img/forum/go_quote.gif" class="inlineimg" alt="View Post"/></a><br/><br/><br />
As I recall you don't advocate using credit cards even on an iOS device due to potential privacy issues?</div></div>
Do you remember <i>everyone</i>? ;-)
.
Yeah. pretty much all the regulars. A couple are a little hard to remember only because their opinions are so inconsistent. Yours are not. For those members who seem to really believe what they post it's not all that difficult to remember their opinions.
With the encryption done with the swipe and no card or customer data stored on the device I don't see why an iOS device would be inherently more secure than an Android one when using a Square reader. If the OP is that afraid he should probably avoid ATM's and gas station card readers altogether as they have proven attack vectors unlike the so far imaginary Android card-reader exploits.
With the encryption done with the swipe and no card or customer data stored on the device I don't see why an iOS device would be inherently more secure than an Android one when using a Square reader. If the OP is that afraid he should probably avoid ATM's and gas station card readers altogether as they have proven attack vectors unlike the so far imaginary Android card-reader exploits.
If your device has been rootkit'd, then all bets are off. Nothing is secure. To take advantage of such privileges can require very smart developers, time and dedication, but where money is at stake, those kinds of people exist, especially in overseas markets.
Third party rootkits on any kind of credit card processing devices is bad news. Let's imagine for a moment that somehow the actual data swiped from the card and sent to the CC authorizer is secure from a rootkit. I don't believe this is true, but just for argument's sake, let's run with that. I'm not familiar with Square in particular, but merchant software I've used in the past allows the merchant to manually enter the user's data for cases when the magnetic strip is damaged. That means if the device is compromised, charges can be run quietly in the background using stolen card data from other sources. Has the merchant ever surfed the web or downloaded any kind of game or other app onto the device other than the CC processing app. If so, he's at risk of various kinds of malware, including rootkits. Far more risk than on an iOS device. Beyond this, the merchant still needs to connect to their merchant account management, and therefore his account and password information is fully visible to any decent rootkit, through tap-logging. Another way money can potentially be moved around.
The carrier rootkits are a different story from third party rootkits. There is nothing google can do to prevent them from being installed, because at the end of the day the carriers and handset manufacturers get to decide which bootloader goes on the devices. Now, it would be hard to imagine these guys taking advantage of their devices in any kind of systematic way to bilk merchants, but on the other hand, there is absolutely nothing any end user can do to avoid the security and privacy issues associated with them. From the moment they crack open the box, it's over. Every tap, keypress and network packet is available to the carriers, including bank account passwords or the master password for your password manager app.
I don't have time now to clean up and better organize this post, but the bottom line is that google can try all they like to add rootkit blocks in Android (with their own security side-effects), but because they don't control the manufacturing process and final software install, there's nothing they can do. Android can never be secure unless they change their delivery model, and I don't see that being possible any time in the foreseeable future.
Blah, I appreciate the time you've taken to respond and the polite manner in which you did it.
Reading between the lines you wouldn't expect the carriers to "steal" CC info but the fact that the possibility exists is worrying. I would also assume that jail-broken iPhones would be exposed just as much as a root-kitted Android phone? You are much more informed on some of the details than I am.
Blah, I appreciate the time you've taken to respond and the polite manner in which you did it.
Reading between the lines you wouldn't expect the carriers to "steal" CC info but the fact that the possibility exists is worrying. I would also assume that jail-broken iPhones would be exposed just as much as a root-kitted Android phone? You are much more informed on some of the details than I am.
Carrier rootkits are worrisome indeed. I don't expect that there is any kind of systematic corporate exploitation of that with regards to CC processing, but every corporation is comprised of individuals, and humans are imperfect. Anything exploitable will eventually be exploited. Databases which were presumed to be secure are broken into every day. Just like personal information in other people's control will eventually be misused or exposed. It's just a matter of when.
In theory, a jailbroken iOS device is at higher risk of malware in general, be it rootkit level or otherwise. The thing is, I don't think very many business owners would hook up their credit card processing to a jailbroken device, do you? Maybe some tiny fraction, but with iOS it takes a very deliberate step to jailbreak, it doesn't happen by accident. You'd have to be pretty foolish to jailbreak your device and then use it to run all your business financial transactions.
On the other hand, Android devices are very fragile, from a security standpoint. It should be clear by the malware statistics (most studies I've seen show iOS at less than 1% of known malware). Security and privacy are more than just an OS, it's how you use your devices as well. But at the end of the day, if the device itself (OS, firmware, etc.) isn't secure, then nothing built on top of it can be secure.
Don't get me wrong, I'm frustrated by iOS as well, for completely different reasons. I'd like to have more control over my devices than Apple gives me, and I'd like to be free to easily install my own apps on my own device. As someone recently mentioned on another thread, I'd love to have Little Snitch for iOS, and without it I only run my iOS devices in managed environments. This is not a security issue though, it's a privacy issue, and it's even worse on (most) Android devices because of all the services that comes preinstalled.
There are a lot of issues with mobile these days in general, but I think the initial comment by the person who said they wouldn't trust an Android device to run CC authorizations has a justifiable concern, more so than an iOS device doing the same thing.
With iOS devices, Apple is in complete control of the device, from manufacturing through the final sale. The hardware, firmware and OS are delivered to Apple's specifications, period. (obviously, any device is subject to be physically opened before sale, tampered with, and re-sealed, but unless you've pissed off some three-letter govt agency, that's pretty unlikely)
This news kinda came out of the blue today, and something else too you might find worrisome. According to a Chinese government report Apple isn't using their own servers in China any longer. They've "dumped" their local iCloud storage into China Telecom servers if the reports are accurate. On the surface it wouldn't look to help keep Chinese users safe from prying eyes. https://icloud.net/blog/68/apple-changed-icloud-storage-service-to-chinese-telecom-service-provider-fo/
This news kinda came out of the blue today, and something else too you might find worrisome. According to a Chinese government report Apple isn't using their own servers in China any longer. They've "dumped" their local iCloud storage into China Telecom servers if the reports are accurate. On the surface it wouldn't look to help keep Chinese users safe from prying eyes. https://icloud.net/blog/68/apple-changed-icloud-storage-service-to-chinese-telecom-service-provider-fo/
If accurate, I theorized at the beginning of Apple's push into China that there was no way the Chinese government would allow Apple to have their own data centers and App Store if it wasn't controlled by the Chinese. China Mobile is government owned. Apple would never have gotten wide distribution without ceding significant control to the Chinese.
Comments
Seriously, why doesn't the US have chip-n-pin yet, let alone NFC?
I haven't used a mag reader in *years*, and almost all my small purchases are tap-to-pay.
It looks to me like Amazon is looking less competitive on their pricing recently. I compared items in Target versus Anazon and CVS and found Amazon and CVS way, way overpriced on some shaving products. Gotta give it to Target.
I love me some Amazon, but you're completely correct. Ordered a new crock pot last night from Target. Basically the same sales price as Amazon, but with the RedCard we got free shipping + 5% off. Not to mention an extra 30 days to return if needed.
Here's the catch: at some point the fraudulent charge policies in the U.S. will be changed: liability will pass from the bank to the merchant for swipe (i.e., magnetic strip) transactions, if the card being swiped has the security chip. Therefore, if this Amazon Local Register cannot read security chip cards, then you, the merchant, will be out the full amount of the transaction if the card is stolen and happened to have a security chip.
Square is already developing a card reader that handles both the security chip and the magnetic strip, and have sent notices out to its users that their new reader is forthcoming.
The newest announced Square readers support both. Perhaps Amazon's will too once EMV card tech becomes common in the US, which is still a ways off.
Not too far off, the deadline set by MasterCard and Visa is October of next year: http://gizmodo.com/what-are-smart-credit-cards-and-why-are-they-coming-1520171221
LOL! It's more important that you trust the person you're giving your card to than what device the reader interfaces with. There's no difference in the security of that card reader whether it's attached to an Android or iOS product. Now if you just don't like anyone with an Android device that's certainly fair enough. It's your money. Sometimes the point you want to make is more important than the inconvenience it causes you.
if i see some one using a mobile payment device and its an android ill just pay cash
Sadly, there aren't enough people with your (and my) attitude to make a difference.
Yup, just as safe.
From Square:
"Your customers' credit card information is encrypted at the moment of swipe. Data is stored on our servers, not on your reader or device."
Rather than guessing you could spend a little time looking into it instead. Unless of course you didn't really care in the first place because it's iOS or nothing. Again that's certainly fair enough too. It's your business.
As I recall you don't advocate using credit cards even on an iOS device due to potential privacy issues?
How crazy; brick and mortar retailers entering their sales data for Amazon to later analyze to see where they should focus next.
This is 100% true. We will see how many retailers participate with Amazon versus Square and PayPal.
LOL! It's more important that you trust the person you're giving your card to than what device the reader interfaces with. There's no difference in the security of that card reader whether it's attached to an Android or iOS product. Now if you just don't like anyone with an Android device that's certainly fair enough. It's your money. Sometimes the point you want to make is more important than the inconvenience it causes you.
It's not about trusting the person. It's about the malware the android phone may have picked up along it's way. Since android is a malware haven. So no something being attached to an android device is not safer. Not even close
Guys, guys... It's not one or the other, it's BOTH.
You need to trust any retailer before you hand them your card to swipe. And you need to trust the entire processing chain, from the device manufacturer, the carrier, through the credit card processors and banks. There are a lot of eyeballs that have access to your data along the way.
And, given that nearly 100% of today's mobile malware is on Android, that should indeed raise big red flags if you see someone running your credit card through an Android device. If the device owner ever uses that device for anything other than credit card processing, it's a big concern.
But there's something relevant to Sector7G's post that most people don't understand, even GG, by the sounds of it (and yes, GG, I do appreciate your general knowledge and intellect, even if our viewpoints strongly disagree).
Malware isn't just about 3rd party crap that secretly finds its way onto your device. With iOS devices, Apple is in complete control of the device, from manufacturing through the final sale. The hardware, firmware and OS are delivered to Apple's specifications, period. (obviously, any device is subject to be physically opened before sale, tampered with, and re-sealed, but unless you've pissed off some three-letter govt agency, that's pretty unlikely)
Android devices, on the other hand, are designed to be set up, customized and configured by the carriers before delivery to retailers or end users. This is a huge security issue, and what most people don't know is that some of the carriers install what are essentially rootkits on the devices that can monitor everything, and they do indeed send data back to the carriers. Yes, this is spyware, very low-level, and yes I know for a fact that it exists in the Android ecosystem. I cannot (and will not) give you "proof", but I know multiple people that work in telco infrastructure. I don't know exactly which carriers and which phone models, and I wouldn't get into that level of detail anyway because I'm not going to get people I know in trouble, but it's there. The only way to know for sure if your device is affected is to buy or borrow a stingray device. Out of my league, but for anyone with the means, go for it.
I wouldn't even dream of using Android for enterprise (or banking or ecommerce) unless I had the ability to wipe the devices down to bare metal (not even sure if this is possible) and install only the open source portions of Android.
Bottom line: malware comes in many flavors.
As I recall you don't advocate using credit cards even on an iOS device due to potential privacy issues?
Do you remember everyone? ;-)
Indeed, I generally do not, however privacy is a different issue from security.
Yeah. pretty much all the regulars. A couple are a little hard to remember only because their opinions are so inconsistent. Yours are not. For those members who seem to really believe what they post it's not all that difficult to remember their opinions.
With the encryption done with the swipe and no card or customer data stored on the device I don't see why an iOS device would be inherently more secure than an Android one when using a Square reader. If the OP is that afraid he should probably avoid ATM's and gas station card readers altogether as they have proven attack vectors unlike the so far imaginary Android card-reader exploits.
With the encryption done with the swipe and no card or customer data stored on the device I don't see why an iOS device would be inherently more secure than an Android one when using a Square reader. If the OP is that afraid he should probably avoid ATM's and gas station card readers altogether as they have proven attack vectors unlike the so far imaginary Android card-reader exploits.
If your device has been rootkit'd, then all bets are off. Nothing is secure. To take advantage of such privileges can require very smart developers, time and dedication, but where money is at stake, those kinds of people exist, especially in overseas markets.
Third party rootkits on any kind of credit card processing devices is bad news. Let's imagine for a moment that somehow the actual data swiped from the card and sent to the CC authorizer is secure from a rootkit. I don't believe this is true, but just for argument's sake, let's run with that. I'm not familiar with Square in particular, but merchant software I've used in the past allows the merchant to manually enter the user's data for cases when the magnetic strip is damaged. That means if the device is compromised, charges can be run quietly in the background using stolen card data from other sources. Has the merchant ever surfed the web or downloaded any kind of game or other app onto the device other than the CC processing app. If so, he's at risk of various kinds of malware, including rootkits. Far more risk than on an iOS device. Beyond this, the merchant still needs to connect to their merchant account management, and therefore his account and password information is fully visible to any decent rootkit, through tap-logging. Another way money can potentially be moved around.
The carrier rootkits are a different story from third party rootkits. There is nothing google can do to prevent them from being installed, because at the end of the day the carriers and handset manufacturers get to decide which bootloader goes on the devices. Now, it would be hard to imagine these guys taking advantage of their devices in any kind of systematic way to bilk merchants, but on the other hand, there is absolutely nothing any end user can do to avoid the security and privacy issues associated with them. From the moment they crack open the box, it's over. Every tap, keypress and network packet is available to the carriers, including bank account passwords or the master password for your password manager app.
I don't have time now to clean up and better organize this post, but the bottom line is that google can try all they like to add rootkit blocks in Android (with their own security side-effects), but because they don't control the manufacturing process and final software install, there's nothing they can do. Android can never be secure unless they change their delivery model, and I don't see that being possible any time in the foreseeable future.
Reading between the lines you wouldn't expect the carriers to "steal" CC info but the fact that the possibility exists is worrying. I would also assume that jail-broken iPhones would be exposed just as much as a root-kitted Android phone? You are much more informed on some of the details than I am.
How crazy; brick and mortar retailers entering their sales data for Amazon to later analyze to see where they should focus next.
And not just what's selling, but who's buying it. Why would any retailer, large or small, give Amazon a list of their paying customers?
Blah, I appreciate the time you've taken to respond and the polite manner in which you did it.
Reading between the lines you wouldn't expect the carriers to "steal" CC info but the fact that the possibility exists is worrying. I would also assume that jail-broken iPhones would be exposed just as much as a root-kitted Android phone? You are much more informed on some of the details than I am.
Carrier rootkits are worrisome indeed. I don't expect that there is any kind of systematic corporate exploitation of that with regards to CC processing, but every corporation is comprised of individuals, and humans are imperfect. Anything exploitable will eventually be exploited. Databases which were presumed to be secure are broken into every day. Just like personal information in other people's control will eventually be misused or exposed. It's just a matter of when.
In theory, a jailbroken iOS device is at higher risk of malware in general, be it rootkit level or otherwise. The thing is, I don't think very many business owners would hook up their credit card processing to a jailbroken device, do you? Maybe some tiny fraction, but with iOS it takes a very deliberate step to jailbreak, it doesn't happen by accident. You'd have to be pretty foolish to jailbreak your device and then use it to run all your business financial transactions.
On the other hand, Android devices are very fragile, from a security standpoint. It should be clear by the malware statistics (most studies I've seen show iOS at less than 1% of known malware). Security and privacy are more than just an OS, it's how you use your devices as well. But at the end of the day, if the device itself (OS, firmware, etc.) isn't secure, then nothing built on top of it can be secure.
Don't get me wrong, I'm frustrated by iOS as well, for completely different reasons. I'd like to have more control over my devices than Apple gives me, and I'd like to be free to easily install my own apps on my own device. As someone recently mentioned on another thread, I'd love to have Little Snitch for iOS, and without it I only run my iOS devices in managed environments. This is not a security issue though, it's a privacy issue, and it's even worse on (most) Android devices because of all the services that comes preinstalled.
There are a lot of issues with mobile these days in general, but I think the initial comment by the person who said they wouldn't trust an Android device to run CC authorizations has a justifiable concern, more so than an iOS device doing the same thing.
This news kinda came out of the blue today, and something else too you might find worrisome. According to a Chinese government report Apple isn't using their own servers in China any longer. They've "dumped" their local iCloud storage into China Telecom servers if the reports are accurate. On the surface it wouldn't look to help keep Chinese users safe from prying eyes.
https://icloud.net/blog/68/apple-changed-icloud-storage-service-to-chinese-telecom-service-provider-fo/
Forbes alluded to just this possibility a few months ago
http://www.forbes.com/sites/sharifsakr/2014/01/27/apple-pact-with-china-mobile/
If accurate, I theorized at the beginning of Apple's push into China that there was no way the Chinese government would allow Apple to have their own data centers and App Store if it wasn't controlled by the Chinese. China Mobile is government owned. Apple would never have gotten wide distribution without ceding significant control to the Chinese.