iTokens: Why it makes sense for Apple's rumored payment system to use tokenized transactions

1356

Comments

  • Reply 41 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by auxio View Post

     

     

    I'm assuming the CC data would be stored locally on the phone in the secure enclave (same as your fingerprint).  That way it could work even if there's no network connection available.


     

    NO.  I think this is backwards.  The CC info never has to be on your phone.  Your phone communicates with the POS (point of sale system) which communicates with the Apple backend system.   The CC info stays in the Apple backend system and Apple authorizes it and returns an authorized token back to the POS which completes the sale.   That is the only sane and logical way it could work and be an advance in security.

  • Reply 42 of 111
    chadbag wrote: »
    NO.  I think this is backwards.  The CC info never has to be on your phone.  Your phone communicates with the POS (point of sale system) which communicates with the Apple backend system.   The CC info stays in the Apple backend system and Apple authorizes it and returns an authorized token back to the POS which completes the sale.   That is the only sane and logical way it could work and be an advance in security.

    That sounds like it offers two issues.

    1) It creates a single point of failure for both being connected to the network and for hackers. Everyone having all your cards stolen or having no access to them is not something I will support. With this system if one can figure out your weak or reused password they could potentially use it with other Apple devices to gain access to your card info.

    2) There is no use of the secure enclave which is not storing the data on the standard NAND in the standard OS file system. Better to make all potential risks a one-to-one risk, like having your wallet stolen, except in this case they can't simply read and use the data off your cards.
  • Reply 43 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by SolipsismX View Post





    That sounds like it offers two issues.



    1) It creates a single point of failure for both being connected to the network and for hackers. Everyone having all your cards stolen or having no access to them is not something I will support. With this system if one can figure out your weak or reused password they could potentially use it with other Apple devices to gain access to your card info.



    2) There is no use of the secure enclave which is not storing the data on the standard NAND in the standard OS file system. Better to make all potential risks a one-to-one risk, like having your wallet stolen, except in this case they can't simply read and use the data off your cards.

     

    To #1 -- what is the single point of failure (vs any other system).  No one has your card data except the iTunes/Apple backend so the card data is not being stolen.  And I suspect the payment system will only work with touchID so your "reused password" is not opening up all your cards to misuse.

     

    I don't understand #2.   There is no card data to store locally so no need to use the secure enclave for it.  Having your phone stolen does not allow them to read and use the data off your cards.

  • Reply 44 of 111
    chadbag wrote: »
    To #1 -- what is the single point of failure (vs any other system).  No one has your card data except the iTunes/Apple backend so the card data is not being stolen.  And I suspect the payment system will only work with touchID so your "reused password" is not opening up all your cards to misuse.

    I don't understand #2.   There is no card data to store locally so no need to use the secure enclave for it.  Having your phone stolen does not allow them to read and use the data off your cards.

    Imagine a world where everyone use your setup.
    • Apple's servers compromised. Issuing companies now have to send out a billion new cards at once. Not realistic.
    • You use your password on several sites, it's weak, or someone knows it. They then use that to sign into their device to start uaing their device to make payments from your cards with the unique tokens the server sends them.
    • No internet connection (for whatever reason) equals no sale. Many companies have better redundant systems and will authenticate locally if their end happens to be down temporarily. You won't be so lucky because you'll never have that token to send.

    Remember Touch ID isn't your primary line of defense, your password is. Touch ID should be looked at as a convenience because if Touch ID fails too many times you have rinitialize it with your password.

    You need that secure enclave for your cards the same way you don't store your CC numbers in a draft email on Gmail. You want it local to that one device and not something everyone can access from anywhere in the world with your login.
  • Reply 45 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by SolipsismX View Post





    Imagine a world where everyone use your setup.

    • Apple's servers compromised. Issuing companies now have to send out a billion new cards at once. Not realistic.

    • You use your password on several sites, it's weak, or someone knows it. They then use that to sign into their device to start uaing their device to make payments from your cards with the unique tokens the server sends them.

    • No internet connection (for whatever reason) equals no sale. Many companies have better redundant systems and will authenticate locally if their end happens to be down temporarily. You won't be so lucky because you'll never have that token to send.


    Remember Touch ID isn't your primary line of defense, your password is. Touch ID should be looked at as a convenience because if Touch ID fails too many times you have rinitialize it with your password.



    You need that secure enclave for your cards the same way you don't store your CC numbers in a draft email on Gmail. You want it local to that one device and not something everyone can access from anywhere in the world with your login.

     

    If Apple's servers get compromised, yes, we are in for a world of hurt.  Same as if FIrst Data's servers get compromised, or any other processor (but First Data is the 800lb gorilla in processing).  Nor if the merchant's systems get hacked  if their backend system (and not a card skimmer) is what gets hacked.  Your plan does not solve this problem.

     

    If your password is weak or whatever, they cannot use your phone to make a payment unless TouchID lets them.  It is a combination of the two.  I am not sure what they have in mind to keep someone from logging in to your account with their device and using their TouchID.   I make the assumption that Apple would have thought about this.   However, storing the cards in the secure enclave on your device does not solve this as the data needs to be downloaded from somewhere, which is the backend Apple or iTunes servers.  Having to manually enter all that data in is probably a nonstarter and restricts you to the one device.  We'll have to see what Apple's plans actually are to continue this.

     

    The "no internet connection" makes no sense.  Whatever you can do with no internet connection with a real card, you can do with the token based system.  Your phone does not need the internet connection, just the merchant.   Right now, the merchant, if his connection is down, has two choices:  take the card, delay running it until the connection is up, and let you take the stuff now, trusting it will go through, or, as an alternative, to tell you to wait until the connection is back.   Those same two options would exist under a hypothetical Apple token based system.

     

    Storing the CC info in the secure enclave is not needed, and is a lot less secure than an encrypted token based system where the credit card info is stored in a backend system.  No one sees your card info in the transaction except the backends -- Apple's and the processors.  It is a lot easier to protect those areas than it is to protect the data in the wild at the merchants as well as on your phone as well as on the backends (merchants backend as well as processors).   You just multiply who has has access to the card data.

     

    I won't claim to be an expert, but I have written credit card processing clients for iOS, and currently work with a company that is working to do peer to peer payments, so I have been exposed to a lot with regards to credit cards, as well as protecting data, etc.

  • Reply 46 of 111
    chadbag wrote: »
    If your password is weak or whatever, they cannot use your phone to make a payment unless TouchID lets them.

    I didn't read past this point because that point is so severely misguided it needs it's own post.

    Touch ID can be setup on any device with the HW. Touch ID is not tied to your Apple ID like your Apple ID password.

    Scenerio: Let's say it's a few months from now and you an iPhone and iPad with Touch ID. You do realize that that hashes for the prints — even if using the same finger(s) — will be different, right?

    With your system I can steal your username and password and then simply input my finger print, nose print, bell end, or cat paw into my phone to be able to use your CCs because Tohch ID is now enabled under your Apple ID.
  • Reply 47 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by SolipsismX View Post





    I didn't read past this point bevause that point is so severely misguided it needs it's own post.



    Touch ID can be setup on any device with the HW. Touch ID is not tied to your Apple ID like your Apple ID password.



    Scenerio: Let's say it's a few months from now and you an iPhone and iPad with Touch ID. You do realize that that hashes for the prints — even if using the same finger(s) — will be different, right?



    With your system I can steal your username and password and then simply input my finger print, nose print, bell end, or cat paw into my phone to be able to use your CCs because Tohch ID is now enabled under your Apple ID.

     

     

    You are describing as it is right now.  If you had read what I had written, you would have seen that I "waved my hands" over this particular issue and said that I make the assumption that Apple would have solved this issue.  I am sure that if you and I can think of and understand this issue, Apple would have thought of it as well and come up with a solution.

     

    Next...

  • Reply 48 of 111
    chadbag wrote: »
    You are describing as it is right now.  If you had read what I had written, you would have seen that I "waved my hands" over this particular issue and said that I make the assumption that Apple would have solved this issue.  I am sure that if you and I can think of and understand this issue, Apple would have thought of it as well and come up with a solution.

    Next...

    You can't yada yada yada technology into being and your suggestion that Apple can do anything you want them do by waving your hands is absolutely absurd. There are inherent limitations to all technology so you need to first understand the technology so you can understand how it can evolve. Apple doesn't perform miracles despite all this supposed hand waving. You might as well say, Apple will invent a perpetual motion machine "waves hands" unlimited power.
  • Reply 49 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by SolipsismX View Post





    You can't yada yada yada technology into being and your suggestion that Apple can do anything you want them do by waving your hands is absolutely absurd. There are inherent limitations to all technology so you need to first understand the technology so you can understand how it can evolve. Apple doesn't perform miracles despite all this supposed hand waving. You might as well say, Apple will invent a perpetual motion machine "waves hands" unlimited power.

     

    Whatever.   yada yada yada handwaving on the link between TouchID and the AppleID -- solving the problem you pointed out -- is a lot different than a perpetual motion machine.     It is a simple problem and one that will have been attended to.  We are speaking about future (probably in the next 1-3 hours announced) technology and speculating.

     

    I work in technology and have since the late 80s.  I have worked with Apple technologies almost as long.  I work in a payment related field right now doing iOS engineering.   The problem you identified is not a tough one to solve and Apple will have solved it.  We just have to wait and see what the solution is.   It is not magical handwaving over impossible problems and your attempts to discredit the whole thing based on one point, comparing to fantasy solutions like perpetual motions machines,  are disingenuous. 

     

    Your ideas to store the CC in the "Secure Enclave" in the Ax chip are also not very smart and do not solve the major fraud and security issues in the payment industry.

  • Reply 50 of 111
    chadbag wrote: »
    Your ideas to store the CC in the "Secure Enclave" in the Ax chip are also not very smart and do not solve the major fraud and security issues in the payment industry.

    As explained already, it most certainly will.
  • Reply 51 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by SolipsismX View Post





    As explained already, it most certainly will.

     

    As explained already, it most certainly won't.  

     

    It does nothing to stop hacked merchant servers, hacked communications streams, or the spread of CC numbers in the system.

     

    It does solve the problem with "signature based" cards being stolen and used inappropriately.  That is about it.   It is basically a card-less version of the chip-based cards.

  • Reply 52 of 111
    chadbag wrote: »
    As explained already, it most certainly won't.  

    It does nothing to stop hacked merchant servers, hacked communications streams, or the spread of CC numbers in the system.

    It does solve the problem with "signature based" cards being stolen and used inappropriately.  That is about it.   It is basically a card-less version of the chip-based cards.

    Nope.
  • Reply 53 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by SolipsismX View Post





    Nope.

     

    Yep. 

     

    You've provided NO evidence to the contrary.

  • Reply 54 of 111
    chadbag wrote: »
    Yep. 

    You've provided NO evidence to the contrary.

    There have dozens of threads on mobile payment solutions detailing the pros and cons of every type for months now.
  • Reply 55 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by SolipsismX View Post





    There have dozens of threads on mobile payment solutions detailing the pros and cons of every type for months now.

     



    You can apologize now, since Apple Pay does not store your CC info on the device, but rather a device specific token.

     

    Also, unrelated, they are shipping the 5.5" as well.

  • Reply 56 of 111
    chadbag wrote: »


    You can apologize now, since Apple Pay does not store your CC info on the device, but rather a device specific token.

    Also, unrelated, they are shipping the 5.5" as well.

    Which is exactly what I said it would do. You said it wouldn't store anything in the secure enclave.
  • Reply 57 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by SolipsismX View Post





    Which is exactly what I said it would do. You said it wouldn't store anything in the secure enclave.

     

    You said it would store the CC info in the secure enclave.   I said it wouldn't.   I said they would have a solution to the problem of touchID and AppleID and that is to store the token on a per device basis in the secure enclave.  I never claimed they would not store that there.  I was referring to your claim of storing the CC info on the device.

     

    Basically what I outlined (and all it was was an outline) is what they are doing.  The details were filled in by Apple today.  I never said "secure enclave" would not be part of it.  I said that they would not be storing the CC numbers/info in it.

  • Reply 58 of 111
    solipsismxsolipsismx Posts: 19,566member
    chadbag wrote: »
    You said it would store the CC info in the secure enclave.   I said it wouldn't.   I said they would have a solution to the problem of touchID and AppleID and that is to store the token on a per device basis in the secure enclave.  I never claimed they would not store that there.  I was referring to your claim of storing the CC info on the device.

    Basically what I outlined (and all it was was an outline) is what they are doing.  The details were filled in by Apple today.  I never said "secure enclave" would not be part of it.  I said that they would not be storing the CC numbers/info in it.

    You said it would be stored on Apple' servers to connect when you made a purchase. I've also stated many time that the secure enclave would allow for token to be used so the actual number isn't saved locally. I've even detailed how and why a hash would be used and the inherited security. Again, LOCAL. Your concept is flawed from the ground up regardless of tokens being used.

    edit: Here's what I said in this thread… and many, many time since this rumour started, as well being hard on NFC being adopted despite the anti-NFC crowd here after Android adopted it without any infrastructure to make it feasible.
    No one saying that NFC is inherently safer than a long-range transmission protocol was saying that tokens were to not be used. You use several methods of various security measures to ensure the safest possible transaction. I've talked about tokens and hashes on the secure enclave on multiple occasions whilst also saying that NFC is a safer solution to do its inherent design. Whether Apple uses any of these measures is another issue altogether, even though I think they will, pretty much anything is better than a physical card with your name, number and expiration printed on it.
    I'm all for any token-based system. It's hard to imagine that whatever Apple does it's not safer than using a CC. I suppose the hash could be reverse engineered and they could find a way into your iPhone's secure enclave but that seems like a huge order compared to just stealing your credit card. Now if this hack is universal and they can use the same program to reverse any hash then even canceling your cards and inputting new ones would be useless for added security against those individuals, but they would still need access to your device, unless they can find a way to get access remotely. I suppose that whatever SW Apple uses will be isolated from every app but they can make mistakes, so who knows.


    And here is what you've been saying…
    Apple's system on the other hand, could generate a one time token on the device and send that to the backend "iTunes-based" server, since the card numbers are already stored by Apple in iTunes backend.

    I don't want my half dozen cards stored on an iTunes Server! I want my cards to be added to my device's secure enclave the way my fingerprint is added to my device's secure enclave. In neither case it's just a hash. That should be clear if you're familiar with how your fingerprints are stored… but it's all LOCAL.
  • Reply 59 of 111
    chadbagchadbag Posts: 1,999member
    Quote:

    Originally Posted by SolipsismX View Post





    You said it would be stored on Apple' servers to connect when you made a purchase. I've also stated many time that the secure enclave would allow for token to be used so the actual number isn't saved locally. I've even detailed how and why a hash would be used and the inherited security. Again, LOCAL. Your concept is flawed from the ground up regardless of tokens being used.

     

     

    My concept is not flawed.  It is what Apple is doing (in a general outline, which is all I ever said).   The CC info IS stored on the Apple servers OR at the processors servers from what I can tell.   It says you add in your iTunes or other CC to the system.  Someone has to store the CC info.  Either Apple or the processor.  Depends on how far the token is being transmitted.

     

    You were very clear on the local storage being the CC info.  It isn't.  You were wrong.

  • Reply 60 of 111
    solipsismxsolipsismx Posts: 19,566member
    chadbag wrote: »
    My concept is not flawed.  It is what Apple is doing (in a general outline, which is all I ever said).   The CC info IS stored on the Apple servers OR at the processors servers from what I can tell.   It says you add in your iTunes or other CC to the system.  Someone has to store the CC info.  Either Apple or the processor.  Depends on how far the token is being transmitted.

    You were very clear on the local storage being the CC info.  It isn't.  You were wrong.

    1) The issuing company stores it because they issued it.

    2) if you can show me where I can input a half dozen CCs into my iTunes or iCloud account so they get loaded into an iPhone 6's secure enclave as tokens I'll gladly say I was wrong… and that Apple is doing it wrong.
Sign In or Register to comment.