My card is registered to my home, but I make online purchases at work all the time, in fact most of the time. Many people commute 20-50km each way so what would the range be?
Probably he meant "phone's location", not "phone's home location"
Well in that case, if a thief gets your phone and knows the (hopefully complex) passcode (very bad opsec if that happens, of course) then at a minimum he can register a new fingerprint and use ApplePay via TouchID.
If a thief gets your phone and your passcode, it's game over. Apple Pay is going to be the least of your worries since credit cards can be canceled and have fraud protection. Your main concern should be the thief's unfettered access to your emails and other personal files.
Well in that case, if a thief gets your phone and knows the (hopefully complex) passcode (very bad opsec if that happens, of course) then at a minimum he can register a new fingerprint and use ApplePay via TouchID.
If a thief gets your phone and your passcode, it's game over. Apple Pay is going to be the least of your worries since credit cards can be canceled and have fraud protection. Your main concern should be the thief's unfettered access to your emails and other personal files.
I don't disagree that those other issues are serious, but this discussion was about what it would take to get past the Apple Pay security measures. And it is only game over if you don't realize what has happened and wipe the device remotely.
It sounds like there are plenty of cases but I'm sure that the banks are not publicizing those cases.
So was the Antennegate, Bendgate, and Whatevergate. If any of these where true, then Apple would have a thousands, if not millions of iPhones returned. Do you think people would continue to use iPhones if they can't receive network signals? After millions claims on the Internet about iPhone bending, it appears that less than 10 people (Apple says 9) actually reported to Apple about the problem. Would you keep using your iPhone and not returned it if it bend like that.
I have developed a rule. Anybody with Mathematics or Physics or any science background will understand -
"The sales volume of iPhone is directly proportionate to the loudness of bullshit complaints on the Internet"
Bottom line, when the matter involves Apple, there is a tendency of overblown. I will not be surprised if the actual case is in single digit.
It sounds like there are plenty of cases but I'm sure that the banks are not publicizing those cases.
So was the Antennegate, Bendgate, and Whatevergate. If any of these where true, then Apple would have a thousands, if not millions of iPhones returned. Do you think people would continue to use iPhones if they can't receive network signals? After millions claims on the Internet about iPhone bending, it appears that less than 10 people (Apple says 9) actually reported to Apple about the problem. Would you keep using your iPhone and not returned it if it bend like that.
I have developed a rule. Anybody with Mathematics or Physics or any science background will understand -
"The sales volume of iPhone is directly proportionate to the loudness of bullshit complaints on the Internet"
Bottom line, when the matter involves Apple, there is a tendency of overblown. I will not be surprised if the actual case is in single digit.
I think you may have misunderstood the issue. It has nothing to do with iPhone problems - it is an problem of vulnerabilities in bank activation methods. Why would anyone return an iPhone because of that?
This is interesting this is happening, and I wonder how big of an issue it is or was it more in lines that someone attempted this and it did not go too far.
Visa just announced a service they will be offering people a higher level of security who do not have ApplePay. You load an app, register you phone with visa they link you card to your phone in their system and any time you make a transaction at a physical location, they verify the cell phone is in the same location if not they will deny the transaction since they are assuming the phone and card should be in close proximity of one another. Also if you do an online order it has be done within in a certain range of the phone's home location.
When I register my cards I got an email from my banks asking me to verify that I added the card to apple paid. I guess these other banks are not doing that you could anyone's card to your phone if they are not verifying it.
This actually doesn't work in practice.
I'll give you an actual example. BMO mastercard offers a separate Paywave-only ... sticker. That you put on your non-NFC cell phone to get the same benefit of waving your phone over paypass terminals instead of the card, letting you leave the card at home. Now consider for a minute that you have your credit card numbers saved (eg Paypal, Steam, Nintendo, Apple, etc) and that service is compromised, leading to the theft of those numbers. Physical locations aren't the usual targets of credit card fraud, online services are. Once EMV is rolled out, the credit card thieves will go to online theft/phishing again.
There might be some safety if a Visa/MC app on the device acted as a geofence for the card's physical use. Like you can specify in advance either specific locations you shop at, or locations within a half a mile of your home and work, and then when you go on vacation you tell the app to "follow me" and only allow purchases made near you, and disable all one-time internet purchases while outside the home/work fence.
One of the largest online fraud markets are MMO "RMT" services. This is where credit cards are stolen, cash-shop items (typically gachapon or transferable monthly service (EVE's PLEX for example) are purchased and then sold to players in the game at a discount for the game gold which is then laundered over to other accounts and cashed back out by selling the gold to the very same players. There are no legitimate RMT services. This just one of a few types of online money-laundering problems that exist as a result of MMO companies offering free-trials or free-to-play games. Since there are many free-to-play games on the iTunes app store, the same problem exists there as well. Which comes back to the original topic.
If the CC companies really want to crack down on fraud, they need to step up and start telling online services:
a) they must get the geographic location with every one-time purchase, and every purchase even if the card number/billing info is stored.
b) require payments to be made from cellular-connected mobile devices that have biometric authentication (eg Apple Pay) using apps with location-services required to be turned on
or alternatively to b, require location services to be available on the machine AND have a NFC reader on the machine for the card to physically be read.
I'm sure we're not that far away from having NFC as standard on all devices.
Apple has posted a FAQ page for merchants who are interested in offering Apple Pay. It explains which transactions are handled as "card present" and which are not, whether customers will have to sign a receipt and what liability merchants have. Lots of other things covered as well. A good primer for retailers.
Comments
Funny how one little comment paints an instant picture, and, as a Guardian reader myself, you don't look so good.
My card is registered to my home, but I make online purchases at work all the time, in fact most of the time. Many people commute 20-50km each way so what would the range be?
Probably he meant "phone's location", not "phone's home location"
Well in that case, if a thief gets your phone and knows the (hopefully complex) passcode (very bad opsec if that happens, of course) then at a minimum he can register a new fingerprint and use ApplePay via TouchID.
If a thief gets your phone and your passcode, it's game over. Apple Pay is going to be the least of your worries since credit cards can be canceled and have fraud protection. Your main concern should be the thief's unfettered access to your emails and other personal files.
Well in that case, if a thief gets your phone and knows the (hopefully complex) passcode (very bad opsec if that happens, of course) then at a minimum he can register a new fingerprint and use ApplePay via TouchID.
If a thief gets your phone and your passcode, it's game over. Apple Pay is going to be the least of your worries since credit cards can be canceled and have fraud protection. Your main concern should be the thief's unfettered access to your emails and other personal files.
I don't disagree that those other issues are serious, but this discussion was about what it would take to get past the Apple Pay security measures. And it is only game over if you don't realize what has happened and wipe the device remotely.
It sounds like there are plenty of cases but I'm sure that the banks are not publicizing those cases.
So was the Antennegate, Bendgate, and Whatevergate. If any of these where true, then Apple would have a thousands, if not millions of iPhones returned. Do you think people would continue to use iPhones if they can't receive network signals? After millions claims on the Internet about iPhone bending, it appears that less than 10 people (Apple says 9) actually reported to Apple about the problem. Would you keep using your iPhone and not returned it if it bend like that.
I have developed a rule. Anybody with Mathematics or Physics or any science background will understand -
"The sales volume of iPhone is directly proportionate to the loudness of bullshit complaints on the Internet"
Bottom line, when the matter involves Apple, there is a tendency of overblown. I will not be surprised if the actual case is in single digit.
It sounds like there are plenty of cases but I'm sure that the banks are not publicizing those cases.
So was the Antennegate, Bendgate, and Whatevergate. If any of these where true, then Apple would have a thousands, if not millions of iPhones returned. Do you think people would continue to use iPhones if they can't receive network signals? After millions claims on the Internet about iPhone bending, it appears that less than 10 people (Apple says 9) actually reported to Apple about the problem. Would you keep using your iPhone and not returned it if it bend like that.
I have developed a rule. Anybody with Mathematics or Physics or any science background will understand -
"The sales volume of iPhone is directly proportionate to the loudness of bullshit complaints on the Internet"
Bottom line, when the matter involves Apple, there is a tendency of overblown. I will not be surprised if the actual case is in single digit.
I think you may have misunderstood the issue. It has nothing to do with iPhone problems - it is an problem of vulnerabilities in bank activation methods. Why would anyone return an iPhone because of that?
This actually doesn't work in practice.
I'll give you an actual example. BMO mastercard offers a separate Paywave-only ... sticker. That you put on your non-NFC cell phone to get the same benefit of waving your phone over paypass terminals instead of the card, letting you leave the card at home. Now consider for a minute that you have your credit card numbers saved (eg Paypal, Steam, Nintendo, Apple, etc) and that service is compromised, leading to the theft of those numbers. Physical locations aren't the usual targets of credit card fraud, online services are. Once EMV is rolled out, the credit card thieves will go to online theft/phishing again.
There might be some safety if a Visa/MC app on the device acted as a geofence for the card's physical use. Like you can specify in advance either specific locations you shop at, or locations within a half a mile of your home and work, and then when you go on vacation you tell the app to "follow me" and only allow purchases made near you, and disable all one-time internet purchases while outside the home/work fence.
One of the largest online fraud markets are MMO "RMT" services. This is where credit cards are stolen, cash-shop items (typically gachapon or transferable monthly service (EVE's PLEX for example) are purchased and then sold to players in the game at a discount for the game gold which is then laundered over to other accounts and cashed back out by selling the gold to the very same players. There are no legitimate RMT services. This just one of a few types of online money-laundering problems that exist as a result of MMO companies offering free-trials or free-to-play games. Since there are many free-to-play games on the iTunes app store, the same problem exists there as well. Which comes back to the original topic.
If the CC companies really want to crack down on fraud, they need to step up and start telling online services:
a) they must get the geographic location with every one-time purchase, and every purchase even if the card number/billing info is stored.
b) require payments to be made from cellular-connected mobile devices that have biometric authentication (eg Apple Pay) using apps with location-services required to be turned on
or alternatively to b, require location services to be available on the machine AND have a NFC reader on the machine for the card to physically be read.
I'm sure we're not that far away from having NFC as standard on all devices.
https://support.apple.com/en-us/HT204274