This sounds like a similar situation that went on in Australia when certain banks filed a lawsuit demanding NFC access. They lost and eventually allowed ApplePay.
This all comes down to who has control of the end-user's information. The banks want to use their own banking apps for NFC so they could harvest all our personal information and transaction history, sell it to the highest advertising bidder, and figure out ways to extract more from us.
ApplePay on the other hand is secure, and I can trust Apple in making sure that the security between phone and receiver is hardened. Sure, Apple gets a cut of transaction fees from the bank, but what the banks aren't advertising the the amount of money saved due to not having issues with fraudulent transactions.
2019 figures say that the banking industry lost $27.85B dollars worldwide due to credit card fraud. I would think ApplePay has saved quite for banks.
I have zero faith in banks to keep my info private and secure. I as a consumer am happy that Apple keeps NFC locked out. It's their hardware/software package, their widget. Screw the banks. They either offer their services via ApplePay, or they don't get my business.
Can you clarify that?
I think at the very least you will find the EU has more and better protections in place as a result of adhering to newer EU regulations.
For example, in Spain, AFAIK it has been impossible to make a signature based card authentication for years. Even though EMV allows for it.
From January next year I believe for any online payment (card based or not) you will have to confirm the payment through your bank's app on your phone.
It is extremely rare for your card to leave your possession for any purchase whatsoever. Even in restaurants, the card reader will probably be brought to your table.
Current NFC, secure enclave and banking apps on Android are plenty secure.
My wife is very riled that I can use my bank's BBVA Pay on my phone but that she can't. It's worse that her options are limited to Apple Pay which she refuses to use because Apple is obliging her to use its Pay service.
Choice should be open to everyone and if it is restricted for day to day actions, users should be duly informed prior to purchase.
Like "Healthy", "Secure" is always a relative term.
"Healthy" compared to what? An Orio?
"Secure" as opposed to what? An unlocked door?
Even locking the door doesn't offer perfect security -- because there is no such thing -- criminals are ALWAYS looking for ways to unlock it.
But, if you are concerned about security, you get as close as you can to that "perfect" -- within the limitations of expense and inconvenience.
(But I agree that Europe has been far ahead of most countries in card technology and associated security.)
In this case the relativity of security is defined by a long list of international certifications.
See my post above. For example here is some info on CC EAL
On top of that and things like network slicing on 5G will add another layer of security to moves already under way to protect payment transactions. For example psd2. Here is my bank's explanation on that:
For everyday users I do get the impression that the US is in the stone age of banking but it could be just that, an impression.
I get notified on my phone of every single transaction that goes through my bank in real time. More than 10 years ago my mother got a call from her bank (Royal Bank of Scotland) asking her if a transaction that went through in New York was really hers. It wasn't. The bank dealt with everything from that moment on. As AI becomes more powerful we will see prevention of these types of cases getting better and better.
I am so, so, so excited about some government trying to micromanage Apple's services to the point where Apple just gives up and says, "Fine, we won't sell iPhones or internet services to anyone in your country. Buh-bye." Let's see how that helps consumers in the Netherlands "increase their freedom of choice." Doesn't the Dutch government understand that the iPhone itself IS a choice? The only way that the Netherlands could mandate this is if they made the iPhone the only legal smart phone that anyone in the Netherlands could ever use. In that case I would back them up. Android has a 57% share of smartphones in the Netherlands and iOS has 42%, and they want to boot iOS out of their country? How does that increase choice? That will hand a 99% marketshare to Android. Where's the choice then?
First of all: the Dutch government is not taking a stance against Apple, neither are they trying to remove Apple from the Dutch market or trying to limit user’s choice to Android only; they’re investigating if limiting the NFC chip from others using it, is illegal (hurting consumers or abusing market power).
I’m sure they’ll find out it is in the best interest of users (like in Australia), and after this probe it will be clearer what Apple’s motivation is. For Apple it’s actually more effective this way, than having to spend millions on advertising to prove the same (with less credibility).
So you're saying it's a bunch of bureaucrats sitting around getting paid making work for themselves and others (including Apple), wasting everyone's time and your taxpayer euros.
This sounds like a similar situation that went on in Australia when certain banks filed a lawsuit demanding NFC access. They lost and eventually allowed ApplePay.
This all comes down to who has control of the end-user's information. The banks want to use their own banking apps for NFC so they could harvest all our personal information and transaction history, sell it to the highest advertising bidder, and figure out ways to extract more from us.
ApplePay on the other hand is secure, and I can trust Apple in making sure that the security between phone and receiver is hardened. Sure, Apple gets a cut of transaction fees from the bank, but what the banks aren't advertising the the amount of money saved due to not having issues with fraudulent transactions.
2019 figures say that the banking industry lost $27.85B dollars worldwide due to credit card fraud. I would think ApplePay has saved quite for banks.
I have zero faith in banks to keep my info private and secure. I as a consumer am happy that Apple keeps NFC locked out. It's their hardware/software package, their widget. Screw the banks. They either offer their services via ApplePay, or they don't get my business.
Until last year I was working as a fraud consultant for a bank who supported Apple Pay. You may be surprised but 35% of all credit transfer fraud came from Apple Pay transfers. Users of Apple Pay are so convinced that Apple Pay is 100% secure, that they are becoming negligent to e.g. phishing attacks or CEO fraud. Just a reminder, the big chunk of fraud is human error related.
Apple Pay is based on the chip card EMV standard. It shares the same security level as a chip card based transaction. In the Netherlands almost 100% of the credit card transactions are chip cards based, so Apple Pay does not offer an advantage in terms of security to a normal credit card payment. In your country the situation might be different. This could be the reason you have zero faith in banks.
If I have to choose between Apple and my bank in terms of faith, I have a personal relationship with my bank manager and I can call him any time for a face to face meeting. I have no direct access to an Apple representative, so the choice is quickly made. This does not mean I can fully trust my bank (I am not that stupid).
Banks want to offer additional secure services on top of a plain credit transfer. That is why the banks are requesting access to the NFC chip. As long as Apple is not granting access to the NFC chip, the iOS user cannot use these additional services in a optimal way. At the bank I worked for, the Android version of the banking app is much more advanced than the iOS version and the only reason is that Apple does not allow the bank to use the NFC chip
This sounds like a similar situation that went on in Australia when certain banks filed a lawsuit demanding NFC access. They lost and eventually allowed ApplePay.
This all comes down to who has control of the end-user's information. The banks want to use their own banking apps for NFC so they could harvest all our personal information and transaction history, sell it to the highest advertising bidder, and figure out ways to extract more from us.
ApplePay on the other hand is secure, and I can trust Apple in making sure that the security between phone and receiver is hardened. Sure, Apple gets a cut of transaction fees from the bank, but what the banks aren't advertising the the amount of money saved due to not having issues with fraudulent transactions.
2019 figures say that the banking industry lost $27.85B dollars worldwide due to credit card fraud. I would think ApplePay has saved quite for banks.
I have zero faith in banks to keep my info private and secure. I as a consumer am happy that Apple keeps NFC locked out. It's their hardware/software package, their widget. Screw the banks. They either offer their services via ApplePay, or they don't get my business.
Can you clarify that?
I think at the very least you will find the EU has more and better protections in place as a result of adhering to newer EU regulations.
For example, in Spain, AFAIK it has been impossible to make a signature based card authentication for years. Even though EMV allows for it.
From January next year I believe for any online payment (card based or not) you will have to confirm the payment through your bank's app on your phone.
It is extremely rare for your card to leave your possession for any purchase whatsoever. Even in restaurants, the card reader will probably be brought to your table.
Current NFC, secure enclave and banking apps on Android are plenty secure.
My wife is very riled that I can use my bank's BBVA Pay on my phone but that she can't. It's worse that her options are limited to Apple Pay which she refuses to use because Apple is obliging her to use its Pay service.
Choice should be open to everyone and if it is restricted for day to day actions, users should be duly informed prior to purchase.
Like "Healthy", "Secure" is always a relative term.
"Healthy" compared to what? An Orio?
"Secure" as opposed to what? An unlocked door?
Even locking the door doesn't offer perfect security -- because there is no such thing -- criminals are ALWAYS looking for ways to unlock it.
But, if you are concerned about security, you get as close as you can to that "perfect" -- within the limitations of expense and inconvenience.
(But I agree that Europe has been far ahead of most countries in card technology and associated security.)
In this case the relativity of security is defined by a long list of international certifications.
See my post above. For example here is some info on CC EAL
On top of that and things like network slicing on 5G will add another layer of security to moves already under way to protect payment transactions. For example psd2. Here is my bank's explanation on that:
For everyday users I do get the impression that the US is in the stone age of banking but it could be just that, an impression.
I get notified on my phone of every single transaction that goes through my bank in real time. More than 10 years ago my mother got a call from her bank (Royal Bank of Scotland) asking her if a transaction that went through in New York was really hers. It wasn't. The bank dealt with everything from that moment on. As AI becomes more powerful we will see prevention of these types of cases getting better and better.
I'll take your word on European security -- we know they've leaped frogged ahead of the U.S.
But, for the transaction notifications, I get the same here in the U.S -- I just had to take a couple minutes to set it up with my bank. But I am perplexed why it is so rare here -- except that consumers are not educated on it -- and, for some reason, banks do not encourage it. You would think they would since, at least for credit cards, they are the one's liable for any fraud.
In fact, that's how I caught 2 instances of fraud against my card: I saw a notification for a transaction I had not made. And, without the notification, I likely would have not even realized it: The last, for instance, was a gas station charge for $25 -- which, even if I looked at my end of the month statement I probably would have paid assuming that I forgot to record it in Quicken.
But, in the years that I've been using ApplePay primarily, I have not had a single instance of fraud (knock on wood!)
Until last year I was working as a fraud consultant for a bank who supported Apple Pay. You may be surprised but 35% of all credit transfer fraud came from Apple Pay transfers.
Link/cite? Which bank? Where? What exactly do you mean by "credit transfer fraud"? How common is it?
This sounds like a similar situation that went on in Australia when certain banks filed a lawsuit demanding NFC access. They lost and eventually allowed ApplePay.
This all comes down to who has control of the end-user's information. The banks want to use their own banking apps for NFC so they could harvest all our personal information and transaction history, sell it to the highest advertising bidder, and figure out ways to extract more from us.
ApplePay on the other hand is secure, and I can trust Apple in making sure that the security between phone and receiver is hardened. Sure, Apple gets a cut of transaction fees from the bank, but what the banks aren't advertising the the amount of money saved due to not having issues with fraudulent transactions.
2019 figures say that the banking industry lost $27.85B dollars worldwide due to credit card fraud. I would think ApplePay has saved quite for banks.
I have zero faith in banks to keep my info private and secure. I as a consumer am happy that Apple keeps NFC locked out. It's their hardware/software package, their widget. Screw the banks. They either offer their services via ApplePay, or they don't get my business.
Until last year I was working as a fraud consultant for a bank who supported Apple Pay. You may be surprised but 35% of all credit transfer fraud came from Apple Pay transfers. Users of Apple Pay are so convinced that Apple Pay is 100% secure, that they are becoming negligent to e.g. phishing attacks or CEO fraud. Just a reminder, the big chunk of fraud is human error related.
Apple Pay is based on the chip card EMV standard. It shares the same security level as a chip card based transaction. In the Netherlands almost 100% of the credit card transactions are chip cards based, so Apple Pay does not offer an advantage in terms of security to a normal credit card payment. In your country the situation might be different. This could be the reason you have zero faith in banks.
If I have to choose between Apple and my bank in terms of faith, I have a personal relationship with my bank manager and I can call him any time for a face to face meeting. I have no direct access to an Apple representative, so the choice is quickly made. This does not mean I can fully trust my bank (I am not that stupid).
Banks want to offer additional secure services on top of a plain credit transfer. That is why the banks are requesting access to the NFC chip. As long as Apple is not granting access to the NFC chip, the iOS user cannot use these additional services in a optimal way. At the bank I worked for, the Android version of the banking app is much more advanced than the iOS version and the only reason is that Apple does not allow the bank to use the NFC chip
It sounds like you're talking about a person being conned into something. And, no, not even ApplePay can make a dumb person smart.
As for ApplePay, I am happy that:
#1 It is secure
#2 It does not provide my personal information to the vendor
#3 Nobody touches my card
#4 It is far quicker and more convenient than fishing a card from my wallet. I just hold my wrist to the terminal and, in 1 or 2 seconds I hear "Ding!" and the transaction is done.
If a bank app can add anything of value to that, I would be surprised.
Meanwhile I get the speed, convenience and safety of ApplePay combined with all of the resources of my bank.
The article is from 2018, a tad dated on this topic.
Second, and more importantly, the article says that "Although it may appear that a higher numerical EAL rating would also mean better security, this isn’t necessarily the case. Rather it is a measure of the level of testing the product has been put through, based on the needs of the said product."
Sounds like she is cutting off her nose to spite her face? What reason(s) does your wife have to not use Pay?
It's a protest at the lack of choice. She would prefer to use BBVA Pay but that option is denied to her. Currently she uses her card.
Her next phone may be an Android. The XR has given her all manner of problems. The biggest of which is FaceID not adapting to her glasses. Followed by calls cutting off a few seconds into the call (recent development) Follwed by the phone switching off the speaker randomly for incoming calls. Etc.
She is a long time iPhone user.
The following banks in Spain support Pay (including BBVA)
Sounds like she is cutting off her nose to spite her face? What reason(s) does your wife have to not use Pay?
It's a protest at the lack of choice. She would prefer to use BBVA Pay but that option is denied to her. Currently she uses her card.
Her next phone may be an Android. The XR has given her all manner of problems. The biggest of which is FaceID not adapting to her glasses. Followed by calls cutting off a few seconds into the call (recent development) Follwed by the phone switching off the speaker randomly for incoming calls. Etc.
She is a long time iPhone user.
The following banks in Spain support Pay (including BBVA)
Abanca
Abanca Servicios Financieros
Advanzia Bank
American Express
Aplazame
Banca March
Banco Mediolanum
Banco Pichincha
Banco Sabadell
Bankia
Bankinter
Bankintercard
Bank of America
BBVA
BNC10
bunq
Caixa Pollença
CaixaBank
CaixaBank Consumer Finance
CaixaOntinyent
Caja de Ingeniero
Caja Rural (Visa debit and credit cards)
Cajasur
Cecabank
Cetelem
Correos
Curve
Deutsche Bank
Edenred (Ticket Restaurant cards)
EML Rewards
Euro6000
EVO Banco (Visa debit and credit cards)
FNAC
Fundsfy
Grupo Cajamar
Ibercaja
iCard
ING
Kutxabank
Laboral Kutxa
Liberbank
Monese
N26
Openbank
OrangeBank
PecunPay
Pibank
Pleo
Rebellion
Revolut
Santander
Santander Consumer Finance
Servicios Financieros Carrefour
Sodexo
Tendam (Santander Consumer Finance)
TransferWise
Twyp
Unicaja
Viva Wallet
Walletto
WiZink
Zen.com
Yes, BBVA supports Apple Pay.
Apple does not support BBVA Pay.
And there lies the problem for my wife. She wants choice. She wants to use our bank's Pay service.
I can choose on my Android phone. For example BBVA Pay or Google Pay.
Link/cite? Which bank? Where? What exactly do you mean by "credit transfer fraud"? How common is it?
I suspect they’re referring to p2p payments where it’s not the security of the system that’s questionable but the individuals at the end of the chain. If you’re at the end of a scam and the perpetrator asks for payment with Apple Pay or iTunes gift cards that’s classed as fraud but not an issue with the “payment” method.
So you're saying it's a bunch of bureaucrats sitting around getting paid making work for themselves and others (including Apple), wasting everyone's time and your taxpayer euros.
What a way to govern.
I assume then government officials in the US don’t receive a salary paid by the government?
So you're saying it's a bunch of bureaucrats sitting around getting paid making work for themselves and others (including Apple), wasting everyone's time and your taxpayer euros.
What a way to govern.
I assume then government officials in the US don’t receive a salary paid by the government?
(I realize you're being sarcastic).
Of course they do. And many of them - as well as the agencies/departments/commissions/secretariats/bureaus/etc to which they belong - are an utter waste of taxpayer dollars.
The difference is that European bureaucrats are generally far more meddlesome. And the citizenry is a bit more accepting than US citizens are of such officiousness and sloth.
Apple should make a "limited edition" iPhone [without] a nfc chip just for countries/governments that impose this.
Good idea, or it could be the exact same iPhone with the NFC chip disabled by software when the GPS detects that the iPhone is located in the Netherlands. Apple has already done this with things like the ECG feature in the Apple Watch. Unless you are from a certain country, you couldn't access the ECG feature. This was to satisfy regulators who hadn't approved the ECG feature for health purposes.
I’m pretty sure that’s not how it works, otherwise if you went on holiday to a country where it wasn’t enabled, you’d lose the functionality which would be as dumb as your comment.
My second statement implied that the Apple Watch was using GPS to block certain users to its ECG, which is not what I intended to say. Yet Apple indeed was blocking users who came from a certain country, and that was not done by GPS but by the nation of origin of the payment card for the user's linked iCloud account. So you are right, the implementation was different. I was just using GPS as an example of how to block users, in order to keep my post short and sweet, but I can see I would have been better off writing a longer, more accurate message.
I don't resort to name calling and I recommend that you don't either. It's quite a good feeling taking the high road.
Well that doesn't seem a reasonable way for it to work either. I have an iCloud account set to one region, with payment details for a different region. So I could get around this restriction by adding payment card from a different country? What about if I don't have payment details at all? I think the hint here would be from when you're setting up your device and it asks you which region you're in?
Where did I call people names? Seems you got called out for trying to imply something misleading, and had to change your argument. Where's the high ground in that? I'll take your suggestion under advisement.
This sounds like a similar situation that went on in Australia when certain banks filed a lawsuit demanding NFC access. They lost and eventually allowed ApplePay.
This all comes down to who has control of the end-user's information. The banks want to use their own banking apps for NFC so they could harvest all our personal information and transaction history, sell it to the highest advertising bidder, and figure out ways to extract more from us.
ApplePay on the other hand is secure, and I can trust Apple in making sure that the security between phone and receiver is hardened. Sure, Apple gets a cut of transaction fees from the bank, but what the banks aren't advertising the the amount of money saved due to not having issues with fraudulent transactions.
2019 figures say that the banking industry lost $27.85B dollars worldwide due to credit card fraud. I would think ApplePay has saved quite for banks.
I have zero faith in banks to keep my info private and secure. I as a consumer am happy that Apple keeps NFC locked out. It's their hardware/software package, their widget. Screw the banks. They either offer their services via ApplePay, or they don't get my business.
Secure? Funny. I guess you didn’t read the article with the WiFi exploit. Who knows what kind of security hole is being exploited this very moment by a bad actor on Apple itself or their devices. Get real.
Yes it was a flaw in some Apple devices. Guess you missed the part where it was patched before the news/articles came out?
This sounds like a similar situation that went on in Australia when certain banks filed a lawsuit demanding NFC access. They lost and eventually allowed ApplePay.
I have zero faith in banks to keep my info private and secure. I as a consumer am happy that Apple keeps NFC locked out. It's their hardware/software package, their widget. Screw the banks. They either offer their services via ApplePay, or they don't get my business.
No, that’s isn’t what the Australian banks lobbied for. They wanted permission to negotiate as a group. Nothing to do with access to NFC. They wanted to negotiate a bloc rate if they weren’t going to be given access as payments processors.
The mechanism behind Apple Pay isn’t an apple invention. It’s a system defined by EMV. Apple is simply a branded payment processor using that method. If you want evidence, Google Pay abs Samsung Pay et al use the same mechanisms. In Europe people were using contactless payments for a lot longer than the US. The high fraud rate in the US is because of the old technology being used there.
You say you don’t trust the banks? So I guess you keep all your money in a box and don’t use Apple Pay?
Yes, they wanted to negotiate as a group which is what they were talking to the ACCC about, but the purpose of doing so was definitely to gain access to the NFC so that they could bypass Apple with their own apps ( nice phone you built there, if you want your customers to use it for contactless payments they have to go through us, cappish? Otherwise it ain’t happening). Quite rightly the ACCC told them to bugger off. The banks just wanted to monetise the system even further by offering additional services at more money. Sick of them.
Sflocal’s point was while they trust Apple to not use their info for purposes other than the transaction, they do not trust the banks. I agree. Apple Oay itself is more secure for the transaction. I guess the risk is it is so good and seamless there is more risk beyond the transaction itself, eg dodgy players. But Apple Pay itself is more secure than a contactless card.
So you're saying it's a bunch of bureaucrats sitting around getting paid making work for themselves and others (including Apple), wasting everyone's time and your taxpayer euros.
What a way to govern.
I assume then government officials in the US don’t receive a salary paid by the government?
This is technocracy gone over the top though. At this late stage of the game, and how long Apple Pay has been operating in multiple countries around the world, one would be tempted to think there is another agenda
So you're saying it's a bunch of bureaucrats sitting around getting paid making work for themselves and others (including Apple), wasting everyone's time and your taxpayer euros.
What a way to govern.
I assume then government officials in the US don’t receive a salary paid by the government?
(I realize you're being sarcastic).
Of course they do. And many of them - as well as the agencies/departments/commissions/secretariats/bureaus/etc to which they belong - are an utter waste of taxpayer dollars.
The difference is that European bureaucrats are generally far more meddlesome. And the citizenry is a bit more accepting than US citizens are of such officiousness and sloth.
Yeh, we get it....
You're just an equal opporunity hater - you hate all government.
So you're saying it's a bunch of bureaucrats sitting around getting paid making work for themselves and others (including Apple), wasting everyone's time and your taxpayer euros.
What a way to govern.
I assume then government officials in the US don’t receive a salary paid by the government?
(I realize you're being sarcastic).
Of course they do. And many of them - as well as the agencies/departments/commissions/secretariats/bureaus/etc to which they belong - are an utter waste of taxpayer dollars.
The difference is that European bureaucrats are generally far more meddlesome. And the citizenry is a bit more accepting than US citizens are of such officiousness and sloth.
Yeh, we get it....
You're just an equal opporunity hater - you hate all government.
And there lies the problem for my wife. She wants choice. She wants to use our bank's Pay service.
Why can't (or won't) she just add her BBVA card to her Apple Wallet!? She will have all the benefits of both, no? What am I missing?
AFAIK, adding her card to Wallet would mean using Apple Pay. She wants to use BBVA Pay as I do. The only way that can happen is for Apple to make its NFC hardware available to the banks. That would allow her to choose from different services in the same way I can.
Comments
See my post above. For example here is some info on CC EAL
https://medium.com/ecomi/get-to-know-the-secure-wallet-cc-eal5-8d7a940adc38
On top of that and things like network slicing on 5G will add another layer of security to moves already under way to protect payment transactions. For example psd2. Here is my bank's explanation on that:
https://www.bbva.com/en/everything-need-know-psd2/
For everyday users I do get the impression that the US is in the stone age of banking but it could be just that, an impression.
I get notified on my phone of every single transaction that goes through my bank in real time. More than 10 years ago my mother got a call from her bank (Royal Bank of Scotland) asking her if a transaction that went through in New York was really hers. It wasn't. The bank dealt with everything from that moment on. As AI becomes more powerful we will see prevention of these types of cases getting better and better.
Second, and more importantly, the article says that "Although it may appear that a higher numerical EAL rating would also mean better security, this isn’t necessarily the case. Rather it is a measure of the level of testing the product has been put through, based on the needs of the said product."
The following banks in Spain support Pay (including BBVA)
Apple does not support BBVA Pay.
And there lies the problem for my wife. She wants choice. She wants to use our bank's Pay service.
I can choose on my Android phone. For example BBVA Pay or Google Pay.
She cannot choose on her iPhone.
Where did I call people names? Seems you got called out for trying to imply something misleading, and had to change your argument. Where's the high ground in that? I'll take your suggestion under advisement.