Wow, what an eloquent rebuttal. Your "No" sure refuted my fistful of links proving my point.
That's right, whenever Apple is successful it because they only know how to market¡ :rolleyes:
Other than integrating with the fingerprint reader, that's what Apple has brought to the NFC payment business. And like I said, it's not an insubstantial contribution at all, because it's expanded the market substantially for NFC payments.
[quote name="Durandal1707" url="/t/184908/google-to-buy-softcard-take-on-apple-pay-in-new-agreement-with-u-s-carriers/80#post_2680192"]How old are you?[/QUOTE]
Old enough to know how to use language as a precision instrument instead of getting scared because I read some letters a particular order that my mommy told me were [I]cursed[/I].
[QUOTE]Wow, what an eloquent rebuttal. Your "No" sure refuted my fistful of links proving my point.[/QUOTE]
I already countered those "points" before you made them, you just choose to refuse to accept the truth about the end-to-end solution Apple brought to mobile payments.
Yes.
You're saying that Softcard got with multinationals and banks in order to have them change their back-end system so that a representational card number could be stored on a per device basis, and then gave the banks control over the authentication when each physical card was to be used to get the representational card number from the financial institution directly so that only the bank and the bank customer were in the loop for this process so that even if the device was stolen or the number intercepted by a retail employee or in some other way during a payment that the number wouldn't be useful to them? BULL-FUCKING-SHIT!
Soli, I don't know how much Apple had to do with on-device tokanization and banks changing their back-end systems. I had read that was actually a standard proposed by the processors/banks/CC companies going back a few years. Apple is integrating that standard AFAIK.
"Bigger differences showed up in security. Softcard uses 10 of 13 security measures we examined—more than its rivals–giving it the best score. For example, though all of the mobile wallets use encrypted storage for sensitive data and require a PIN to unlock the wallet, Google and Loop let you turn off the wallet-lock timer. That makes it easier to pay at the check-out, but it also leaves the wallet open to unauthorized charges if you lose it or leave it unattended. On the other hand, Google and Softcard let you remotely disable the wallet if it's lost or stolen.
Apple Pay offers improved security, particularly with its Touch ID fingerprint authentication, that can take the place of a PIN to unlock the phone and wallet. That's important, because users soon tire of having to constantly punch in a PIN and surrender to the temptation to disable the auto locks altogether. The convenience of Touch ID should boost security, even though it can be disabled for the phone and Apple Pay.
Apple Pay also provides great security by generating a unique code or "token" for each transaction, which can't be re-used, and by storing "device account numbers" on the phone's encrypted chip, in place of your actual payment card account numbers. Even if a hacker gets those numbers, they can't be used outside of Apple Pay.
But Google Wallet and Softcard also use dynamic transaction tokens, and Google generates and stores "virtual card" substitutes for your real payment card numbers. So Apple Pay tokenization is not the innovation it's been tricked out to be. LoopPay says it will have tokenization in 2015.
All four wallets also check to make sure that the card properly belongs to the owner of the phone and virtual wallet, to prevent crooks from adding your card to their wallet."
Problem with that whole picture there is that Softcard and Google are the token vendors and keep your credit card data. With Apple Pay the bank that issues your card keeps the card numbers and authenticates the tokens thru the device ID of the secure element. In fact once you have fingerprinted for an Apple Pay purchase the transaction is completely between your bank and the vendor. BIG DIFFERENCE. I would not trust google or soft card with my credit card numbers in any way shape or form.
Soli, I don't know how much Apple had to do with on-device tokanization and banks changing their back-end systems. I had read that was actually a standard proposed by the processors/banks/CC companies going back a few years. Apple is integrating that standard AFAIK.
Apple didn't do any integrating because Apple's servers aren't involved in the banks authenticating your account, giving you the new number to stored locally, or involved in the payment via merchants.
Problem with that whole picture there is that Softcard and Google are the token vendors and keep your credit card data. With Apple Pay the bank that issues your card keeps the card numbers and authenticates the tokens thru the device ID of the secure element. In fact once you have fingerprinted for an Apple Pay purchase the transaction is completely between your bank and the vendor. BIG DIFFERENCE. I would not trust google or soft card with my credit card numbers in any way shape or form.
That doen't mean your purchase history is not being data mined and/or monetized. You may be expecting more privacy from using ApplePay or any other electronic payment method than it actually provides. Do you completely trust the banks and CC companies to not share what they know about you? http://www.creditcards.com/credit-card-news/credit-card-purchase-privacy-1282.php
Ultimately I expect all mobile payments to be pretty much exactly like ?Pay, insofar as the per device credentials are setup, saved and sent by each bank to the device. Meaning, there is no carrier or 3rd-party banks involved with the setup.
Perhaps Apple has an exclusivity right now, but if I were running Apple I wouldn't have requested such a thing because this sort of security is simply too beneficial to keep out of the hands of everyone. On the one hand that would hurt Apple's bottom line if it's not exclusive, but on the other it would help get more NFC-enabled devices at retailers which will help make ?Pay even more money for Apple. On top of that, banks can't end the fraud claims if people still carry a wallet with cards with them because NFC-based payments still aren't common enough, so the faster this end-to-end setup becomes the ubiquitous the better the results are banks, Apple and consumers.
Until others have biometric ID like Touch ID, putting Apple Pay in these is just asking for trouble. Imagine Apple Pay in an Android device authenticated by 4-digit PIN? Yeah, PIN at POS is easily intercepted by bystanders. BTW, I read an article about Google Wallet can be used out side of the app as long as you have the PIN. That sucks.
That doen't mean your purchase history is not being data mined and/or monetized. You may be expecting more privacy from using ApplePay or any other electronic payment method than it actually provides. Do you completely trust the banks and CC companies to not share what they know about you?
Does it mean anything with Apple Pay? Absolutely no. At least, I don't let more vendors/companies keep my financial info beside the banks. Home Depot and Target hacks remind you anything? If Apple Pay was used at these places, you wouldn't be worried if their POS got hacked.
Until others have biometric ID like Touch ID, putting Apple Pay in these is just asking for trouble. Imagine Apple Pay in an Android device authenticated by 4-digit PIN? Yeah, PIN at POS is easily intercepted by bystanders. BTW, I read an article about Google Wallet can be used out side of the app as long as you have the PIN. That sucks.
You know you can use ?Pay without using Touch ID, right? The PIN/passcode is still an option for users. Touch ID is just for convenience, which is why the PIN/passcode 1) has to be setup before you setup Touch ID, 2) is required when you fail to authenticate to many times with Touch ID, 3) wait more than 48 hours between Touch ID uses, 4) is required after restarting an iDevice, and 5) how you authenticate ?Watch after you place it on your wrist.
You know you can use ?Pay without using Touch ID, right? The PIN/passcode is still an option for users. Touch ID is just for convenience, which is why the PIN/passcode 1) has to be setup before you setup Touch ID, 2) is required when you fail to authenticate to many times with Touch ID, 3) wait more than 48 hours between Touch ID uses, 4) is required after restarting an iDevice, and 5) how you authenticate ?Watch after you place it on your wrist.
For the bulk of people using Apple Pay, Touch ID will be the primary authentication. Pin/passcode will be the primary authentication for the bulk of Android users for at least the near future, and probably even through 2016.
Not much question that convenience heavily favors the bulk of iPhone 6 users over Android users.
Will Touch ID reduce fraud? Maybe it will and we will have a better idea once some data comes in.
Will Touch ID reduce fraud? Maybe it will and we will have a better idea once some data comes in.
Yes, but probably not in the way many think it will. Because there is Touch ID that can't be bypassed without also using a PIN/passcode, those that were already using a PIN/passcode aren't likely to insure much of any increased security.
Touch ID is so well done that it is creating a huge number of users that were too inconvenienced to ever use a PIN to now set one up so they can use Touch ID, and there are few people like that used a PIN in the past that have now moved to a passcode with Touch ID because the need to input the complex password is rare enough that it's not the inconvenience it was before Touch ID. I'd say that there could also be a small benefit of people not being able to see you input your PIN as often so it would be less opportunity for people to sneak a peak at those values.
Problem with that whole picture there is that Softcard and Google are the token vendors and keep your credit card data.
All this handwringing about Google seeing your credit card info seems misplaced from a security perspective. Whenever you buy something from iTunes or Google Play with a credit card, you are already entrusting Apple or Google with storing your credit card info securely on their servers.
All this handwringing about Google seeing your credit card info seems misplaced from a security perspective. Whenever you buy something from iTunes or Google Play with a credit card, you are already entrusting Apple or Google with storing your credit card info securely on their servers.
1) When you buy something from them you obviously need to go through them, but when you're buying something from a separate vendor having your personal data go through their servers is just an extra break in the security.
2) I would like to see ?Pay expanded to allow for banks to offer a per website, company, or SSL certification token number for various online retailers, so if your stored card number does get compromised it can't be used elsewhere and is easily erased without having to issue a new physical card.
Pull has nothing to do with it. It's all in the hardware control which Apple has, and Google does not.
So, how do you think Apple achieved its hardware 'control,' especially since no hardware maker before or since appears to have done so to the same degree?
[VIDEO][/VIDEO]
So, how do you think Apple achieved its hardware 'control,' especially since no hardware maker before or since appears to have done so to the same degree?
Ummm because they make the hardware, and the other OEMs don't make software, but you know this.
Ummm because they make the hardware, and the other OEMs don't make software, but you know this.
Your post is nonsensical. According to you, Apple has power over the telcos because they're a hardware maker, but really because they're a hardware maker that's also a software maker?
'Ummm' is right.
Btw, hasn't Google been trying to be a hardware maker? Nexus? Glass? GoogleTV? Chrome? Nest? Motorola? Maybe cars? Just to name a few? How come that didn't pan out vis-a-vis power over the telcos?
Comments
>>> Softcard works via NFC technology, but does not sport the same tokenized backend infrastructure of Apple Pay.
>>This is incorrect. They both tokenize in essentially the same manner.
According to this article you're incorrect, can you cite evidence for your claim?
https://blogs.oracle.com/retail/entry/is_apple_pay_revolutionary
Wow, what an eloquent rebuttal. Your "No" sure refuted my fistful of links proving my point.
Other than integrating with the fingerprint reader, that's what Apple has brought to the NFC payment business. And like I said, it's not an insubstantial contribution at all, because it's expanded the market substantially for NFC payments.
Old enough to know how to use language as a precision instrument instead of getting scared because I read some letters a particular order that my mommy told me were [I]cursed[/I].
[QUOTE]Wow, what an eloquent rebuttal. Your "No" sure refuted my fistful of links proving my point.[/QUOTE]
I already countered those "points" before you made them, you just choose to refuse to accept the truth about the end-to-end solution Apple brought to mobile payments.
No, it doesn't.
It makes you sound like a child.
EDIT: Here are a couple of pertinent links from several years ago.
http://blog.elementps.com/element_payment_solutions/2009/11/tokenization.html
https://www.javelinstrategy.com/uploads/files/1003.R_EndtoEndEncryptionTokenizationEMVSampleReport.pdf
https://www.pcisecuritystandards.org/documents/Tokenization_Guidelines_Info_Supplement.pdf
Google search will bring number of references. One of the less technical is Consumer Reports which has accurate information: http://www.consumerreports.org/cro/news/2014/09/virtual-wallet-review-apple-pay-google-wallet-softcard-and-loop-wallet/index.htm:
"Bigger differences showed up in security. Softcard uses 10 of 13 security measures we examined—more than its rivals–giving it the best score. For example, though all of the mobile wallets use encrypted storage for sensitive data and require a PIN to unlock the wallet, Google and Loop let you turn off the wallet-lock timer. That makes it easier to pay at the check-out, but it also leaves the wallet open to unauthorized charges if you lose it or leave it unattended. On the other hand, Google and Softcard let you remotely disable the wallet if it's lost or stolen.
Apple Pay offers improved security, particularly with its Touch ID fingerprint authentication, that can take the place of a PIN to unlock the phone and wallet. That's important, because users soon tire of having to constantly punch in a PIN and surrender to the temptation to disable the auto locks altogether. The convenience of Touch ID should boost security, even though it can be disabled for the phone and Apple Pay.
Apple Pay also provides great security by generating a unique code or "token" for each transaction, which can't be re-used, and by storing "device account numbers" on the phone's encrypted chip, in place of your actual payment card account numbers. Even if a hacker gets those numbers, they can't be used outside of Apple Pay.
But Google Wallet and Softcard also use dynamic transaction tokens, and Google generates and stores "virtual card" substitutes for your real payment card numbers. So Apple Pay tokenization is not the innovation it's been tricked out to be. LoopPay says it will have tokenization in 2015.
All four wallets also check to make sure that the card properly belongs to the owner of the phone and virtual wallet, to prevent crooks from adding your card to their wallet."
Problem with that whole picture there is that Softcard and Google are the token vendors and keep your credit card data. With Apple Pay the bank that issues your card keeps the card numbers and authenticates the tokens thru the device ID of the secure element. In fact once you have fingerprinted for an Apple Pay purchase the transaction is completely between your bank and the vendor. BIG DIFFERENCE. I would not trust google or soft card with my credit card numbers in any way shape or form.
Apple didn't do any integrating because Apple's servers aren't involved in the banks authenticating your account, giving you the new number to stored locally, or involved in the payment via merchants.
http://www.creditcards.com/credit-card-news/credit-card-purchase-privacy-1282.php
Ultimately I expect all mobile payments to be pretty much exactly like ?Pay, insofar as the per device credentials are setup, saved and sent by each bank to the device. Meaning, there is no carrier or 3rd-party banks involved with the setup.
Perhaps Apple has an exclusivity right now, but if I were running Apple I wouldn't have requested such a thing because this sort of security is simply too beneficial to keep out of the hands of everyone. On the one hand that would hurt Apple's bottom line if it's not exclusive, but on the other it would help get more NFC-enabled devices at retailers which will help make ?Pay even more money for Apple. On top of that, banks can't end the fraud claims if people still carry a wallet with cards with them because NFC-based payments still aren't common enough, so the faster this end-to-end setup becomes the ubiquitous the better the results are banks, Apple and consumers.
Until others have biometric ID like Touch ID, putting Apple Pay in these is just asking for trouble. Imagine Apple Pay in an Android device authenticated by 4-digit PIN? Yeah, PIN at POS is easily intercepted by bystanders. BTW, I read an article about Google Wallet can be used out side of the app as long as you have the PIN. That sucks.
That doen't mean your purchase history is not being data mined and/or monetized. You may be expecting more privacy from using ApplePay or any other electronic payment method than it actually provides. Do you completely trust the banks and CC companies to not share what they know about you?
http://www.creditcards.com/credit-card-news/credit-card-purchase-privacy-1282.php
Does it mean anything with Apple Pay? Absolutely no. At least, I don't let more vendors/companies keep my financial info beside the banks. Home Depot and Target hacks remind you anything? If Apple Pay was used at these places, you wouldn't be worried if their POS got hacked.
You know you can use ?Pay without using Touch ID, right? The PIN/passcode is still an option for users. Touch ID is just for convenience, which is why the PIN/passcode 1) has to be setup before you setup Touch ID, 2) is required when you fail to authenticate to many times with Touch ID, 3) wait more than 48 hours between Touch ID uses, 4) is required after restarting an iDevice, and 5) how you authenticate ?Watch after you place it on your wrist.
You know you can use ?Pay without using Touch ID, right? The PIN/passcode is still an option for users. Touch ID is just for convenience, which is why the PIN/passcode 1) has to be setup before you setup Touch ID, 2) is required when you fail to authenticate to many times with Touch ID, 3) wait more than 48 hours between Touch ID uses, 4) is required after restarting an iDevice, and 5) how you authenticate ?Watch after you place it on your wrist.
For the bulk of people using Apple Pay, Touch ID will be the primary authentication. Pin/passcode will be the primary authentication for the bulk of Android users for at least the near future, and probably even through 2016.
Not much question that convenience heavily favors the bulk of iPhone 6 users over Android users.
Will Touch ID reduce fraud? Maybe it will and we will have a better idea once some data comes in.
Yes, but probably not in the way many think it will. Because there is Touch ID that can't be bypassed without also using a PIN/passcode, those that were already using a PIN/passcode aren't likely to insure much of any increased security.
Touch ID is so well done that it is creating a huge number of users that were too inconvenienced to ever use a PIN to now set one up so they can use Touch ID, and there are few people like that used a PIN in the past that have now moved to a passcode with Touch ID because the need to input the complex password is rare enough that it's not the inconvenience it was before Touch ID. I'd say that there could also be a small benefit of people not being able to see you input your PIN as often so it would be less opportunity for people to sneak a peak at those values.
Problem with that whole picture there is that Softcard and Google are the token vendors and keep your credit card data.
All this handwringing about Google seeing your credit card info seems misplaced from a security perspective. Whenever you buy something from iTunes or Google Play with a credit card, you are already entrusting Apple or Google with storing your credit card info securely on their servers.
1) When you buy something from them you obviously need to go through them, but when you're buying something from a separate vendor having your personal data go through their servers is just an extra break in the security.
2) I would like to see ?Pay expanded to allow for banks to offer a per website, company, or SSL certification token number for various online retailers, so if your stored card number does get compromised it can't be used elsewhere and is easily erased without having to issue a new physical card.
Google can't control the hardware other OEMs make, so what could they have 'figured' out?
Pull has nothing to do with it. It's all in the hardware control which Apple has, and Google does not.
So, how do you think Apple achieved its hardware 'control,' especially since no hardware maker before or since appears to have done so to the same degree?
Ummm because they make the hardware, and the other OEMs don't make software, but you know this.
Your post is nonsensical. According to you, Apple has power over the telcos because they're a hardware maker, but really because they're a hardware maker that's also a software maker?
'Ummm' is right.
Btw, hasn't Google been trying to be a hardware maker? Nexus? Glass? GoogleTV? Chrome? Nest? Motorola? Maybe cars? Just to name a few? How come that didn't pan out vis-a-vis power over the telcos?