Finally, what is the consumer job to be done that says use a smartphone to buy stuff?
1. Don't need to carry credit card, probably not
2. More secure, maybe but the smart chip card is pretty great improvement and is happening now. And does anyone really believe computer based payments is more secure????
3. It's faster since you can buy stuff without a checkout counter and/or clerk. My experience with Apple app checkout in stores is positive, but this is the exception. Self service checkout in general sucks and is chosen for anonymity or desperation due to understaffed, read CHEAP, checkout staff.
You're actually wrong on all three counts.
Japan has been using contactless NFC payments on their cellphones since 2005, their "osaifu-keitai."
First of all, no one expects these devices to eliminate credit cards or cash as there are plenty of vendors who don't accept NFC payments.
What they do is reduce your wallet thickness by eliminating separate merchant cards like transit passes and loyalty clubs. The adoption in Japan was driven by deploying popular mass transit card systems on the cellphone payment system. Just swipe your phone over the fare gate reader and walk through. The combination of speed and convenience made it successful, not "increased security."
Good self-service checkout is something some retailers are still trying to figure out. However, things like POS terminals at gas station fuel pumps are well accepted now. Again, speed and convenience make this successful. It's not really any more secure than paying the attendant at the booth.
Japan has been doing this for almost a decade without major security issues. Contactless NFC payments are coming to the iPhone someday, it's a given. The timing of the release is a question, mostly due to payment system infrastructure, and the ability of Apple to partner with key merchants and transit agencies. It must be convenient to users several times a week, not once or twice a month.
That's axiomatically false, which you show in your quoted comment below.
So you need a special antenna mounted and directed at the exact spot where the NFC secure loop takes place. You don't see the difference between that and an omnidirectional signal that can be sent for dozen to thousands of feet from the source and be picked up people nowhere near where the transaction took place without any special equipment?
What you describe is EXACTLY whey NFC is inherently more secure. Your comments are like saying that a bank vault is less secure than putting your savings in a paper bag in the back of your mailbox because all a thief has to do is rob the bank to get your money.
No one has said that NFC is so secure that it can't hacked or that other security measures need to be in place, but a shorter range wireless signal, especially one that uses a secure loop, is inherently more secure than a longer range omnidirectional signal.
You missed my point completely. NFC claims that the distance provides the security. I'm saying that no signal transmitted wirelessly or wired is secure from being snooped. Saying NFC is secure because it works over a short distance is the same as saying a 100 metre cable is more secure than a 500 metre cable - both can be intercepted just as easily.
Credit card fraud has entered the high-tech age. It used to be that you had to worry about the guy at the gas station skimming your card. Now credit card fraud is done on a large scale by organized criminals who aren't interested in randomly picking up someone here and there - they steal data in bulk. You don't need a "special antenna". NFC components are dirt cheap and easy to obtain. And placing a receiver under a POS terminal is INFINITELY easier than actually modifying a POS terminal with new software to scan and collect cards (which is what organized crime is actually doing these days).
A short range signal makes NO DIFFERENCE to criminals who want to scan transactions. In fact, it would make it easier for them as they can place their receiver in the exact spot where people are scanning and ONLY pick up the actual transactions. Scanning WiFi, BT or your wired Internet connection means the criminals have to scan ALL the traffic/data on those systems and then try to decipher which portions of who know how many gigs of data are the transactions and which aren't. They don't need to do this with NFC - every single piece they pick up is directly related to financial transactions.
You missed my point completely. NFC claims that the distance provides the security. I'm saying that no signal transmitted wirelessly or wired is secure from being snooped. Saying NFC is secure because it works over a short distance is the same as saying a 100 metre cable is more secure than a 500 metre cable - both can be intercepted just as easily.
Credit card fraud has entered the high-tech age. It used to be that you had to worry about the guy at the gas station skimming your card. Now credit card fraud is done on a large scale by organized criminals who aren't interested in randomly picking up someone here and there - they steal data in bulk. You don't need a "special antenna". NFC components are dirt cheap and easy to obtain. And placing a receiver under a POS terminal is INFINITELY easier than actually modifying a POS terminal with new software to scan and collect cards (which is what organized crime is actually doing these days).
A short range signal makes NO DIFFERENCE to criminals who want to scan transactions. In fact, it would make it easier for them as they can place their receiver in the exact spot where people are scanning and ONLY pick up the actual transactions. Scanning WiFi, BT or your wired Internet connection means the criminals have to scan ALL the traffic/data on those systems and then try to decipher which portions of who know how many gigs of data are the transactions and which aren't. They don't need to do this with NFC - every single piece they pick up is directly related to financial transactions.
Then you've missed the point. No one has said that NFC was infallible but it's INARGUABLE that range has an effect on security. It's why cyber crimes are on the rise because one no longer has to phsycially break into your house to steal your identity or rob you in a dark alley to steal your money.
No, entering an establishment and placing an undetectable device on another device without being detected by cameras or staff or getting it detected later is far more difficult than being far outside a building in car or some place else with no cameras or people in view to steal BT or WiFI data over from dozens to thousands of feet away.
PS: If you don't think short range is inherently more secure than long range then tell me why you have given your CC with all its data to people working at a retail outlet but haven't posted your CC data on a site like AI. If you think the risk is identical then go ahead and post your CC hear. You won't because that would be risky, just like thinking WiFi is inherently as secure as NFC.
For several years now, NFC has been on the verge of breakthrough. It's not happening. It's getting old. Even when it was new it was nothing but some fragments of ancient RFID standards throw in together.
I know a bit about its innards, "bag of hurt" is apt.
For NFC to succeed banks will have to cooperate with other banks, and carriers with other carriers. This is not in their DNA.
NFC only has significant traction in Japan and and South Korea.
But how important is NFC to Koreans when the smartphone with the highest customer satisfaction rating does not have NFC?
How important is it to Japanese when the best selling smartphone is one without NFC?
NFC's security "benefit" from short range communication means finding a POS and queueing up to pay.
People who are comfortable with buying online are not going to put up with standing in line to pay when they don't have to.
With Bluetooth, paying will be at least as convenient and safe as online payment, except you'll have the merchandise in your hands.
In Apple stores today you can pick up a product, scan the bar-code and pay from the app, and leave.
With BLE you can skip scanning the bar-code.
Something else to ponder:
PayPal is going to do mobile payment without NFC.
Square is not using NFC, Square's CEO "Sees no value in NFC".
Groupon is going to make an iPad based POS, I bet they'll skip NFC too.
Don't forget the secure enclave on the A-series chip.
After thinking about it, I removed that part of my post. I was in fact referring to the Secure Enclave, but the problem there is it's not a place to store data for later use. What makes it secure is the fact that once data is encrypted and stored here, it NEVER leaves unencrypted. Touch ID encrypts your fingerprint data and sends it to the Secure Enclave. Here is where the data is decrypted and compared with previously stored fingerprint data. There's no way to get the key to decrypt the data stored here, so nothing has access to the original data, not even the A7.
Any information stored here is only good for authorization purposes - basically checking if two values match. Otherwise the data is completely useless to the outside world.
After thinking about it, I removed that part of my post. I was in fact referring to the Secure Enclave, but the problem there is it's not a place to store data for later use. What makes it secure is the fact that once data is encrypted and stored here, it NEVER leaves unencrypted. Touch ID encrypts your fingerprint data and sends it to the Secure Enclave. Here is where the data is decrypted and compared with previously stored fingerprint data. There's no way to get the key to decrypt the data stored here, so nothing has access to the original data, not even the A7.
Any information stored here is only good for authorization purposes - basically checking if two values match. Otherwise the data is completely useless to the outside world.
1) Sure, but that's all part of the inherent security measures that make Apple's solution better than the competition. Samsung literally puts a visual representation of your fingerprint on the screen when you use the Galaxy S5 fingerprint scanner!
2) I don't think its out of the question to think it's impossible to reverse engineer the data in the secure enclave. I'm not saying it's probably and it's certainly better than anything else we've seen but I wouldn't go so far as saying it's impossible.
How about the existing hundreds of millions of iPhone users? I don't think Apple will like to alienate these users or force them to upgrade the phone. Incorporating NFC Apple helps billions of Android users and hurt its own base.
How can Apple have moved on from something they've never included?
Apple tests many concepts in their labs, not all make it to the final product.
So yes, they can move on from a technology or concept, even if the general public is not aware of it. Apple makes very deliberate decisions in choosing what and what not to include in their products and services.
I'm not stating that this is the case here, just pointing out that Apple consciously excluded some features, like cellular data in notebooks.
How about the existing hundreds of millions of iPhone users? I don't think Apple will like to alienate these users or force them to upgrade the phone. Incorporating NFC Apple helps billions of Android users and hurt its own base.
Again, contactless NFC payment systems don't replace credit cards, cash, standalone loyalty cards, etc. They simply provide another level of convenience for those who choose to use the system, just like the addition of Touch ID to the iPhone 5s (or any of the other unique features that have debuted on a new handset).
If Apple releases an NFC iPhone tomorrow, it doesn't disable the functionality of your credit cards or the cash in your wallet.
Likewise, such a move would not add any functionality to competitors' handsets. If you are using NFC payments on your Android handset today, it's business as usual tomorrow.
Given that we can already use iPhones for mobile payments, does the NFC chip add enough convenience to justify the expense, etc? Can't Apple do well enough without it?
Probably depends on what dominates the retail space: if that's trending in the NFC direction adding NFC to iPhones would add utility.
1) Sure, but that's all part of the inherent security measures that make Apple's solution better than the competition. Samsung literally puts a visual representation of your fingerprint on the screen when you use the Galaxy S5 fingerprint scanner!
2) I don't think its out of the question to think it's impossible to reverse engineer the data in the secure enclave. I'm not saying it's probably and it's certainly better than anything else we've seen but I wouldn't go so far as saying it's impossible.
Nothing is 100% completely foolproof, but when the A7 is fab'ed, the Secure Enclave is given (hard-wired) a random unique number used to create security keys. No one knows what that number is (not even Apple) and it's impossible to get at it. There is a buffer zone between the A7 application processor and the Secure Enclave processor that limits interaction - there's is no direct access to the Secure Enclave.
Brute force decryption is the only way you'd ever be able to gain access to any data extracted from there... and that would have to be done for each and every individual A7 as the ID is completely random and unique. Furthermore, that key would probably only work on that single chunk of data.
NFC and a large screen are the only two things that can keep me in the iPhone ecosystem. Anyway, NFC is good in a phone, but it will be amazing in a watch. You will only have to swipe you watch and then press you fingerprint on the screen to confirm and that's it, you've paid! Practically you don't have to take out anything from your pocket, you always have your wallet in your hand. And even if someone steals your watch, they don't have your fingerprints. iWatch + NFC is the best way to go.
Apple tests many concepts in their labs, not all make it to the final product.
So yes, they can move on from a technology or concept, even if the general public is not aware of it. Apple makes very deliberate decisions in choosing what and what not to include in their products and services.
So you would say that Apple moved from including nuclear power or fairy dust in their products because there is no proof that they haven't tested it? That's just ridiculous! Based on the available information there is no proof that Apple had any working NFC prototypes on the ready so we can't say that they moved from it just as we can't say they moved on any other tech. We can speculate as to the likelihood of what techs they have probably tested but we can't be sure, just as we can't be sure they have moved on as opposed to still perfecting.
How about the existing hundreds of millions of iPhone users? I don't think Apple will like to alienate these users or force them to upgrade the phone. Incorporating NFC Apple helps billions of Android users and hurt its own base.
NFC or no NFC- I don't care. I just want a mobile payment system of some sort. Make passbook actually functional for 99% of the population. Hopeful this is the year.
Give me Passbook plus Bitcoin blockchain integration and we're good.
Comments
How does an iBeacon work with payments? iBeacons (not BT) seems inherently different than a payment system.
Finally, what is the consumer job to be done that says use a smartphone to buy stuff?
1. Don't need to carry credit card, probably not
2. More secure, maybe but the smart chip card is pretty great improvement and is happening now. And does anyone really believe computer based payments is more secure????
3. It's faster since you can buy stuff without a checkout counter and/or clerk. My experience with Apple app checkout in stores is positive, but this is the exception. Self service checkout in general sucks and is chosen for anonymity or desperation due to understaffed, read CHEAP, checkout staff.
You're actually wrong on all three counts.
Japan has been using contactless NFC payments on their cellphones since 2005, their "osaifu-keitai."
First of all, no one expects these devices to eliminate credit cards or cash as there are plenty of vendors who don't accept NFC payments.
What they do is reduce your wallet thickness by eliminating separate merchant cards like transit passes and loyalty clubs. The adoption in Japan was driven by deploying popular mass transit card systems on the cellphone payment system. Just swipe your phone over the fare gate reader and walk through. The combination of speed and convenience made it successful, not "increased security."
Good self-service checkout is something some retailers are still trying to figure out. However, things like POS terminals at gas station fuel pumps are well accepted now. Again, speed and convenience make this successful. It's not really any more secure than paying the attendant at the booth.
Japan has been doing this for almost a decade without major security issues. Contactless NFC payments are coming to the iPhone someday, it's a given. The timing of the release is a question, mostly due to payment system infrastructure, and the ability of Apple to partner with key merchants and transit agencies. It must be convenient to users several times a week, not once or twice a month.
That's axiomatically false, which you show in your quoted comment below.
So you need a special antenna mounted and directed at the exact spot where the NFC secure loop takes place. You don't see the difference between that and an omnidirectional signal that can be sent for dozen to thousands of feet from the source and be picked up people nowhere near where the transaction took place without any special equipment?
What you describe is EXACTLY whey NFC is inherently more secure. Your comments are like saying that a bank vault is less secure than putting your savings in a paper bag in the back of your mailbox because all a thief has to do is rob the bank to get your money.
No one has said that NFC is so secure that it can't hacked or that other security measures need to be in place, but a shorter range wireless signal, especially one that uses a secure loop, is inherently more secure than a longer range omnidirectional signal.
You missed my point completely. NFC claims that the distance provides the security. I'm saying that no signal transmitted wirelessly or wired is secure from being snooped. Saying NFC is secure because it works over a short distance is the same as saying a 100 metre cable is more secure than a 500 metre cable - both can be intercepted just as easily.
Credit card fraud has entered the high-tech age. It used to be that you had to worry about the guy at the gas station skimming your card. Now credit card fraud is done on a large scale by organized criminals who aren't interested in randomly picking up someone here and there - they steal data in bulk. You don't need a "special antenna". NFC components are dirt cheap and easy to obtain. And placing a receiver under a POS terminal is INFINITELY easier than actually modifying a POS terminal with new software to scan and collect cards (which is what organized crime is actually doing these days).
A short range signal makes NO DIFFERENCE to criminals who want to scan transactions. In fact, it would make it easier for them as they can place their receiver in the exact spot where people are scanning and ONLY pick up the actual transactions. Scanning WiFi, BT or your wired Internet connection means the criminals have to scan ALL the traffic/data on those systems and then try to decipher which portions of who know how many gigs of data are the transactions and which aren't. They don't need to do this with NFC - every single piece they pick up is directly related to financial transactions.
Then you've missed the point. No one has said that NFC was infallible but it's INARGUABLE that range has an effect on security. It's why cyber crimes are on the rise because one no longer has to phsycially break into your house to steal your identity or rob you in a dark alley to steal your money.
No, entering an establishment and placing an undetectable device on another device without being detected by cameras or staff or getting it detected later is far more difficult than being far outside a building in car or some place else with no cameras or people in view to steal BT or WiFI data over from dozens to thousands of feet away.
PS: If you don't think short range is inherently more secure than long range then tell me why you have given your CC with all its data to people working at a retail outlet but haven't posted your CC data on a site like AI. If you think the risk is identical then go ahead and post your CC hear. You won't because that would be risky, just like thinking WiFi is inherently as secure as NFC.
I'll believe it when I see it.
For several years now, NFC has been on the verge of breakthrough. It's not happening. It's getting old. Even when it was new it was nothing but some fragments of ancient RFID standards throw in together.
I know a bit about its innards, "bag of hurt" is apt.
For NFC to succeed banks will have to cooperate with other banks, and carriers with other carriers. This is not in their DNA.
NFC only has significant traction in Japan and and South Korea.
But how important is NFC to Koreans when the smartphone with the highest customer satisfaction rating does not have NFC?
How important is it to Japanese when the best selling smartphone is one without NFC?
NFC's security "benefit" from short range communication means finding a POS and queueing up to pay.
People who are comfortable with buying online are not going to put up with standing in line to pay when they don't have to.
With Bluetooth, paying will be at least as convenient and safe as online payment, except you'll have the merchandise in your hands.
In Apple stores today you can pick up a product, scan the bar-code and pay from the app, and leave.
With BLE you can skip scanning the bar-code.
Something else to ponder:
PayPal is going to do mobile payment without NFC.
Square is not using NFC, Square's CEO "Sees no value in NFC".
Groupon is going to make an iPad based POS, I bet they'll skip NFC too.
How can Apple have moved on from something they've never included?
Don't forget the secure enclave on the A-series chip.
After thinking about it, I removed that part of my post. I was in fact referring to the Secure Enclave, but the problem there is it's not a place to store data for later use. What makes it secure is the fact that once data is encrypted and stored here, it NEVER leaves unencrypted. Touch ID encrypts your fingerprint data and sends it to the Secure Enclave. Here is where the data is decrypted and compared with previously stored fingerprint data. There's no way to get the key to decrypt the data stored here, so nothing has access to the original data, not even the A7.
Any information stored here is only good for authorization purposes - basically checking if two values match. Otherwise the data is completely useless to the outside world.
1) Sure, but that's all part of the inherent security measures that make Apple's solution better than the competition. Samsung literally puts a visual representation of your fingerprint on the screen when you use the Galaxy S5 fingerprint scanner!
2) I don't think its out of the question to think it's impossible to reverse engineer the data in the secure enclave. I'm not saying it's probably and it's certainly better than anything else we've seen but I wouldn't go so far as saying it's impossible.
How about the existing hundreds of millions of iPhone users? I don't think Apple will like to alienate these users or force them to upgrade the phone. Incorporating NFC Apple helps billions of Android users and hurt its own base.
How can Apple have moved on from something they've never included?
Apple tests many concepts in their labs, not all make it to the final product.
So yes, they can move on from a technology or concept, even if the general public is not aware of it. Apple makes very deliberate decisions in choosing what and what not to include in their products and services.
I'm not stating that this is the case here, just pointing out that Apple consciously excluded some features, like cellular data in notebooks.
How about the existing hundreds of millions of iPhone users? I don't think Apple will like to alienate these users or force them to upgrade the phone. Incorporating NFC Apple helps billions of Android users and hurt its own base.
Again, contactless NFC payment systems don't replace credit cards, cash, standalone loyalty cards, etc. They simply provide another level of convenience for those who choose to use the system, just like the addition of Touch ID to the iPhone 5s (or any of the other unique features that have debuted on a new handset).
If Apple releases an NFC iPhone tomorrow, it doesn't disable the functionality of your credit cards or the cash in your wallet.
Likewise, such a move would not add any functionality to competitors' handsets. If you are using NFC payments on your Android handset today, it's business as usual tomorrow.
Given that we can already use iPhones for mobile payments, does the NFC chip add enough convenience to justify the expense, etc? Can't Apple do well enough without it?
Probably depends on what dominates the retail space: if that's trending in the NFC direction adding NFC to iPhones would add utility.
1) Sure, but that's all part of the inherent security measures that make Apple's solution better than the competition. Samsung literally puts a visual representation of your fingerprint on the screen when you use the Galaxy S5 fingerprint scanner!
2) I don't think its out of the question to think it's impossible to reverse engineer the data in the secure enclave. I'm not saying it's probably and it's certainly better than anything else we've seen but I wouldn't go so far as saying it's impossible.
Nothing is 100% completely foolproof, but when the A7 is fab'ed, the Secure Enclave is given (hard-wired) a random unique number used to create security keys. No one knows what that number is (not even Apple) and it's impossible to get at it. There is a buffer zone between the A7 application processor and the Secure Enclave processor that limits interaction - there's is no direct access to the Secure Enclave.
Brute force decryption is the only way you'd ever be able to gain access to any data extracted from there... and that would have to be done for each and every individual A7 as the ID is completely random and unique. Furthermore, that key would probably only work on that single chunk of data.
So you would say that Apple moved from including nuclear power or fairy dust in their products because there is no proof that they haven't tested it? That's just ridiculous! Based on the available information there is no proof that Apple had any working NFC prototypes on the ready so we can't say that they moved from it just as we can't say they moved on any other tech. We can speculate as to the likelihood of what techs they have probably tested but we can't be sure, just as we can't be sure they have moved on as opposed to still perfecting.
… What?!
Give me Passbook plus Bitcoin blockchain integration and we're good.