I'm sure many others have already answered you. This is not a proprietary payment _process_. It's leveraging industry-standard protocols that raise the bar of security. Yes, the device that holds the information (iPhone and iPad) is unique to Apple, but the process of how payment credentials are passed between that device, the merchant and the card card processor is not proprietary to Apple.
ApplePay is simply raising the bar of security through unique one-time card numbers generated at the time of purchase and as well as complete anonymity from end-to-end, plus the entire payment process executes faster. That's good for consumers and merchants. It is not something that Apple invented, but Apple is the first to fully take advantage of it and "do it right". Expect competitors to get their own systems in place in the coming years.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
Seems odd that a person who knows a four digit code can buy whatever they want with no driver license check, photo ID or any proof of legitimacy.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
Apple stores your credit card info on your behalf, rather than the merchant. Apple has proven their place within the credit card industry, and most consumers trust Apple to hold their card info.
I believe the unique card number that is sent from your iPhone through the merchant and then to the processing company is then used to look up the attached card between the processor and Apple.
Apple <--> You <--> Merchant <--> Processor <--> Apple
That means the merchant never needs to know and store your actual details, only Apple does. The one-time codes that the merchant receives become useless after that transaction.
The merchant has always been the weak link, so this new process solves that.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
Your merchant sends what is essentially an encrypted representation of your credit card number to your bank, which then decrypts the ciphertext to get your real number. Thus the merchant never handles your actual credit card number, and your bank can change the representation stored on your phone (and sent by the merchant) just by changing their encryption key.
To make a transaction, the representation of your credit card has to be paired with an identity. The purpose of authentication (whether by PIN, fingerprint, or other methods) is to provide that identity.
Apple stores your credit card info on your behalf, rather than the merchant. Apple has proven their place within the credit card industry, and most consumers trust Apple to hold their card info.
I believe the unique card number that is sent from your iPhone through the merchant and then to the processing company is then used to look up the attached card between the processor and Apple.
Apple <--> You <--> Merchant <--> Processor <--> Apple
That means the merchant never needs to know and store your actual details, only Apple does. The one-time codes that the merchant receives become useless after that transaction.
The merchant has always been the weak link, so this new process solves that.
Nothing I have read points to Apple being involved with the transaction.
?Pay-capable device <=> Merchant <=> … <=> Bank
It sounds like your financial institution will give you your representational card number and token to be stored in the secure element on your device.
Ok, I'm too lazy to go thru all 190+ comments so this is my 2¢ worth on the article…
It's easy to say BestBuy and Walmart are conspiring against Apple. Maybe they are. I don't think so. Face it, Apple Pay sounds good but is unproven. It could be great or it could be like 8.0.1. No one knows. Big companies face bigger risks. They're going to be cautious. That's normal; that's good business.
In a way I'm in the same situation. I'm debating on what I'll choose to replace my 4s…a 5s or a 6? 6 is kinda big for me. 5s is cheaper. Apple Pay is supported by my bank(s) so maybe 6. Apple Pay has yet to get widespread merchant support so maybe 5s. What am I going to do? The same thing BestBuy, Walmart, Sears, Kmart, etc. are doing -- wait. My 4s works fine, even with iOS 8. If Apple Pay works, it'll be adopted by the big stores and I'll buy an iPhone 6. If not, then…
Your merchant sends what is essentially an encrypted representation of your credit card number to your bank, which then decrypts the ciphertext to get your real number. Thus the merchant never handles your actual credit card number, and your bank can change the representation stored on your phone (and sent by the merchant) just by changing their encryption key.
I don't think it decrypts to get your real card number. I think it's more like an email alias — or more accurately the per app password in iCloud or per platform password in Gmail — where it simply ties to your account but it is not your actual card number. It does get decrypted by the financial institution but it's a unique per card per device representational number that, once decrypted, points to your account because it's the financial institution that created and sent to your device the value stored on your device's Secure Element.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
Seems odd that a person who knows a four digit code can buy whatever they want with no driver license check, photo ID or any proof of legitimacy.
You can try it yourself at Walgreens next Saturday.
Please yourself. Simple fact is, they do continue to make and support a variety of terminals.
The simple fact is that a Chip & PIN terminal with NFC WILL COST MORE and WILL COST MORE TO INTEGRATE than just Chip & PIN. So - why should a store spend more?
Here's a quick math calculation:
- There are 1801 Target stores in the US (http://pressroom.target.com/corporate)
- Assume each terminal costs $50.00 more with NFC over just Chip & PIN (that's being conservative)
- The Target stores in my area all have over 22 cash registers, but lets drop the average per store to 10
- 10 * 1801 * $50 = $900,500 just for the hardware to implement, not counting the system integration, additional staff training, and documentation.
That's a lot of money to spend on something where there is no clear winner, yet. These things have about a 5-year lifespan at best, so expect stores to upgrade when they see a clear path and when their terminals are due for a refresh. I don't see of lot of them doing that when the move forward with their Chip & PIN rollouts.
This is because i became a standard in Europe. Some countries the government made it a standard. The U.S. Government has not made this a standard "yet" although the amount of money and identity being stolen in the US am surprised they haven't. It's the assumption that the government is for the people to protect the people. But this has not happeneded. Their are government branches like the OCC and others that federally regulate the banking industry to protect the citizens and customers in the US but they havnt done anything on this part to protect from identity theft.
[QUOTE]A lot of people are saying the cost of hardware for merchants is a barrier. It does make me wonder how chip and PIN became ubiquitous in the UK. Even the smallest family run shops and cafes have wireless handheld terminals to take card transactions, and many accept contactless (NFC) payments already here, so why should it be any different in the US? I'd assumed that the banks provide the hardware as part of their merchant services.[/QUOTE]
(for some reason WSJ puts up a paywall if you visit links directly but if you visit them from Google, the paywall isn't there so you might have to google the title to read the whole article)
Payment processing fees are a nuisance for retailers because they cut into tax too. 1.5% fees might not sound like much but HP sells computers at 3% net margin and that's excluding tax. I think retailers just want the same process as cash but digitally so they can avoid lining the pockets of the banks for doing hardly anything in the transaction.
Think how frustrating it must be that you setup a whole store, employ staff, deal with orders, shipping, inventory, store layout, returns and the bank just has an automated service to move digits from one account to another and they could make the same profit you do.
To convince some retailers to get on board, Apple would probably have to get customers to fill their iTunes account with a transfer and then use that balance in a retail store without a fee but they'd have to take on the liability for fraud and I doubt customers will want to topup so much into iTunes and wire transfers are slow (probably on purpose to protect the card fees - they can process a card transaction in seconds but a wire transfer takes days hmmm, they aren't sending it via snail mail).
I expect retailers will adopt the new systems eventually. Walmart has over 11,000 stores so it's harder to introduce new technology on a whim. I'm sure they'll test it out to see if it will be beneficial. Just because it's beneficial to Apple and Apple users doesn't mean it will improve a retailer's own operation.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
The credit card information is not stored on your iPhone or at Apple. Only when the credit card is originally linked to the iPhone is the credit card information transmitted to the bank, to generate a unique proxy for the card. The proxy definition is stored in private space on the iPhone, in the Secure Element of the NFC chip. The proxy is used in a one-time password scheme for each purchase. Even if a third party manages to intercept and decrypt the one-time password, it can't be used again. If the iPhone is lost, the actual credit card or account does not need to be closed or cancelled--only the unique proxy needs to be cancelled.
Apple stores your credit card info on your behalf, rather than the merchant. Apple has proven their place within the credit card industry, and most consumers trust Apple to hold their card info.
I believe the unique card number that is sent from your iPhone through the merchant and then to the processing company is then used to look up the attached card between the processor and Apple.
Apple <--> You <--> Merchant <--> Processor <--> Apple
That means the merchant never needs to know and store your actual details, only Apple does. The one-time codes that the merchant receives become useless after that transaction.
The merchant has always been the weak link, so this new process solves that.
"Apple doesn’t store or have access to the card numbers you added to Apple Pay. Apple Pay only stores a portion of your actual card numbers and a portion your Device Account Numbers, along with a card description, to help you manage your cards." See http://support.apple.com/kb/HT6323 for complete description of Apple Pay security and privacy.
If they upgrade to chip and PIN, which is not NFC, why should they pay more to upgrade to NFC?
Because NfC transactions move faster freeing up the merchant payment line and you won't have some people walk out of your store because they don't want to wait in that line.
Comments
Apple Pay Merchants
The only merchant on that list that I shop at is Apple.
On my credit card statement all I see is:
Kroger (parent)
Chevron
Total Wine
United Airlines
Hertz
Marriott
Nordstrom
Apple
Lowe's
And the miscellaneous restaurant, car wash and dry cleaner
That pretty much sums up my life.
I'm sure many others have already answered you. This is not a proprietary payment _process_. It's leveraging industry-standard protocols that raise the bar of security. Yes, the device that holds the information (iPhone and iPad) is unique to Apple, but the process of how payment credentials are passed between that device, the merchant and the card card processor is not proprietary to Apple.
ApplePay is simply raising the bar of security through unique one-time card numbers generated at the time of purchase and as well as complete anonymity from end-to-end, plus the entire payment process executes faster. That's good for consumers and merchants. It is not something that Apple invented, but Apple is the first to fully take advantage of it and "do it right". Expect competitors to get their own systems in place in the coming years.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
Seems odd that a person who knows a four digit code can buy whatever they want with no driver license check, photo ID or any proof of legitimacy.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
Apple stores your credit card info on your behalf, rather than the merchant. Apple has proven their place within the credit card industry, and most consumers trust Apple to hold their card info.
I believe the unique card number that is sent from your iPhone through the merchant and then to the processing company is then used to look up the attached card between the processor and Apple.
Apple <--> You <--> Merchant <--> Processor <--> Apple
That means the merchant never needs to know and store your actual details, only Apple does. The one-time codes that the merchant receives become useless after that transaction.
The merchant has always been the weak link, so this new process solves that.
Walgreens planning October 18 Launch of Apple Pay.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
Your merchant sends what is essentially an encrypted representation of your credit card number to your bank, which then decrypts the ciphertext to get your real number. Thus the merchant never handles your actual credit card number, and your bank can change the representation stored on your phone (and sent by the merchant) just by changing their encryption key.
To make a transaction, the representation of your credit card has to be paired with an identity. The purpose of authentication (whether by PIN, fingerprint, or other methods) is to provide that identity.
Nothing I have read points to Apple being involved with the transaction.
It sounds like your financial institution will give you your representational card number and token to be stored in the secure element on your device.
Ok, I'm too lazy to go thru all 190+ comments so this is my 2¢ worth on the article…
It's easy to say BestBuy and Walmart are conspiring against Apple. Maybe they are. I don't think so. Face it, Apple Pay sounds good but is unproven. It could be great or it could be like 8.0.1. No one knows. Big companies face bigger risks. They're going to be cautious. That's normal; that's good business.
In a way I'm in the same situation. I'm debating on what I'll choose to replace my 4s…a 5s or a 6? 6 is kinda big for me. 5s is cheaper. Apple Pay is supported by my bank(s) so maybe 6. Apple Pay has yet to get widespread merchant support so maybe 5s. What am I going to do? The same thing BestBuy, Walmart, Sears, Kmart, etc. are doing -- wait. My 4s works fine, even with iOS 8. If Apple Pay works, it'll be adopted by the big stores and I'll buy an iPhone 6. If not, then…
I don't think it decrypts to get your real card number. I think it's more like an email alias — or more accurately the per app password in iCloud or per platform password in Gmail — where it simply ties to your account but it is not your actual card number. It does get decrypted by the financial institution but it's a unique per card per device representational number that, once decrypted, points to your account because it's the financial institution that created and sent to your device the value stored on your device's Secure Element.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
Seems odd that a person who knows a four digit code can buy whatever they want with no driver license check, photo ID or any proof of legitimacy.
You can try it yourself at Walgreens next Saturday.
Try it at a Walgreens store next Saturday.
It appears that most (all?) new credit card terminals include NFC, so it does not seem like merchants could even choose a non-NFC terminal regardless of any theoretical cost savings. Three recently breached companies (Target, Home Depot and Jewel/Albertson's) all seem to be using brand-new Verifone's MX915 terminals at every location I have visited in three widely separated states. See http://www.verifone.com/products/hardware/multimedia/ for details, where all of Verifone's consumer-facing terminals seem to be NFC-enabled. As of 2011, Verifone was promising that all of their POS terminals would include NFC (see http://www.nfcworld.com/2011/03/03/36359/verifone-to-include-nfc-in-all-new-pos-terminals/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+nfcw+(Near+Field+Communications+World)).
[QUOTE]A lot of people are saying the cost of hardware for merchants is a barrier. It does make me wonder how chip and PIN became ubiquitous in the UK. Even the smallest family run shops and cafes have wireless handheld terminals to take card transactions, and many accept contactless (NFC) payments already here, so why should it be any different in the US? I'd assumed that the banks provide the hardware as part of their merchant services.[/QUOTE]
Someone mentioned being able to track data but the retailers don't seem to like the credit card companies:
http://online.wsj.com/news/articles/SB10000872396390444025204577546760570824578
(for some reason WSJ puts up a paywall if you visit links directly but if you visit them from Google, the paywall isn't there so you might have to google the title to read the whole article)
Payment processing fees are a nuisance for retailers because they cut into tax too. 1.5% fees might not sound like much but HP sells computers at 3% net margin and that's excluding tax. I think retailers just want the same process as cash but digitally so they can avoid lining the pockets of the banks for doing hardly anything in the transaction.
Think how frustrating it must be that you setup a whole store, employ staff, deal with orders, shipping, inventory, store layout, returns and the bank just has an automated service to move digits from one account to another and they could make the same profit you do.
To convince some retailers to get on board, Apple would probably have to get customers to fill their iTunes account with a transfer and then use that balance in a retail store without a fee but they'd have to take on the liability for fraud and I doubt customers will want to topup so much into iTunes and wire transfers are slow (probably on purpose to protect the card fees - they can process a card transaction in seconds but a wire transfer takes days hmmm, they aren't sending it via snail mail).
I expect retailers will adopt the new systems eventually. Walmart has over 11,000 stores so it's harder to introduce new technology on a whim. I'm sure they'll test it out to see if it will be beneficial. Just because it's beneficial to Apple and Apple users doesn't mean it will improve a retailer's own operation.
I really don't understand how ?Pay works. The credit card info needs to go from my bank to the merchant bank without disclosing the card info. Very mysterious how that can happen without the CC number, name on card, zip code, expiration date and CCV code being sent.
The credit card information is not stored on your iPhone or at Apple. Only when the credit card is originally linked to the iPhone is the credit card information transmitted to the bank, to generate a unique proxy for the card. The proxy definition is stored in private space on the iPhone, in the Secure Element of the NFC chip. The proxy is used in a one-time password scheme for each purchase. Even if a third party manages to intercept and decrypt the one-time password, it can't be used again. If the iPhone is lost, the actual credit card or account does not need to be closed or cancelled--only the unique proxy needs to be cancelled.
"Apple doesn’t store or have access to the card numbers you added to Apple Pay. Apple Pay only stores a portion of your actual card numbers and a portion your Device Account Numbers, along with a card description, to help you manage your cards." See http://support.apple.com/kb/HT6323 for complete description of Apple Pay security and privacy.
Anyone know if the Microsoft store will be accepting ApplePay?
Bill Gates says Apple Pay is a fantastic idea.
See time 7:05 for Apple Pay comments...
Probably not. Although, I can't wait to go to the Apple store and pay with NFC with my Note 4.
If they upgrade to chip and PIN, which is not NFC, why should they pay more to upgrade to NFC?
1. People can forget their pins.
2. A thief can look over your shoulder and steal your pin as you enter it at the POS.
3. It is actually a slower process than using the unsecured magnetic cards where you don't need a pin.
Probably not. Although, I can't wait to go to the Apple store and pay with NFC with my Note 4.
That won't work because the processing is very different from Google Wallet.
For example, Apple does not collect any of your transaction info but Google collects it all on their servers and then bill your credit card.