Yeah, it's a huge mystery where Google makes their money. You should send the tip into your local news.
Google Wallet is more secure than an NYC taxi card swiper, so I'm not sure what you're going on about there. It is not less secure. Do some research. Do you jump every time someone says "Ebola" too?
No I don't jump about Ebola. That's a bunch of media-hyped nonsense and I don't watch sensationalized news which, if you follow the money, is paid for by eyeballs and advertising. That's why it's crap.
My point wasn't "oh whoa, look at where Google makes money" my point is that I don't care to be advertised to in exchange for free stuff. The product that they offer will always serve their needs to make money. In the event that they are no longer making money, they will either charge for the service (Google Apps) or shutter the service (Google Checkout).
The FACT is that my information and access to my Google Wallet can be performed with simple social engineering. If someone can get into my Google Wallet account, they have my purchase history and can access my funds. That's because it's stored in the cloud. I've had my PayPal account hacked too. Do you think Google or PayPal do anything about those hacks? Sure they tout how secure they are, but they can be accessed anywhere whether I am present or not.
So let's say I have one of the 5% of Android devices that can actually have Google Wallet and NFC integration... and let's say I'm geek enough to set up Google Wallet and link to a card, etc... the system is still only as secure as my passcode. We all know that no Android device has a fingerprint scanner that actually works in real-life usage (only on a spec sheet), so we are still relying on a passcode to use. Once the phone is unlocked (or hacked) you have full access to Google Wallet. What is the state of "find my phone" or "kill switch" capabilities on those phones?
I still resolve that the Google Wallet system is inherently less secure than Apple's implementation. I would challenge you to provide a link to the details regarding the NFC transfer of information that Google performs at point of sale and compare that to the tokenization concept and requirement of physical presence (fingerprint) that Apple uses.
It would have been easier to just whip a CC and swipe it (I know less secure). Video didn't help...
Not really. It's easier to get my phone than it is to get my wallet, pull the card out, wait until they tell me to swipe, and often they need to see the card itself, and then put it back in the wallet, and the wallet back in my pocket. I also have to sign using the card, if it's over some small amount, which you never have to do here.
At this point, you may be starting to embarrass other Android users (if that's even possible).... Stop.
I'm not the one who said security is the most important thing. If security is the most important thing, then Apple ][ must not ever hand a credit card to a server, right?
it's fun to see Americans getting to grips with wave to pay..
The US has had RFID and NFC setup for years, but a poor, insecure design has kept it from being wildly successful. Apple changed all that, and not for the US, for everywhere. Just check out waterrocket's video, below, to see what how a poorly designed system works.
I'm not the one who said security is the most important thing. If security is the most important thing, then Apple ][ must not ever hand a credit card to a server, right?
Wow! Just, wow! It's been less than 24 hours since ?Pay went live and you're already sour-graping your argument to say that security is a pointless consideration. :no:
Because it's current, secure, and effective, just like Apple Pay.
It isn't nearly as secure. First of all, it doesn't use a secure area for credit card info. Secondly it doesn't use one time tokens. Google creates a virtual credit card, which is considered to be less secure a method. Thirdly, Google is the payment processor. All Google Wallet transactions go through Google's own servers. So Google knows all about each transaction. And why would that matter? Because Google can't be trusted to keep that info to themselves, And it's also less secure as it resides on their servers.
Apple Pay is the opposite. No credit card data anywhere on your phone. Only an encrypted number that isn't from your card is in the Secure Enclave. A one time tokenized transaction number goes out to either the bank or credit card company. Apple sees none of this data unless, of course, you are buying something from them, and if you aren't using the card registered with Apple for the transaction, they don't see that data either.
No I don't jump about Ebola. That's a bunch of media-hyped nonsense and I don't watch sensationalized news which, if you follow the money, is paid for by eyeballs and advertising. That's why it's crap.
My point wasn't "oh whoa, look at where Google makes money" my point is that I don't care to be advertised to in exchange for free stuff. The product that they offer will always serve their needs to make money. In the event that they are no longer making money, they will either charge for the service (Google Apps) or shutter the service (Google Checkout).
The FACT is that my information and access to my Google Wallet can be performed with simple social engineering. If someone can get into my Google Wallet account, they have my purchase history and can access my funds. That's because it's stored in the cloud. I've had my PayPal account hacked too. Do you think Google or PayPal do anything about those hacks? Sure they tout how secure they are, but they can be accessed anywhere whether I am present or not.
So let's say I have one of the 5% of Android devices that can actually have Google Wallet and NFC integration... and let's say I'm geek enough to set up Google Wallet and link to a card, etc... the system is still only as secure as my passcode. We all know that no Android device has a fingerprint scanner that actually works in real-life usage (only on a spec sheet), so we are still relying on a passcode to use. Once the phone is unlocked (or hacked) you have full access to Google Wallet. What is the state of "find my phone" or "kill switch" capabilities on those phones?
I still resolve that the Google Wallet system is inherently less secure than Apple's implementation. I would challenge you to provide a link to the details regarding the NFC transfer of information that Google performs at point of sale and compare that to the tokenization concept and requirement of physical presence (fingerprint) that Apple uses.
There's no reason to debate the Google privacy stuff here. We're clearly on opposite sides of that issue, but that's not an issue. The point is that Google's services work, they work well, and they're convenient (for me, at least). They aren't free, and I don't claim otherwise.
I'm sorry you've been hacked. I haven't. Social engineering isn't going to gain anyone access to any of my accounts. You gotta crack that password.
Stealing my phone, well, personal security aside, I'm an avid Tasker user. There are tons of creative security solutions out there to prevent access using tasker. My phone will wipe itself instantly if it receives a certain text message. I can send that text from a stranger's phone while the guy is still running down the block (assuming he survived the theft itself). Unless I'm unconscious, the thief will not have time to figure out a passcode on a phone connected to my accounts.
Not many Wallet users? Ok. The stupidity or brilliance of other Android users or iPhone users is not my concern.
I agree that the Wallet solution is less secure than Apple Pay, and I think that Apple Pay will bring the popularity of these systems way up, and everyone will benefit. Wallet is secure enough though. I do think that people who shun Google solutions just because they're Google solutions are deluded.
What is it with some people and using foreign guns? Good ol' American-made for me.
I don't own any guns (yet), I just used that as an example because it popped into my mind.
I don't have much experience with guns and I've only fired guns once before on a gun range, a 2 barrel shot gun, a regular revolver and an uzzi is all that I have tried so far.
I will certainly look into American made, should I decide to acquire a few guns in the future. I do know that certain states are pushing gun manufacturers out of state, including my crappy, fascist state.
That was my question as well. Quick Check, as an example, has the NFC logo on their terminals, but are not listed as a participating location. I assume, then, that it wouldn't work. Here's hoping that list expands quickly (come one Shell, Hess, Sunoco, & Shoprite).
Actually, it is the PAYMENT SIDE that's crucial. If it accepts NFC from anyone and your bank or credit card is in, it works. People have used it in vending machines for crying out loud.
The US has had RFID and NFC setup for years, but a poor, insecure design has kept it from being wildly successful. Apple changed all that, and not for the US, for everywhere.
And ?Pay isn't limited to the US either:
Apple Pay already works abroad on supported NFC terminals w/ US-based cards
He's only incorrect in minor details. Everything else he said is correct. I notice that you didn't respond to the rest.
Really? You don't have to open Wallet. You don't have to pre-load Wallet with funds. I've already owned unlocking the phone and entering the Wallet PIN. Both systems require the phone near the terminal. What did I miss?
In what way Mel? Apple stores CC numbers for iTunes yet I've never seen you post any worries about them being hacked. I assume you happily have one of your own credit cards on file with them. Google's servers are no less secure than Apple's AFAIK.
Tokenization is a very common technique in NFC payment systems and is also used by Google Wallet. In the case of Google Wallet the token is generated through HCE (host-card emulation).
The only difference is that the transaction is managed by Google and the CC company while with Apple Pay it goes direct to the CC company. But that has nothing to do with security, you could argue that Apple's system is a little more private but that's not the same as more secure. Ow and just like with ApplePay Google Wallet doesn't send personal credit card information to the vendor (he gets a token). So both systems are better than physically giving your CC anyway.
A little more explanation (the explanation that follows isgenerally how HCE works, not just Wallet):
"Token for mapping an account: Within Google Wallet you can chose to use several different payment cards. However, when a payment is done at the POS, a dummy-account number is used. Your card numbers are not known by the handset; instead, an account token is used. When the transaction goes online, the account token is mapped back to the card of your preference (in the cloud!)."
It's a common misconception that Google Wallet uses tokenization in a secure manner. It does not use it in the way Apple Pay, and the new system that is in place does. The "token" Google uses is reusable, it's not a cone time token. As such, if you transaction is broken I to, as can be done with a portable NFC reader, a major security problem with NFC, that token might be usable for another transaction. The standard Apple Jesus, which apparently has been developed with Apple's input, is a one time token, even if it's intercepted, it can't be used.
It isn't nearly as secure. First of all, it doesn't use a secure area for credit card info. Secondly it doesn't use one time tokens. Google creates a virtual credit card, which is considered to be less secure a method. Thirdly, Google is the payment processor. All Google Wallet transactions go through Google's own servers. So Google knows all about each transaction. And why would that matter? Because Google can't be trusted to keep that info to themselves, And it's also less secure as it resides on their servers.
Apple Pay is the opposite. No credit card data anywhere on your phone. Only an encrypted number that isn't from your card is in the Secure Enclave. A one time tokenized transaction number goes out to either the bank or credit card company. Apple sees none of this data unless, of course, you are buying something from them, and if you aren't using the card registered with Apple for the transaction, they don't see that data either.
Google Wallet is indeed less secure than Apple Pay. I've not claimed otherwise. All values of less secure do not equal insecure. Every electronic system has vulnerabilities.
You are incorrect about the one-time tokens. The card number transmitted through NFC during a Wallet purchase is a one-time card number. It actually creates Master Card numbers for my Discover purchases.
It seems simple enough but it really doesn't seem any easier than pulling out a card from my wallet. Of course, security is another matter but since I don't have to pay a penny for my card being used fraudulently who cares? I will say it definitely looks better than anything I have seen on Android. I think it will probably be more convenient with the Apple Watch.
That being said, I will be merciless with the snarky comments the first time I am in line behind an Apple Pay user and it isn't working. :D
-kpluck
If you're as snarky as you are here, I wouldn't be surprised if someone turns around and punches you out. It's easy to be snarky online. Don't try that with people you don't know. Life isn't a situation comedy.
Comments
Yeah, it's a huge mystery where Google makes their money. You should send the tip into your local news.
Google Wallet is more secure than an NYC taxi card swiper, so I'm not sure what you're going on about there. It is not less secure. Do some research. Do you jump every time someone says "Ebola" too?
No I don't jump about Ebola. That's a bunch of media-hyped nonsense and I don't watch sensationalized news which, if you follow the money, is paid for by eyeballs and advertising. That's why it's crap.
My point wasn't "oh whoa, look at where Google makes money" my point is that I don't care to be advertised to in exchange for free stuff. The product that they offer will always serve their needs to make money. In the event that they are no longer making money, they will either charge for the service (Google Apps) or shutter the service (Google Checkout).
The FACT is that my information and access to my Google Wallet can be performed with simple social engineering. If someone can get into my Google Wallet account, they have my purchase history and can access my funds. That's because it's stored in the cloud. I've had my PayPal account hacked too. Do you think Google or PayPal do anything about those hacks? Sure they tout how secure they are, but they can be accessed anywhere whether I am present or not.
So let's say I have one of the 5% of Android devices that can actually have Google Wallet and NFC integration... and let's say I'm geek enough to set up Google Wallet and link to a card, etc... the system is still only as secure as my passcode. We all know that no Android device has a fingerprint scanner that actually works in real-life usage (only on a spec sheet), so we are still relying on a passcode to use. Once the phone is unlocked (or hacked) you have full access to Google Wallet. What is the state of "find my phone" or "kill switch" capabilities on those phones?
I still resolve that the Google Wallet system is inherently less secure than Apple's implementation. I would challenge you to provide a link to the details regarding the NFC transfer of information that Google performs at point of sale and compare that to the tokenization concept and requirement of physical presence (fingerprint) that Apple uses.
Not really. It's easier to get my phone than it is to get my wallet, pull the card out, wait until they tell me to swipe, and often they need to see the card itself, and then put it back in the wallet, and the wallet back in my pocket. I also have to sign using the card, if it's over some small amount, which you never have to do here.
At this point, you may be starting to embarrass other Android users (if that's even possible).... Stop.
I'm not the one who said security is the most important thing. If security is the most important thing, then Apple ][ must not ever hand a credit card to a server, right?
No, tapping is not necessary.
Simply holding the phone near the terminal for a moment is enough to show the Apple Pay screen on your iPhone.
The US has had RFID and NFC setup for years, but a poor, insecure design has kept it from being wildly successful. Apple changed all that, and not for the US, for everywhere. Just check out waterrocket's video, below, to see what how a poorly designed system works.
Thank you for pointing out an NFC-based payment system shouldn't work.
If it were up to me, I'd be carrying an AK-47 in my backpack, but unfortunately, that's not legal where I live.
What is it with some people and using foreign guns? Good ol' American-made for me.
Wow! Just, wow! It's been less than 24 hours since ?Pay went live and you're already sour-graping your argument to say that security is a pointless consideration. :no:
It isn't nearly as secure. First of all, it doesn't use a secure area for credit card info. Secondly it doesn't use one time tokens. Google creates a virtual credit card, which is considered to be less secure a method. Thirdly, Google is the payment processor. All Google Wallet transactions go through Google's own servers. So Google knows all about each transaction. And why would that matter? Because Google can't be trusted to keep that info to themselves, And it's also less secure as it resides on their servers.
Apple Pay is the opposite. No credit card data anywhere on your phone. Only an encrypted number that isn't from your card is in the Secure Enclave. A one time tokenized transaction number goes out to either the bank or credit card company. Apple sees none of this data unless, of course, you are buying something from them, and if you aren't using the card registered with Apple for the transaction, they don't see that data either.
He's only incorrect in minor details. Everything else he said is correct. I notice that you didn't respond to the rest.
Google's entire back end for this is less secure.
No I don't jump about Ebola. That's a bunch of media-hyped nonsense and I don't watch sensationalized news which, if you follow the money, is paid for by eyeballs and advertising. That's why it's crap.
My point wasn't "oh whoa, look at where Google makes money" my point is that I don't care to be advertised to in exchange for free stuff. The product that they offer will always serve their needs to make money. In the event that they are no longer making money, they will either charge for the service (Google Apps) or shutter the service (Google Checkout).
The FACT is that my information and access to my Google Wallet can be performed with simple social engineering. If someone can get into my Google Wallet account, they have my purchase history and can access my funds. That's because it's stored in the cloud. I've had my PayPal account hacked too. Do you think Google or PayPal do anything about those hacks? Sure they tout how secure they are, but they can be accessed anywhere whether I am present or not.
So let's say I have one of the 5% of Android devices that can actually have Google Wallet and NFC integration... and let's say I'm geek enough to set up Google Wallet and link to a card, etc... the system is still only as secure as my passcode. We all know that no Android device has a fingerprint scanner that actually works in real-life usage (only on a spec sheet), so we are still relying on a passcode to use. Once the phone is unlocked (or hacked) you have full access to Google Wallet. What is the state of "find my phone" or "kill switch" capabilities on those phones?
I still resolve that the Google Wallet system is inherently less secure than Apple's implementation. I would challenge you to provide a link to the details regarding the NFC transfer of information that Google performs at point of sale and compare that to the tokenization concept and requirement of physical presence (fingerprint) that Apple uses.
There's no reason to debate the Google privacy stuff here. We're clearly on opposite sides of that issue, but that's not an issue. The point is that Google's services work, they work well, and they're convenient (for me, at least). They aren't free, and I don't claim otherwise.
I'm sorry you've been hacked. I haven't. Social engineering isn't going to gain anyone access to any of my accounts. You gotta crack that password.
Stealing my phone, well, personal security aside, I'm an avid Tasker user. There are tons of creative security solutions out there to prevent access using tasker. My phone will wipe itself instantly if it receives a certain text message. I can send that text from a stranger's phone while the guy is still running down the block (assuming he survived the theft itself). Unless I'm unconscious, the thief will not have time to figure out a passcode on a phone connected to my accounts.
Not many Wallet users? Ok. The stupidity or brilliance of other Android users or iPhone users is not my concern.
I agree that the Wallet solution is less secure than Apple Pay, and I think that Apple Pay will bring the popularity of these systems way up, and everyone will benefit. Wallet is secure enough though. I do think that people who shun Google solutions just because they're Google solutions are deluded.
What is it with some people and using foreign guns? Good ol' American-made for me.
I don't own any guns (yet), I just used that as an example because it popped into my mind.
I don't have much experience with guns and I've only fired guns once before on a gun range, a 2 barrel shot gun, a regular revolver and an uzzi is all that I have tried so far.
I will certainly look into American made, should I decide to acquire a few guns in the future. I do know that certain states are pushing gun manufacturers out of state, including my crappy, fascist state.
That was my question as well. Quick Check, as an example, has the NFC logo on their terminals, but are not listed as a participating location. I assume, then, that it wouldn't work. Here's hoping that list expands quickly (come one Shell, Hess, Sunoco, & Shoprite).
Actually, it is the PAYMENT SIDE that's crucial. If it accepts NFC from anyone and your bank or credit card is in, it works. People have used it in vending machines for crying out loud.
And ?Pay isn't limited to the US either:
Apple Pay already works abroad on supported NFC terminals w/ US-based cards
http://9to5mac.com/2014/10/21/apple-pay-already-works-abroad-on-supported-nfc-terminals-w-us-based-cards/
He's only incorrect in minor details. Everything else he said is correct. I notice that you didn't respond to the rest.
Really? You don't have to open Wallet. You don't have to pre-load Wallet with funds. I've already owned unlocking the phone and entering the Wallet PIN. Both systems require the phone near the terminal. What did I miss?
You're right -- I forgot the pin on Wallet. So used to entering it -- still goes as fast as TouchID (usually...).
But much less secure. I just saw your PIN over your shoulder. Can you see my thumbprint?
It's a common misconception that Google Wallet uses tokenization in a secure manner. It does not use it in the way Apple Pay, and the new system that is in place does. The "token" Google uses is reusable, it's not a cone time token. As such, if you transaction is broken I to, as can be done with a portable NFC reader, a major security problem with NFC, that token might be usable for another transaction. The standard Apple Jesus, which apparently has been developed with Apple's input, is a one time token, even if it's intercepted, it can't be used.
It isn't nearly as secure. First of all, it doesn't use a secure area for credit card info. Secondly it doesn't use one time tokens. Google creates a virtual credit card, which is considered to be less secure a method. Thirdly, Google is the payment processor. All Google Wallet transactions go through Google's own servers. So Google knows all about each transaction. And why would that matter? Because Google can't be trusted to keep that info to themselves, And it's also less secure as it resides on their servers.
Apple Pay is the opposite. No credit card data anywhere on your phone. Only an encrypted number that isn't from your card is in the Secure Enclave. A one time tokenized transaction number goes out to either the bank or credit card company. Apple sees none of this data unless, of course, you are buying something from them, and if you aren't using the card registered with Apple for the transaction, they don't see that data either.
Google Wallet is indeed less secure than Apple Pay. I've not claimed otherwise. All values of less secure do not equal insecure. Every electronic system has vulnerabilities.
You are incorrect about the one-time tokens. The card number transmitted through NFC during a Wallet purchase is a one-time card number. It actually creates Master Card numbers for my Discover purchases.
If you're as snarky as you are here, I wouldn't be surprised if someone turns around and punches you out. It's easy to be snarky online. Don't try that with people you don't know. Life isn't a situation comedy.
Hopefully, you are joking.