Tokenization is a very common technique in NFC payment systems and is also used by Google Wallet. In the case of Google Wallet the token is generated through HCE (host-card emulation).
The only difference is that the transaction is managed by Google and the CC company while with Apple Pay it goes direct to the CC company. But that has nothing to do with security, you could argue that Apple's system is a little more private but that's not the same as more secure. Ow and just like with ApplePay Google Wallet doesn't send personal credit card information to the vendor (he gets a token). So both systems are better than physically giving your CC anyway.
A little more explanation (the explanation that follows isgenerally how HCE works, not just Wallet):
"Token for mapping an account: Within Google Wallet you can chose to use several different payment cards. However, when a payment is done at the POS, a dummy-account number is used. Your card numbers are not known by the handset; instead, an account token is used. When the transaction goes online, the account token is mapped back to the card of your preference (in the cloud!)."
It's a common misconception that Google Wallet uses tokenization in a secure manner. It does not use it in the way Apple Pay, and the new system that is in place does. The "token" Google uses is reusable, it's not a cone time token. As such, if you transaction is broken I to, as can be done with a portable NFC reader, a major security problem with NFC, that token might be usable for another transaction. The standard Apple Jesus, which apparently has been developed with Apple's input, is a one time token, even if it's intercepted, it can't be used.
Anyone with a brain knows you meant "uses" and not "jesus" but this gave me the giggles
Back on topic it appears apple has the most secure token system. However the fact remains that at least in the US, non of us are on the hook for fraudulent charges and the NSA knows everything anyway, so splitting the fine hairs regarding this security is kind of just spinning our wheels.
What matters is convenience. I have not used tap to pay or apple pay yet, but it looks about as convenient as swiping a card to me. Most of the time I swipe my card while the cashier is still ringing me up. The terminals I come across almost all say "swipe card anytime" while the cashier is scanning the stuff I am buying. I guess my point is that all of these options seem like a pretty safe, pretty easy way to make a purchase.
Used it at Whole Foods last night. It was so simple I wasn't sure it had even worked ... But was then surprised that I sti had to sign for the purchase.
What? Why? A signature in addition to Apple Pay is a bit backward.
Physical cards are [or soon will be] history -- for savvy consumers.
How soon is soon? When we can use an ATM with an iPhone, maybe.
I noticed that you can call the bank, but it doesn't show you the number. Do you suppose Passbook is smart enough to call the Spanish phone number or the international number when appropriate? Once you do reach customer support, probably the first thing they are going to ask is what is the number on the card or the CVV number. BoA doesn't even show you the name on the card or when it expires. Thanks. but my plastic is staying in my wallet.
I'm just not as optimistic that every little restaurant, florist, dry cleaner and gas station, pay at the pump is going to be accepting ?Pay any time soon. Switching to ?Pay will be a big inconvenience for many stores and is going to take a long time before it is universal, if ever.
Has anyone tried to returned any merchandise yet using ?Pay?
Mel, are you doing any background reading before making some of your recent comments on how Google Wallet works and what the requirements are?
The current version of Google Wallet is compatible with any Google Android phone running 2.3 or higher. That's means essentially all of "em Mel. Like with Apple Pay the other half of the requirement, NFC, may not be part of the device's hardware tho. Note that it's not at all unusual to find three year old Android smartphones with NFC so I'd guess far more smartphones are compatible with Google Wallet than not.
Personally I don't see any reason for the thread to have veered off into a Google discussion in the first place (Waterrockets perhaps), or why so many are seemingly anxious to tie Apple success with Apple Pay into a grudge match with Google Wallet. Quite obviously a rising tide lifts all ships, so the other half+ of the market that uses a different OS will see greater uptake of virtual wallets too. Until Apple came on board there was no big incentive for the providers and retailers to make the necessary changes. With the perfect storm of recent data hacks adding to the advantages now there is.
Apple Pay is a well-timed and thought-out feature. Kudos to Apple for that.
Yes, I investigate this. I have several friends with Android phones who are stuck on older versions of Wallet. When they try to update it, they are given a message which reads something like this:
This phone/OS does not support this version.
This reminds me of the situation shortly after Android first came out. I said that many Android phones won't be able to update, and many won't be able to update more than once. I was flamed, here, and in other places, by Android users. However, I turned out to be correct, and they weren't. This is the same thing. So you say that it's easy to update to the latest version, for everyone, I imagine, but in reality, it's not.
By the way, while I certainly don't mind you calling me by my first name, I would appreciate if you gave me yours to respond to. Calling you Gator, or Guy is silly.
Yes, I investigate this. I have several friends with Android phones who are stuck on older versions of Wallet. When they try to update it, they are given a message which reads somethi g like this:
This phone/OS does not support this version.
Hmmm. . . They're running even older versions of Android than the 4 year old Gingerbread then? That's pretty rare I think.
edit: One of the part-timers here has an old Samsung Galaxy S model from T-Mo, at least 2 or 3 years old. Just had him check and the latest Google Wallet version downloaded and installed just fine. It's running Gingerbread as the OS
Used it at Whole Foods last night. It was so simple I wasn't sure it had even worked ... But was then surprised that I sti had to sign for the purchase.
What? Why? A signature in addition to Apple Pay is a bit backward.
Maybe they think there's a possibility to add a stolen card to Apple Pay (I think there's a prevention for that) or it could just be that husband and wife occasionally use the same device e.g with multiple fingerprints and the store wants to know which person used the card. With a new system, people are going to be extra cautious or maybe they're just too used to security concerns from Android users paying by NFC:
http://www.techtimes.com/articles/11562/20140729/android-fake-id-flaw-puts-smartphones-tablets-risk.htm
"Scarily, malware can exploit the flaw to pose as Google Wallet and gain easy access to sensitive financial data and passwords. Even worse, since Google Wallet does not use Adobe Flash code that has already been patched, Google Wallet and other apps are still at risk in KitKat 4.4.4 and even in the forthcoming Android L release."
Physical cards are [or soon will be] history -- for savvy consumers.
Nobody goes out and about without their phone. iPhone 6 owners won't need to carry credit cards ... owners of other phones will.
And paying with ApplePay will be [monetarily] rewarding as well as convent!
I have to agree with him on this. It will take a long time before credit cards are obsolete. I assume that you do know this. While there are about 220,000 terminals that can accept this once they are updated to do so, it's estimated that there are between 10 and 15 million point of purchase sites in retail around the country. Almost all accept credit cards, and all accept cash.
Around the world, the situation is the same. Apple Pay will take some time to roll out to every country, a few years for many, a decade, or more for most everywhere else, and possibly forever for some spots, where cash will always be required.
Hmmm. . . They're running even older versions of Android than the 4 year old Gingerbread then? That's pretty rare I think.
edit: One of the part-timers here has an old Samsung Galaxy S model from T-Mo, at least 2 or 3 years old. Just had him check and the latest Google Wallet version downloaded and installed just fine. It's running Gingerbread as the OS
No. It's Gingerbread, and newer. It's just an Android problem that I've seen over the years. Some phone model and OS configurations seem to have odd problems like this. Some lack in the electronics, possibility.
Well, you got some of this right. Not all. I'm not starting a war here as I know that Apple Pay amazing in what it does. I do think Apple Pay is better and I could not wait for it to come out and love using it.
Quote:
<div class="quote-block" style="border:1px solid rgb(217,218,216);padding:10px;">Originally Posted by Adrayven
Second, you don't have a way to do it security from lock screen..
<div> </div>
</div>
Not true. You can place your phone by the NFC, it'll wake your phone, open the app for you to put in your pin, pay, leave. Or do it the way I do it and as I'm walking around getting stuff, I'm on my phone anyways doing work, just open the app when no one is around and put my pin and I can skip this step when I pay.
Quote:
<div class="quote-block" style="border:1px solid rgb(217,218,216);padding:10px;">Originally Posted by Adrayven
With your Android Phone, you need to:
Unlock phone
Open Google Wallet
Unlock Google Wallet
Load Google Wallet if not enough funds 'loaded into Google Wallet Account. If you have money in Google Wallet you can use it and you cannot charge directly to a CC/Debit Card.. must keep funds loaded.. hate that..
Place Android Phone near terminal to complete
</div>
Actually it's more like:
Place phone by NFC, pay and go.
Just like Apple Pay.
That's it. I know as I use all tech including this and have been for a while. It's not as hard as you are making it seem to be.
In fact, I ran a test yesterday with my iPhone 6 Plus and Note 4 with Apple Pay and Google Wallet. Both took the same amount of time to pay and go. Both were just as easy as the other. Both worked extremely well.
So Google Wallet is just as fast as Apple Pay as long as you open the app and enter your pin before reching checkout and give Google Wallet a head start. :rolleyes:
What has to be pointed out about Android, even though we all know it, is that many people don't have the ability to use the latest and the greatest. I know people who do have to do those things, because they are stuck with older forms of Google wallet, because their phones haven't yet been able to get the latest from Google. That will be true for some time. So, yes, there are many people who must unlock their phone then unlock Wallet. There are some that still must load their app with money, etc. I hope, for their sake, when they get new phones, that will disappear.
But I'm always amused when Android users point to the latest OS upgrade, and act as though that solves everyone's problems. Considering that most Android users will never be able to upgrade to that latest version, it solves few people's problems. That's the same thing as here. Im not goi g to pretend to know, with detail, every point of interest to every Andoud upgrade. Even Android users can't say they know that. But I've been following Google Wallet since it first was announced. It's gone through a nunber of changes. It's better now, but many people need to use older versions.
This is the single most frustrating part about the Android experience for me. Once I'm up and running on a Nexus, it's really just what I'm looking for, but getting to that point just absolutely sucks, and Apple kicks Google's ass up and down the street on "just making it work." That said, I'm also a bike racer who hand-builds all his own wheels, I'm a woodworker who built the cherry arts-and-crafts-style cabinets when we re-did our kitchen. So, I actually enjoy getting my hands dirty when I want something specific.
I think that the majority of the Android devices out there suck -- because of the "skinning" and update delays. I'm just not interested in any of it. I was excited about the Nexus 6 before it was announced, but then they only have a phablet form factor. I'm not keen on carrying that on bike rides in my jersey pocket... I don't think. Nexus 5 is getting old (though better than my current Nexus 4), but is unavailable right now. Google Play Edition phones are limited selection, but would work (HTC One M8... maybe) -- and they have timely updates and no skinning. The OnePlus One is a possibility, but may have quality issues, and it runs CyanogenMod, so will always be behind on updates -- at least it's not running a mfgr skin. There are rumors that the S5 will go GPE, so w/out any Samsung software, that could be a go...
I hear you though. I'm on a rare phone with current software. That said, it works really well, but it's not for everyone. My Wallet experience is indeed a convenient one, and I remain unconcerned about the few known security risks.
I have to agree with him on this. It will take a long time before credit cards are obsolete. I assume that you do know this. While there are about 220,000 terminals that can accept this once they are updated to do so, it's estimated that there are between 10 and 15 million point of purchase sites in retail around the country. Almost all accept credit cards, and all accept cash.
Around the world, the situation is the same. Apple Pay will take some time to roll out to every country, a few years for many, a decade, or more for most everywhere else, and possibly forever for some spots, where cash will always be required.
Agree that going "wallet less" in general will take some time (many years). As noted in other threads, beyond the credit card itself there are drivers licenses, health cards, and some need of cash. What ?Pay will help accelerate is the ability to carry "less" (e.g. one default credit card, rather than multiple that some people may have for different merchants, noted gov't ID, small cash), and to avoid carrying anything other than your phone on certain trips when you know that Apple Pay works there. Hopefully it will accelerate merchants/services making better use of Passport as well for loyalty cards, membership cards, etc. After a good 10+ months of usage, looking forward to some interesting advances in IOS9.
Apple Pay (NFC at the POS, and its use online) will be the biggest catalyst for payment system change in years.
I hate being that guy, but honestly i'm going to feel like a tool whipping out my phone to make payments. People behind me are just going to be rolling their eyes.
In terms of security it's a non issue. Credit card companies take care of 100% of fraud. I've never had credit card fraud in the 8 years i've been using them, and I use my credit card for everything.
So there it is...Really cool future, probably the future of the wallet. Not exactly going to go out of my way to use it.
I hate being that guy, but honestly i'm going to feel like a tool whipping out my phone to make payments. People behind me are just going to be rolling their eyes.
In terms of security it's a non issue. Credit card companies take care of 100% of fraud. I've never had credit card fraud in the 8 years i've been using them, and I use my credit card for everything.
So there it is...Really cool future, probably the future of the wallet. Not exactly going to go out of my way to use it.
I've had my credit card number stolen 5 times in the last 8 years. I've had it stolen in a taxi cab and the thief tried to buy $4,000 worth of furniture within 15 minutes of the theft. Stolen online while it sat in my pocket all day. Stolen in an airplane at 30,000 feet by the air steward after ordering a drink. I think you've just been lucky.
The problem is that in 2015, the credit card companies will no longer take the blame for retail theft. That's going to be on the retailer really soon. That's why this change is important. It also prevents your credit card and personal information from being stored on retailer's servers that can and have been hacked.
Maybe they think there's a possibility to add a stolen card to Apple Pay (I think there's a prevention for that) or it could just be that husband and wife occasionally use the same device e.g with multiple fingerprints and the store wants to know which person used the card. With a new system, people are going to be extra cautious or maybe they're just too used to security concerns from Android users paying by NFC:
http://www.techtimes.com/articles/11562/20140729/android-fake-id-flaw-puts-smartphones-tablets-risk.htm
"Scarily, malware can exploit the flaw to pose as Google Wallet and gain easy access to sensitive financial data and passwords. Even worse, since Google Wallet does not use Adobe Flash code that has already been patched, Google Wallet and other apps are still at risk in KitKat 4.4.4 and even in the forthcoming Android L release.".
One of the advantages of rolling security updates out via PlayServices and VerifyApps is that malware such as this can be quickly dealt with without relying on OS updates or involving the Android manufacturers. Google patched this for all devices using Gingerbread or better some months ago, in July, and within days of becoming aware of it. It's a non-issue for Google Android devices.
Comments
Tokenization is a very common technique in NFC payment systems and is also used by Google Wallet. In the case of Google Wallet the token is generated through HCE (host-card emulation).
The only difference is that the transaction is managed by Google and the CC company while with Apple Pay it goes direct to the CC company. But that has nothing to do with security, you could argue that Apple's system is a little more private but that's not the same as more secure. Ow and just like with ApplePay Google Wallet doesn't send personal credit card information to the vendor (he gets a token). So both systems are better than physically giving your CC anyway.
A little more explanation (the explanation that follows isgenerally how HCE works, not just Wallet):
"Token for mapping an account: Within Google Wallet you can chose to use several different payment cards. However, when a payment is done at the POS, a dummy-account number is used. Your card numbers are not known by the handset; instead, an account token is used. When the transaction goes online, the account token is mapped back to the card of your preference (in the cloud!)."
It's a common misconception that Google Wallet uses tokenization in a secure manner. It does not use it in the way Apple Pay, and the new system that is in place does. The "token" Google uses is reusable, it's not a cone time token. As such, if you transaction is broken I to, as can be done with a portable NFC reader, a major security problem with NFC, that token might be usable for another transaction. The standard Apple Jesus, which apparently has been developed with Apple's input, is a one time token, even if it's intercepted, it can't be used.
Anyone with a brain knows you meant "uses" and not "jesus" but this gave me the giggles
Back on topic it appears apple has the most secure token system. However the fact remains that at least in the US, non of us are on the hook for fraudulent charges and the NSA knows everything anyway, so splitting the fine hairs regarding this security is kind of just spinning our wheels.
What matters is convenience. I have not used tap to pay or apple pay yet, but it looks about as convenient as swiping a card to me. Most of the time I swipe my card while the cashier is still ringing me up. The terminals I come across almost all say "swipe card anytime" while the cashier is scanning the stuff I am buying. I guess my point is that all of these options seem like a pretty safe, pretty easy way to make a purchase.
What? Why? A signature in addition to Apple Pay is a bit backward.
Physical cards are [or soon will be] history -- for savvy consumers.
How soon is soon? When we can use an ATM with an iPhone, maybe.
I noticed that you can call the bank, but it doesn't show you the number. Do you suppose Passbook is smart enough to call the Spanish phone number or the international number when appropriate? Once you do reach customer support, probably the first thing they are going to ask is what is the number on the card or the CVV number. BoA doesn't even show you the name on the card or when it expires. Thanks. but my plastic is staying in my wallet.
I'm just not as optimistic that every little restaurant, florist, dry cleaner and gas station, pay at the pump is going to be accepting ?Pay any time soon. Switching to ?Pay will be a big inconvenience for many stores and is going to take a long time before it is universal, if ever.
Has anyone tried to returned any merchandise yet using ?Pay?
Although technically not a "launch partner," the physical Apple Stores should be mentioned somewhere.
Although technically not a "launch partner," the physical Apple Stores should be mentioned somewhere.
Has anyone seen their implementation? Their whole payment operation was based on roaming sales staff with Vodafone card readers and iPhones.
Yes, I investigate this. I have several friends with Android phones who are stuck on older versions of Wallet. When they try to update it, they are given a message which reads something like this:
This phone/OS does not support this version.
This reminds me of the situation shortly after Android first came out. I said that many Android phones won't be able to update, and many won't be able to update more than once. I was flamed, here, and in other places, by Android users. However, I turned out to be correct, and they weren't. This is the same thing. So you say that it's easy to update to the latest version, for everyone, I imagine, but in reality, it's not.
By the way, while I certainly don't mind you calling me by my first name, I would appreciate if you gave me yours to respond to. Calling you Gator, or Guy is silly.
Hmmm. . . They're running even older versions of Android than the 4 year old Gingerbread then? That's pretty rare I think.
edit: One of the part-timers here has an old Samsung Galaxy S model from T-Mo, at least 2 or 3 years old. Just had him check and the latest Google Wallet version downloaded and installed just fine. It's running Gingerbread as the OS
Maybe they think there's a possibility to add a stolen card to Apple Pay (I think there's a prevention for that) or it could just be that husband and wife occasionally use the same device e.g with multiple fingerprints and the store wants to know which person used the card. With a new system, people are going to be extra cautious or maybe they're just too used to security concerns from Android users paying by NFC:
http://www.techtimes.com/articles/11562/20140729/android-fake-id-flaw-puts-smartphones-tablets-risk.htm
"Scarily, malware can exploit the flaw to pose as Google Wallet and gain easy access to sensitive financial data and passwords. Even worse, since Google Wallet does not use Adobe Flash code that has already been patched, Google Wallet and other apps are still at risk in KitKat 4.4.4 and even in the forthcoming Android L release."
http://www.securityweek.com/vulnerability-found-google-wallet-alipay-payment-sdks
They just ruin it for everyone else by aiming to be first without doing it properly.
I have to agree with him on this. It will take a long time before credit cards are obsolete. I assume that you do know this. While there are about 220,000 terminals that can accept this once they are updated to do so, it's estimated that there are between 10 and 15 million point of purchase sites in retail around the country. Almost all accept credit cards, and all accept cash.
Around the world, the situation is the same. Apple Pay will take some time to roll out to every country, a few years for many, a decade, or more for most everywhere else, and possibly forever for some spots, where cash will always be required.
No. It's Gingerbread, and newer. It's just an Android problem that I've seen over the years. Some phone model and OS configurations seem to have odd problems like this. Some lack in the electronics, possibility.
Where's the Touch ID step? or am I missing something?
So you're lying?
So you're lying?
So Google Wallet is just as fast as Apple Pay as long as you open the app and enter your pin before reching checkout and give Google Wallet a head start. :rolleyes:
What has to be pointed out about Android, even though we all know it, is that many people don't have the ability to use the latest and the greatest. I know people who do have to do those things, because they are stuck with older forms of Google wallet, because their phones haven't yet been able to get the latest from Google. That will be true for some time. So, yes, there are many people who must unlock their phone then unlock Wallet. There are some that still must load their app with money, etc. I hope, for their sake, when they get new phones, that will disappear.
But I'm always amused when Android users point to the latest OS upgrade, and act as though that solves everyone's problems. Considering that most Android users will never be able to upgrade to that latest version, it solves few people's problems. That's the same thing as here. Im not goi g to pretend to know, with detail, every point of interest to every Andoud upgrade. Even Android users can't say they know that. But I've been following Google Wallet since it first was announced. It's gone through a nunber of changes. It's better now, but many people need to use older versions.
This is the single most frustrating part about the Android experience for me. Once I'm up and running on a Nexus, it's really just what I'm looking for, but getting to that point just absolutely sucks, and Apple kicks Google's ass up and down the street on "just making it work." That said, I'm also a bike racer who hand-builds all his own wheels, I'm a woodworker who built the cherry arts-and-crafts-style cabinets when we re-did our kitchen. So, I actually enjoy getting my hands dirty when I want something specific.
I think that the majority of the Android devices out there suck -- because of the "skinning" and update delays. I'm just not interested in any of it. I was excited about the Nexus 6 before it was announced, but then they only have a phablet form factor. I'm not keen on carrying that on bike rides in my jersey pocket... I don't think. Nexus 5 is getting old (though better than my current Nexus 4), but is unavailable right now. Google Play Edition phones are limited selection, but would work (HTC One M8... maybe) -- and they have timely updates and no skinning. The OnePlus One is a possibility, but may have quality issues, and it runs CyanogenMod, so will always be behind on updates -- at least it's not running a mfgr skin. There are rumors that the S5 will go GPE, so w/out any Samsung software, that could be a go...
I hear you though. I'm on a rare phone with current software. That said, it works really well, but it's not for everyone. My Wallet experience is indeed a convenient one, and I remain unconcerned about the few known security risks.
I have to agree with him on this. It will take a long time before credit cards are obsolete. I assume that you do know this. While there are about 220,000 terminals that can accept this once they are updated to do so, it's estimated that there are between 10 and 15 million point of purchase sites in retail around the country. Almost all accept credit cards, and all accept cash.
Around the world, the situation is the same. Apple Pay will take some time to roll out to every country, a few years for many, a decade, or more for most everywhere else, and possibly forever for some spots, where cash will always be required.
Agree that going "wallet less" in general will take some time (many years). As noted in other threads, beyond the credit card itself there are drivers licenses, health cards, and some need of cash. What ?Pay will help accelerate is the ability to carry "less" (e.g. one default credit card, rather than multiple that some people may have for different merchants, noted gov't ID, small cash), and to avoid carrying anything other than your phone on certain trips when you know that Apple Pay works there. Hopefully it will accelerate merchants/services making better use of Passport as well for loyalty cards, membership cards, etc. After a good 10+ months of usage, looking forward to some interesting advances in IOS9.
Apple Pay (NFC at the POS, and its use online) will be the biggest catalyst for payment system change in years.
I hate being that guy, but honestly i'm going to feel like a tool whipping out my phone to make payments. People behind me are just going to be rolling their eyes.
In terms of security it's a non issue. Credit card companies take care of 100% of fraud. I've never had credit card fraud in the 8 years i've been using them, and I use my credit card for everything.
So there it is...Really cool future, probably the future of the wallet. Not exactly going to go out of my way to use it.
I hate being that guy, but honestly i'm going to feel like a tool whipping out my phone to make payments. People behind me are just going to be rolling their eyes.
In terms of security it's a non issue. Credit card companies take care of 100% of fraud. I've never had credit card fraud in the 8 years i've been using them, and I use my credit card for everything.
So there it is...Really cool future, probably the future of the wallet. Not exactly going to go out of my way to use it.
I've had my credit card number stolen 5 times in the last 8 years. I've had it stolen in a taxi cab and the thief tried to buy $4,000 worth of furniture within 15 minutes of the theft. Stolen online while it sat in my pocket all day. Stolen in an airplane at 30,000 feet by the air steward after ordering a drink. I think you've just been lucky.
The problem is that in 2015, the credit card companies will no longer take the blame for retail theft. That's going to be on the retailer really soon. That's why this change is important. It also prevents your credit card and personal information from being stored on retailer's servers that can and have been hacked.
Apple Pay is apparently a trigger word for Fandroid insecurities.
One of the advantages of rolling security updates out via PlayServices and VerifyApps is that malware such as this can be quickly dealt with without relying on OS updates or involving the Android manufacturers. Google patched this for all devices using Gingerbread or better some months ago, in July, and within days of becoming aware of it. It's a non-issue for Google Android devices.