Apple Pay - Will you use it?

[iParanormalx]

I've read a lot of security blogs on how they've implemented the Apple Pay feature and how it may be the turning point for the plastic credit card.

AVG:
The New World of Mobile Digital Credit Cards, Security Risks, and You

Kaspersky:
Apple Pay payment system: is it secure? | Kaspersky Lab Official Blog

zdnet:
Apple Pay and security: Could tokenization be the tool that curbs data breaches? | ZDNet


Their security seems to make a bunch of sense and while i dont have my masters in information security i find it interesting that Paypal is coming back on the offensive recently. I just feel like Paypal may have been planning on driving into this market and Apple Pay beat them to the punch. Its really interesting seeing many of the security developers confirming that Apple Pay might be the "kickstarter to an industry struggling to reach critical mass" (the digitial payment industry i think they are referring to)

All-in-all I feel pretty comfortable with everything I've read about Apple Pay. What about you?

 

[PP Mguire]

Google has had this for a long time and NCR systems across the US have had the NFC payment system. Nobody wants to use it due to possible security issues. Because of this and the recent iCloud fiasco, I mean 2 step auth idiocy Apple might have a trust issue with their security on that too. Nude photos are one thing, money is another.

 

[iParanormalx]

Analysts have been anticipating a device-based payment system from Apple for years. The company has hundreds of millions of customers around the world. Because of the success of its iTunes and App Store services, it has active credit card details for a huge percentage of that customer base. Allowing people to pay using their phones was a natural progression. This progression is going to make it very easy for any current iTunes or App Store customers to setup the Apple Pay. Actually I think it will be more secure than using your Credit card, kind of similar to how its more secure to use PayPal for those notorious third party vendors on eBay - the vendor never sees your actual account information just the information for the single PayPal transaction. This concept might be why PayPal made a hit against Apple with their new ad they released today that highlights 'money should be safer than selfies'.

Similarly to the 5,000,000 gmail accounts and passwords that were posted on a Russian Bitcoin forum last week they were a collection of accounts that were obtained through different forms of identity theft (e.g. phishing). That breach of 5 million on Google wasn't due to their lack of server security, like the iCloud photo leak, but were due to a lack of users properly securing their accounts by using recommended security precautions. Official reports from Apple and Google were very similar for both circumstances.

 

[carnageX]

Like PP said, Google has had Google Wallet and NFC payments for a couple years now, at least.

 

[iParanormalx]

Like PP said, Google has had Google Wallet and NFC payments for a couple years now, at least.

Yes they have, and also like he said no one was inclined to use it because of security concerns. I've read a lot about this new Apple Pay and it seems they're doing it right for a change.

 

[PP Mguire]

Analysts have been anticipating a device-based payment system from Apple for years. The company has hundreds of millions of customers around the world. Because of the success of its iTunes and App Store services, it has active credit card details for a huge percentage of that customer base. Allowing people to pay using their phones was a natural progression. This progression is going to make it very easy for any current iTunes or App Store customers to setup the Apple Pay. Actually I think it will be more secure than using your Credit card, kind of similar to how its more secure to use PayPal for those notorious third party vendors on eBay - the vendor never sees your actual account information just the information for the single PayPal transaction. This concept might be why PayPal made a hit against Apple with their new ad they released today that highlights 'money should be safer than selfies'.

Similarly to the 5,000,000 gmail accounts and passwords that were posted on a Russian Bitcoin forum last week they were a collection of accounts that were obtained through different forms of identity theft (e.g. phishing). That breach of 5 million on Google wasn't due to their lack of server security, like the iCloud photo leak, but were due to a lack of users properly securing their accounts by using recommended security precautions. Official reports from Apple and Google were very similar for both circumstances.

The iCloud situation was for the same thing. Lack of two step auth. Being celebs using stupid questions like mother's maiden name (which can be a Google away) makes it incredibly easy for people to get into personal Apple accounts. Honestly, I'm surprised it hasn't happened before.

Yes they have, and also like he said no one was inclined to use it because of security concerns. I've read a lot about this new Apple Pay and it seems they're doing it right for a change.

It's literally the same thing. The insecure part is what could be attached to the receiver that use exploits over the air to steal info. NFC isn't that secure, but like using an ATM or getting gas at the pump you still have security issues no matter how good the encryption is during transit or server side. It's why it hasn't caught on by now.

Not saying I don't agree with you, I just think it'll take off probably for a different reason than you. I feel the iIdiots will think that the Apple approach is "safer" simply because it's Apple meaning it will go somewhere and move forward. Not to use the stereotype but it appears Android users seem to be a bit smarter instead of blindly following the rest of the sheep.

 

[iParanormalx]

It's literally the same thing. The insecure part is what could be attached to the receiver that use exploits over the air to steal info.

This is exactly how its different.

There is one aspect of Apple Pay that many agree the consumer tech giant has gotten right: Security.

Apple didn't spend much stage time explaining the tokenization process that underpins Apple Pay, but the method is seen as one of the most secure and fraud-proof payment mechanisms available.

Tokenization removes the actual credit card number and replaces it with a randomly generated number. That number, or token, can be configured to expire after one purchase or made specific to a certain transaction, making it a useless target for hackers or fraudsters.

Apple has established partnerships with enough issuing banks and payment networks to cover the majority of credit cards in the United States. Each of these is responsible for taking the card number you scanned on your phone and issuing the device account number. In which the token is on a per-merchant basis, with Apple Pay you get a unique token for each card and each iPhone.

Right at the start, this is a powerful combination of usability and security. Enrolling a card is dirt-simple and effectively frictionless. Using per-device tokens means that only the bank that issued the card (or its payment network) ever has your card: You don't have to trust Apple with it. This is different from the Google Wallet system, in which Google holds your cards on their servers. (For the record, Google is exceptionally good at maintaining that kind of security).

 

[iFargle]

I'm really hoping Apple Pay will push NFC payment (not just Apple Pay NFC) adoption further than Google Wallet did. My phone's completely set up and ready to use it, it's just that nowhere has it. And the only places that do have the hardware don't have it set up

 

[PP Mguire]

This is exactly how its different.

And it's still just as vulnerable. Google essentially uses the exact same tech, just like I said.

Your actual credit card number is not stored. Only the virtual prepaid card is stored and Android's native access policies prevent malicious applications from obtaining the data. In the unlikely event that the data is compromised, Wallet also uses dynamically rotating credentials that change with each transaction and are usable for a single payment only. Finally, all transactions are monitored in real-time with Google's risk and fraud detection systems.

I interviewed 7 times with NCR, once being the mobile pay department which included a 32GB PDF file of their systems. One big section was the NFC and how the transaction worked on the POS side rather than the phone side and how they communicate. To not have to rewrite POS software or add extra nonsense Apple had to essentially make the same thing compatible with their phones and their own "wallet" or host card simulation.

I'm really hoping Apple Pay will push NFC payment (not just Apple Pay NFC) adoption further than Google Wallet did. My phone's completely set up and ready to use it, it's just that nowhere has it. And the only places that do have the hardware don't have it set up

Come to Dallas. I see it all the time.

 

[MillField]

It's definitely an interesting concept. Unfortunately it looks like only US customers will get to trial Apple Pay for now. I still can't quite imagine using my phone as my wallet though..what if my battery is low? What if I lose my phone? What if I accidentally damage my phone? I think I'll be sticking to the traditional option for a good while until this becomes more mainstream. Nice to have as a second option though if you were to forget your wallet some day..