As far as I can see the fraud doesn't affect people who us Apple Pay, it affects people who have had their credit card info stolen by another route. A thief can use stolen cards (or card info) for Apple Pay transactions. Since Apple Pay reduces opportunity for credit card theft, it continues to be a solution, not a problem.
Apparently you were too optimistic, they didn't even wait for the messenger before they started shooting.
Nothing like Apple fans with an Apple victim-complex.
The article makes it clear this has nothing to do with Apple, but you come in here to pretend that it does, and attack anyone who is sane enough to understand that it doesn't.
What do you expect Apple to do, vet every single bank's authentication practises, and be involved in every single application? Maybe Apple should have it's own employees embedded in the offices of every single company/bank/organization it deals with, to make sure everything is perfect? Maybe look at the facts instead of your usual knee-jerk "this is apple's fault and apple fans can't handle it" dishonest bullshit, and place blame where blame is due. Base your posts on facts, instead of attacking those who do.
My card is registered to my home, but I make online purchases at work all the time, in fact most of the time. Many people commute 20-50km each way so what would the range be?
I don't even live in the same country my card is registered to (it's registered to the same bank my family has used for several decades).
That kind of "protection" would automatically mean ApplePay is a dead end for me.
So do they have examples of people that were actually targeted? One would assume if this was the case we would be hearing a lot more about it? Local news would be all over a story like this.
"Thus far, that amount is thought to have risen into the millions of U.S. dollars, and banks are working on fixes."
There are over 60m iPhone 6s out there so $1000 fraud from over 1000 people would be in the millions and only be a small percentage of the users.
The good thing is that the more people use Apple Pay and avoid using their cards, the less chance the card details will be stolen. Reports should really be making that clearer that it's not use of Apple Pay that's the weakness here, it's use of the cards.
Most banks have online banking services. Perhaps they can make users setup Apple Pay through their online banking services, which would be possible directly from their mobile phone and then heavily scrutinize people who request to use cards to set it up.
They would obviously want a fast rollout so wouldn't want any slowdown in the setup process but at the same time nobody should be led to thinking that there's a security weakpoint because people don't listen to the accurate details just like with iCloud getting 'hacked'. Nobody wants to hear that iCloud logins were taken from other sources because it makes blaming someone too complicated.
This case is a little easier because nobody likes or trusts banks any more but headlines shouldn't be saying things like 'Apple Pay identity fraud' because it wasn't an Apple Pay identity, it was a bank card identity and the same fraud could have taken place using the card data directly.
I think the banks and Apple probably wanted to make the Yellow path less stringent in order to minimize any bad publicity from customers finding it difficult to get started. That was in the beginning. Now that Apple Pay has received high marks and general public acceptance, they need to get rid of the Yellow path.
They could easily require you to be at the address registered to the credit card or using a phone number that was associated with the account. Something like that shouldn't be too inconveniencing to customers.
You've got it the wrong way round.
Apple need to get rid of the green path; that is the one that leads to fraud.
Most banks have online banking services. Perhaps they can make users setup Apple Pay through their online banking services, which would be possible directly from their mobile phone and then heavily scrutinize people who request to use cards to set it up.
Tying something specific to your phone to your account manually would be an inconvenient step, but would be well worth it. It's too bad Apple's system isn't design to see if the device is already setup with an iCloud account so that there could be silent two-step verification without the user even realizing it.
The article makes it clear this has nothing to do with Apple, but you come in here to pretend that it does, and attack anyone who is sane enough to understand that it doesn't.
I did no such thing. Pay more attention please.
Quote:
Originally Posted by Slurpy
What do you expect Apple to do, vet every single bank's authentication practises, and be involved in every single application? Maybe Apple should have it's own employees embedded in the offices of every single company/bank/organization it deals with, to make sure everything is perfect? Maybe look at the facts instead of your usual knee-jerk "this is apple's fault and apple fans can't handle it" dishonest bullshit, and place blame where blame is due. Base your posts on facts, instead of attacking those who do.
?I could say the same, since you're attacking me something I have not said and don't believe.
To answer your first point, maybe Apple should have done that. Why not? Let's talk about that instead of frothing at the mouth. ?Pay is clearly a big deal, both for Apple and it's customers, so why weren't they hands on with the bank-side implementation (assuming they weren't)? Apple reviews every app and update that they sell in their store, why couldn't they contribute to an audit of the financial institutions they were acting as a software middleman for? Ultimately their reputation is also on the line, so it would seem to make some sense.
I don't know why they didn't do this, maybe the banks wouldn't have let them even if they wanted to, but it's a reasonable question. Well done for asking it, even if your tone was hostile.
There is something that worries me about Apple Pay.
If someone sees you enter your Apple ID password when you're writing a review on the App Store, for instance, and then steal your Apple Pay-enabled iPhone, they could then go on a spending spree. Why? Because, when you use Apple Pay, if you get your fingerprint wrong three times, it defaults to password. Your iPhone then becomes a point of great insecurity, more so than if you didn't have Apple Pay set up.
I haven't used Apple Pay, so correct me if I'm wrong. Maybe if your fingerprint is rejected, you simply can't pay for stuff, but my understanding is that you can use the password as a backup.
There is something that worries me about Apple Pay.
If someone sees you enter your Apple ID password when you're writing a review on the App Store, for instance, and then steal your Apple Pay-enabled iPhone, they could then go on a spending spree. Why? Because, when you use Apple Pay, if you get your fingerprint wrong three times, it defaults to password. Your iPhone then becomes a point of great insecurity, more so than if you didn't have Apple Pay set up.
I haven't used Apple Pay, so correct me if I'm wrong. Maybe if your fingerprint is rejected, you simply can't pay for stuff, but my understanding is that you can use the password as a backup.
Your AppleID password is not the same as your phone unlock password is it?
There is something that worries me about Apple Pay.
If someone sees you enter your Apple ID password when you're writing a review on the App Store, for instance, and then steal your Apple Pay-enabled iPhone, they could then go on a spending spree. Why? Because, when you use Apple Pay, if you get your fingerprint wrong three times, it defaults to password. Your iPhone then becomes a point of great insecurity, more so than if you didn't have Apple Pay set up.
I haven't used Apple Pay, so correct me if I'm wrong. Maybe if your fingerprint is rejected, you simply can't pay for stuff, but my understanding is that you can use the password as a backup.
Your AppleID password is not the same as your phone unlock password is it?
I thought you didn't need to unlock your iPhone to use Apple Pay. So if you have the Apple ID, you have Apple Pay, no?
There is something that worries me about Apple Pay.
If someone sees you enter your Apple ID password when you're writing a review on the App Store, for instance, and then steal your Apple Pay-enabled iPhone, they could then go on a spending spree. Why? Because, when you use Apple Pay, if you get your fingerprint wrong three times, it defaults to password. Your iPhone then becomes a point of great insecurity, more so than if you didn't have Apple Pay set up.
I haven't used Apple Pay, so correct me if I'm wrong. Maybe if your fingerprint is rejected, you simply can't pay for stuff, but my understanding is that you can use the password as a backup.
Your AppleID password is not the same as your phone unlock password is it?
I thought you didn't need to unlock your iPhone to use Apple Pay. So if you have the Apple ID, you have Apple Pay, no?
If you use TouchID then you don't, but if you are going to enter an AppleID, how would you do that without first unlocking the device?
Comments
That's not correct either. Credit cards are always going to be susceptible to fraud.
Apparently you were too optimistic, they didn't even wait for the messenger before they started shooting.
Nothing like Apple fans with an Apple victim-complex.
The article makes it clear this has nothing to do with Apple, but you come in here to pretend that it does, and attack anyone who is sane enough to understand that it doesn't.
What do you expect Apple to do, vet every single bank's authentication practises, and be involved in every single application? Maybe Apple should have it's own employees embedded in the offices of every single company/bank/organization it deals with, to make sure everything is perfect? Maybe look at the facts instead of your usual knee-jerk "this is apple's fault and apple fans can't handle it" dishonest bullshit, and place blame where blame is due. Base your posts on facts, instead of attacking those who do.
My card is registered to my home, but I make online purchases at work all the time, in fact most of the time. Many people commute 20-50km each way so what would the range be?
I don't even live in the same country my card is registered to (it's registered to the same bank my family has used for several decades).
That kind of "protection" would automatically mean ApplePay is a dead end for me.
"Thus far, that amount is thought to have risen into the millions of U.S. dollars, and banks are working on fixes."
There are over 60m iPhone 6s out there so $1000 fraud from over 1000 people would be in the millions and only be a small percentage of the users.
The good thing is that the more people use Apple Pay and avoid using their cards, the less chance the card details will be stolen. Reports should really be making that clearer that it's not use of Apple Pay that's the weakness here, it's use of the cards.
Most banks have online banking services. Perhaps they can make users setup Apple Pay through their online banking services, which would be possible directly from their mobile phone and then heavily scrutinize people who request to use cards to set it up.
They would obviously want a fast rollout so wouldn't want any slowdown in the setup process but at the same time nobody should be led to thinking that there's a security weakpoint because people don't listen to the accurate details just like with iCloud getting 'hacked'. Nobody wants to hear that iCloud logins were taken from other sources because it makes blaming someone too complicated.
This case is a little easier because nobody likes or trusts banks any more but headlines shouldn't be saying things like 'Apple Pay identity fraud' because it wasn't an Apple Pay identity, it was a bank card identity and the same fraud could have taken place using the card data directly.
I think the banks and Apple probably wanted to make the Yellow path less stringent in order to minimize any bad publicity from customers finding it difficult to get started. That was in the beginning. Now that Apple Pay has received high marks and general public acceptance, they need to get rid of the Yellow path.
They could easily require you to be at the address registered to the credit card or using a phone number that was associated with the account. Something like that shouldn't be too inconveniencing to customers.
You've got it the wrong way round.
Apple need to get rid of the green path; that is the one that leads to fraud.
Bottom line; Why would anybody cite anything from The Guardian (or any UK rag)?
The Guardian is hardly a rag, it's actually a very reputable newspaper.
Reputable if you're a fan of loony left writing, yes.
Tying something specific to your phone to your account manually would be an inconvenient step, but would be well worth it. It's too bad Apple's system isn't design to see if the device is already setup with an iCloud account so that there could be silent two-step verification without the user even realizing it.
The article makes it clear this has nothing to do with Apple, but you come in here to pretend that it does, and attack anyone who is sane enough to understand that it doesn't.
I did no such thing. Pay more attention please.
What do you expect Apple to do, vet every single bank's authentication practises, and be involved in every single application? Maybe Apple should have it's own employees embedded in the offices of every single company/bank/organization it deals with, to make sure everything is perfect? Maybe look at the facts instead of your usual knee-jerk "this is apple's fault and apple fans can't handle it" dishonest bullshit, and place blame where blame is due. Base your posts on facts, instead of attacking those who do.
?I could say the same, since you're attacking me something I have not said and don't believe.
To answer your first point, maybe Apple should have done that. Why not? Let's talk about that instead of frothing at the mouth. ?Pay is clearly a big deal, both for Apple and it's customers, so why weren't they hands on with the bank-side implementation (assuming they weren't)? Apple reviews every app and update that they sell in their store, why couldn't they contribute to an audit of the financial institutions they were acting as a software middleman for? Ultimately their reputation is also on the line, so it would seem to make some sense.
I don't know why they didn't do this, maybe the banks wouldn't have let them even if they wanted to, but it's a reasonable question. Well done for asking it, even if your tone was hostile.
There is something that worries me about Apple Pay.
If someone sees you enter your Apple ID password when you're writing a review on the App Store, for instance, and then steal your Apple Pay-enabled iPhone, they could then go on a spending spree. Why? Because, when you use Apple Pay, if you get your fingerprint wrong three times, it defaults to password. Your iPhone then becomes a point of great insecurity, more so than if you didn't have Apple Pay set up.
I haven't used Apple Pay, so correct me if I'm wrong. Maybe if your fingerprint is rejected, you simply can't pay for stuff, but my understanding is that you can use the password as a backup.
There is something that worries me about Apple Pay.
If someone sees you enter your Apple ID password when you're writing a review on the App Store, for instance, and then steal your Apple Pay-enabled iPhone, they could then go on a spending spree. Why? Because, when you use Apple Pay, if you get your fingerprint wrong three times, it defaults to password. Your iPhone then becomes a point of great insecurity, more so than if you didn't have Apple Pay set up.
I haven't used Apple Pay, so correct me if I'm wrong. Maybe if your fingerprint is rejected, you simply can't pay for stuff, but my understanding is that you can use the password as a backup.
Your AppleID password is not the same as your phone unlock password is it?
You are another fine example of American exceptionalism as well as no child left behind.
Reputable if you're a fan of loony left writing, yes.
You are another fine example of American exceptionalism as well as no child left behind.
Except he's British. Misguided, but British.
There is something that worries me about Apple Pay.
If someone sees you enter your Apple ID password when you're writing a review on the App Store, for instance, and then steal your Apple Pay-enabled iPhone, they could then go on a spending spree. Why? Because, when you use Apple Pay, if you get your fingerprint wrong three times, it defaults to password. Your iPhone then becomes a point of great insecurity, more so than if you didn't have Apple Pay set up.
I haven't used Apple Pay, so correct me if I'm wrong. Maybe if your fingerprint is rejected, you simply can't pay for stuff, but my understanding is that you can use the password as a backup.
Your AppleID password is not the same as your phone unlock password is it?
I thought you didn't need to unlock your iPhone to use Apple Pay. So if you have the Apple ID, you have Apple Pay, no?
Reputable if you're a fan of loony left writing, yes.
You are another fine example of American exceptionalism as well as no child left behind.
Except he's British. Misguided, but British.
English, not British. The jury's out on misguided.
There is something that worries me about Apple Pay.
If someone sees you enter your Apple ID password when you're writing a review on the App Store, for instance, and then steal your Apple Pay-enabled iPhone, they could then go on a spending spree. Why? Because, when you use Apple Pay, if you get your fingerprint wrong three times, it defaults to password. Your iPhone then becomes a point of great insecurity, more so than if you didn't have Apple Pay set up.
I haven't used Apple Pay, so correct me if I'm wrong. Maybe if your fingerprint is rejected, you simply can't pay for stuff, but my understanding is that you can use the password as a backup.
Your AppleID password is not the same as your phone unlock password is it?
I thought you didn't need to unlock your iPhone to use Apple Pay. So if you have the Apple ID, you have Apple Pay, no?
If you use TouchID then you don't, but if you are going to enter an AppleID, how would you do that without first unlocking the device?
Reputable if you're a fan of loony left writing, yes.
You are another fine example of American exceptionalism as well as no child left behind.
Except he's British. Misguided, but British.
English, not British. The jury's out on misguided.
The former is a subset of the latter, so you are British.
Come on! He can't seriously be asking if the unlock code to your phone is the same as your Apple ID.
WTF?! Now he saying he's from England but not Great Britain. Why even respond to that nonsense?
If you use TouchID then you don't, but if you are going to enter an AppleID, how would you do that without first unlocking the device?
Come on! He can't seriously be asking if the unlock code to your phone is the same as your Apple ID.
It seems unlikely, but that appeared to be the implication. I may have misunderstood his point though.