With Apple Pay, rather than receiving a card number, CVV, expiration date, and billing address from the customer, the merchant receives only a device-specific token and a dynamic, one-time-use security code. The token is translated into a credit card number only when it reaches the payment network, meaning that only the consumer's bank and the payment network have information about both the person and the transaction.
Apple has gone to great lengths to tout Apple Pay's security and privacy bona fides, both on the Apple Pay marketing site and in the company's knowledge base. As they say:
Apple Pay was designed so that when you pay in stores Apple doesn't collect any transaction information that can be tied back to you.
This focus on privacy differentiates Apple Pay not only from the current physical credit card system, but also from competing mobile payment platforms.
Quote:
Originally Posted by bradipao
Where is located the database that maps tokens to credit card numbers? Phone or apple servers?
Your answer was in the article as highlighted above.
An overlooked benefit to the retailer is that if their system is hacked, the hackers only have access to meaningless data that can't be reused or associated with an individual. There is no value in the data once the transaction is completed.
An overlooked benefit to the retailer is that if their system is hacked, the hackers only have access to meaningless data that can't be reused or associated with an individual. There is no value in the data once the transaction is completed.
Correct. Retailer failure to implement adequate security measures virtually ensues success for Apple Pay.
Apple is big, but not big enough to force the big banks and CC companies to adopt their system.
.
According to the DoJ, it is big enough to force the publishers to raise prices. Can't wait until Amazon gets in on the NFC and then get the DOJ to investigate Apple.
An overlooked benefit to the retailer is that if their system is hacked, the hackers only have access to meaningless data that can't be reused or associated with an individual. There is no value in the data once the transaction is completed.
This cannot be stated enough.
You can't be phished for your Apple Pay credentials through any online scam. Nor can you lose your credentials if someone is "monitoring" the networks and trying to intercept your transaction (whether it's at the NFC terminal itself or through the connection from the POS terminal to the bank). Even the more sophisticated hackers who "modify" POS terminals (as has happened here in Vancouver) can't get any useful data.
According to the DoJ, it is big enough to force the publishers to raise prices. Can't wait until Amazon gets in on the NFC and then get the DOJ to investigate Apple.
Why is terrorist in quotes?
While here in the US most would consider them terrorists they may not be looked at that way everywhere.
EDIT: There's no doubt in my mind that they should be classified as terrorists. Thanks TS.
Surprising this fact isn't getting more coverage. By having a biometric with a secure storage, Apple has eliminated one of the weakest links in the chain - the users themselves. Whether it is by choosing a simple PIN/password, or falling for phishing scams, the user is the easiest to compromise (see: celebrity pic scandal). With TouchID & secure element storage, a user simply can't make those mistakes. Should be a huge leap forward on improved security in payments (brick & mortar, and on-line).
Tying that biometric & secure storage into the payment solution requires control of the HW, software, and services. I believe only one company can do that right now.
This is actually my greatest area of concern. In access control, there are two major types of authentication errors associated with biometric devices: the False Reject Rate (FRR, Type I) and False Accept Rate (FAR, Type II). Obviously the FAR is much more of a concern since we're allowing someone in that doesn't belong.
If it's easy to fool the biometric sensor on the iPhone 6 [Plus], then that's the greatest weakness of this entire system. (I'm not saying it is easy to fool, I'm just saying it's potentially the biggest problem.) I haven't seen much information about iPhone 6 [Plus] and its biometric accuracy yet -- but it definitely would be interesting to look into.
Either way this system is still far more secure, by design, than magstripe cards.
Remember, Apple is not rolling out ApplePay so I doubt if Apple will do anything beyond providing the capability and some marketing. It is the credit cards or large merchants that will do the rollout. I hope Apple is working on international rollout such as Europe where NFC has more widely rolled out.
Beheading hostages due to politics is not an act or terrorism?
Threatening death to those that disagree with them is not an act of terrorism?
Note that our questions are not directed at you, Gatorguy, but at anyone who would not condemn IS in that regard. Makes you wonder about their intentions.
Absolutely. Apple has been deliberately hyping banks, retailers and apps as a thank you for participating, and as a reason for others to get on board - for the coverage. Not only that, but Apple will most definitely be either upgrading the initial participating retailers POS terminals free of charge, or be subsidising the cost to push the adoption as fast as possible.
I'm still upset the new iPads don't accept ?Pay-ments. Talk about a lost opportunity.
Canada and Europe have chip+pin, and we also have NFC already. So if the NFC terminals need to be updated to support Apple Pay, there might be some balking at having to cycle the hardware out yet again, but we've had chip+pin terminals long before chip+pin was rolled out. In fact (in Canada) we had CIBC/Amex try to roll out a chip card more than a decade before EMV chip+pin actually got forced on everyone.
The thing is, chip+pin and NFC payments as they are currently in Canada and Europe, don't work like US payment systems work. Even Canadian banks that own American Banks (BMO, TD) aren't rolling out Apple Pay at their Canadian banks. The systems are all internally different. In a sense, when you use BMO in Canada with your US debit card, it's being treated as a cash advance on a credit card, and you can't actually access the US bank account to withdraw "US cash"
So this is why there will obviously be problems with Apple Pay being rolled out in Canada and Europe, because we have different debit card systems, and the banks have their own proprietary solutions they would rather you use.
In a technical sense Apple Pay is more secure than chip+pin, as it uses a biometric "PIN", and Apple never stores the card number in the device (like Google does.)
It will be interesting to see what happens, I know in Canada they tend to fight against anything that appears to be US centric, They fought again DirecTV unless they include Canada specific programming, hell they did not like that Canada's living close to the US boarder could pick up US TV stations.
The issue at hand is the fact that Visa, Master Card and Amex are all used world wide and many times a US card hold gets their CC # stolen when they travel outside the US more time than with in the US. I remember a time when I use to have to call my CC company and tell them I plan to travel outside the US just so they did not shut my card off when an international charge showed up.
Yeah Canadian banks may not jump on, but if they issue a Visa or Master Card they maybe force to comply to their wishes if they do not want to deal with the fraud. This is not going to be an over night thing, This is just the first step in what is to come in the next 5 yrs. Also this is not going to be a 100% coverage things since there will still be a large majority of people who are not iphone users.
This is actually my greatest area of concern. In access control, there are two major types of authentication errors associated with biometric devices: the False Reject Rate (FRR, Type I) and False Accept Rate (FAR, Type II). Obviously the FAR is much more of a concern since we're allowing someone in that doesn't belong.
If it's easy to fool the biometric sensor on the iPhone 6 [Plus], then that's the greatest weakness of this entire system. (I'm not saying it is easy to fool, I'm just saying it's potentially the biggest problem.) I haven't seen much information about iPhone 6 [Plus] and its biometric accuracy yet -- but it definitely would be interesting to look into.
Either way this system is still far more secure, by design, than magstripe cards.
TouchID has been around for a little over a year now. In the beginning, there was a group that claimed they could beat it using sophisticated and expensive equipment, but they never released solid proof that they succeeded. Otherwise, there has been no hint that it can be defeated, and I doubt that was for a lack of trying.
In any case, they would need to have physical access to your phone as well as a copy of your fingerprint to duplicate before they could make any purchases. By the time they managed to get it all together, a smart person would have already de-authorized the phone through iCloud.
Any way you look at it, this is much better than credit cards where they only need to have your card, and they can do whatever the hell they want.
Comments
...
How Apple Pay is different
...With Apple Pay, rather than receiving a card number, CVV, expiration date, and billing address from the customer, the merchant receives only a device-specific token and a dynamic, one-time-use security code. The token is translated into a credit card number only when it reaches the payment network, meaning that only the consumer's bank and the payment network have information about both the person and the transaction.
Apple has gone to great lengths to tout Apple Pay's security and privacy bona fides, both on the Apple Pay marketing site and in the company's knowledge base. As they say:
This focus on privacy differentiates Apple Pay not only from the current physical credit card system, but also from competing mobile payment platforms.
Where is located the database that maps tokens to credit card numbers? Phone or apple servers?
Your answer was in the article as highlighted above.
No it was the association some people made with the "terrorist" group ISIS.
An overlooked benefit to the retailer is that if their system is hacked, the hackers only have access to meaningless data that can't be reused or associated with an individual. There is no value in the data once the transaction is completed.
Correct. Retailer failure to implement adequate security measures virtually ensues success for Apple Pay.
According to the DoJ, it is big enough to force the publishers to raise prices. Can't wait until Amazon gets in on the NFC and then get the DOJ to investigate Apple.
Why is terrorist in quotes?
Amazing what happens when you actually step back and think through the entire process. Looking forward to using this.
An overlooked benefit to the retailer is that if their system is hacked, the hackers only have access to meaningless data that can't be reused or associated with an individual. There is no value in the data once the transaction is completed.
This cannot be stated enough.
You can't be phished for your Apple Pay credentials through any online scam. Nor can you lose your credentials if someone is "monitoring" the networks and trying to intercept your transaction (whether it's at the NFC terminal itself or through the connection from the POS terminal to the bank). Even the more sophisticated hackers who "modify" POS terminals (as has happened here in Vancouver) can't get any useful data.
While here in the US most would consider them terrorists they may not be looked at that way everywhere.
EDIT: There's no doubt in my mind that they should be classified as terrorists. Thanks TS.
I don't see how the mass slaughter of innocents because they don't agree with you ? terrorist.
Surprising this fact isn't getting more coverage. By having a biometric with a secure storage, Apple has eliminated one of the weakest links in the chain - the users themselves. Whether it is by choosing a simple PIN/password, or falling for phishing scams, the user is the easiest to compromise (see: celebrity pic scandal). With TouchID & secure element storage, a user simply can't make those mistakes. Should be a huge leap forward on improved security in payments (brick & mortar, and on-line).
Tying that biometric & secure storage into the payment solution requires control of the HW, software, and services. I believe only one company can do that right now.
This is actually my greatest area of concern. In access control, there are two major types of authentication errors associated with biometric devices: the False Reject Rate (FRR, Type I) and False Accept Rate (FAR, Type II). Obviously the FAR is much more of a concern since we're allowing someone in that doesn't belong.
If it's easy to fool the biometric sensor on the iPhone 6 [Plus], then that's the greatest weakness of this entire system. (I'm not saying it is easy to fool, I'm just saying it's potentially the biggest problem.) I haven't seen much information about iPhone 6 [Plus] and its biometric accuracy yet -- but it definitely would be interesting to look into.
Either way this system is still far more secure, by design, than magstripe cards.
Beheading hostages due to politics is not an act or terrorism?
Threatening death to those that disagree with them is not an act of terrorism?
...what?
Threatening death to those that disagree with them is not an act of terrorism?
Note that our questions are not directed at you, Gatorguy, but at anyone who would not condemn IS in that regard. Makes you wonder about their intentions.
I'm still upset the new iPads don't accept ?Pay-ments. Talk about a lost opportunity.
You can make payments online with Apple Pay and the new iPads. There's no NFC chip, so no, you cannot hold your iPad up to a terminal at retail.
... pending banks getting on board.
Canada and Europe have chip+pin, and we also have NFC already. So if the NFC terminals need to be updated to support Apple Pay, there might be some balking at having to cycle the hardware out yet again, but we've had chip+pin terminals long before chip+pin was rolled out. In fact (in Canada) we had CIBC/Amex try to roll out a chip card more than a decade before EMV chip+pin actually got forced on everyone.
The thing is, chip+pin and NFC payments as they are currently in Canada and Europe, don't work like US payment systems work. Even Canadian banks that own American Banks (BMO, TD) aren't rolling out Apple Pay at their Canadian banks. The systems are all internally different. In a sense, when you use BMO in Canada with your US debit card, it's being treated as a cash advance on a credit card, and you can't actually access the US bank account to withdraw "US cash"
So this is why there will obviously be problems with Apple Pay being rolled out in Canada and Europe, because we have different debit card systems, and the banks have their own proprietary solutions they would rather you use.
http://www.iphoneincanada.ca/news/td-bank-cio-apple-pay/
In a technical sense Apple Pay is more secure than chip+pin, as it uses a biometric "PIN", and Apple never stores the card number in the device (like Google does.)
It will be interesting to see what happens, I know in Canada they tend to fight against anything that appears to be US centric, They fought again DirecTV unless they include Canada specific programming, hell they did not like that Canada's living close to the US boarder could pick up US TV stations.
The issue at hand is the fact that Visa, Master Card and Amex are all used world wide and many times a US card hold gets their CC # stolen when they travel outside the US more time than with in the US. I remember a time when I use to have to call my CC company and tell them I plan to travel outside the US just so they did not shut my card off when an international charge showed up.
Yeah Canadian banks may not jump on, but if they issue a Visa or Master Card they maybe force to comply to their wishes if they do not want to deal with the fraud. This is not going to be an over night thing, This is just the first step in what is to come in the next 5 yrs. Also this is not going to be a 100% coverage things since there will still be a large majority of people who are not iphone users.
This is actually my greatest area of concern. In access control, there are two major types of authentication errors associated with biometric devices: the False Reject Rate (FRR, Type I) and False Accept Rate (FAR, Type II). Obviously the FAR is much more of a concern since we're allowing someone in that doesn't belong.
If it's easy to fool the biometric sensor on the iPhone 6 [Plus], then that's the greatest weakness of this entire system. (I'm not saying it is easy to fool, I'm just saying it's potentially the biggest problem.) I haven't seen much information about iPhone 6 [Plus] and its biometric accuracy yet -- but it definitely would be interesting to look into.
Either way this system is still far more secure, by design, than magstripe cards.
TouchID has been around for a little over a year now. In the beginning, there was a group that claimed they could beat it using sophisticated and expensive equipment, but they never released solid proof that they succeeded. Otherwise, there has been no hint that it can be defeated, and I doubt that was for a lack of trying.
In any case, they would need to have physical access to your phone as well as a copy of your fingerprint to duplicate before they could make any purchases. By the time they managed to get it all together, a smart person would have already de-authorized the phone through iCloud.
Any way you look at it, this is much better than credit cards where they only need to have your card, and they can do whatever the hell they want.
lol