I've never seen that on an NFC phone, it never asks credit or debit, as that is asked after swiping a card.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
ApplePay will be a mess the first few years!
- Thread starter AliMacs
- Start date
- Sort by reaction score
I just got a Chip & Signature card (that's what Chase uses now... not PIN), and it failed at Wal-Mart.
If I were Apple, I would encourage ALL phones to partake in the festivities. Remember Apple is getting a slice of that profit pie each time its used. So initially, it may be
pay for idevices but I suspect before long it will be pay for all devices with the technology.Hoooookay, let's break this down.
"Will never have widespread acceptance by the consumer".
The same has been said of literally dozens of technologies going back a hundred years, including the telephone, credit cards, CDs, and pretty much all of Apple's products.
Just 'cause it's easy: http://fortune.com/2009/12/01/the-great-iphone-death-watch/
This is so obvious that it hardly bears mentioning, but:
1. 10 million was first weekend sales. Pre-orders were 4 million, and how many have been sold since then? Apparently another 11 million: http://blog.gsmarena.com/apple-iphone-6-sales-detailed-infographic-reach-21-million/
21 million customers aren't insignificant, and the numbers are growing daily. Heck, it's hard to FIND an iPhone 6 lately, and forget the 6 Plus.
2. More than 500 banks and several more retailers have signed on in the past month.
I presume you've conducted a poll that leads you to this statement?
As an infosec professional, I trust my iPhone with my information much more than I would trust an Android device. That's not hyperbole, that's real threat analysis.
But let's examine this statement: You postulate that iPhone owners will carry their phones around with whatever level of personal information is in it, but will somehow be scared to store a number in a secure element that isn't even their actual credit card number?
There's a kernel of truth in there, I suppose, but hackers don't *always* find a way. Not everything has been proven vulnerable, but we *are* talking about payments here; a very legitimate target. So let's examine the security for a moment.
First, let's examine how a credit card payment is handled today.
You swipe your card in a terminal or give it to a clerk, who swipes the mag stripe. The stripe contains the PAN, or Personal Account Number - your credit card number - which is transmitted to one of dozens of credit card processing companies affiliated with Mastercard, Visa, Discover, etc. The processor then transmits the data to your bank, who authorizes the transaction and charges your account.
There are several vulnerabilities here. First, if you hand your card to someone, you risk the use of a skimmer that they are carrying, whereby they swipe your card twice, once in a device that records the PAN and other data off the card. Of course, we've all heard of skimmers being installed in gas pumps, ATMs, and the like as well.
Next, your card info goes to the merchant's own network/processing system in many cases, especially with the larger retailers. This is where most of the breaches have occurred due to various security inadequacies.
Your card number then goes to the processor, who has a network and systems as well, with the potential for hackers to penetrate.
Finally, it goes to the bank, which could possibly be penetrated as well (see JP Morgan Chase).
That's a lot of vulnerable points - every merchant, every processor, and every bank. Your card number could be compromised at any one of them. Or along any of the network connections between them.
Now let's look at Apple Pay.
You tap your phone to the terminal, and use your fingerprint to authorize the transaction. The iPhone sends the Device Account Number - a random number used as a stand-in for the credit card number - along with a one-time cryptogram to make the session unique. It's slightly more complicated than that, but the gist is that even if these are intercepted anywhere along the path from the phone to the bank - be it the NFC connection (which is vulnerable to interception over-the-air at distance), the merchant network/servers, the payment processors, or any of the network paths up to and including the one to the bank, it doesn't matter: The numbers presented are valid one time only.
So, there's only two places to attempt to find valuable data: The bank, and the phone.
The bank might be vulnerable to a hack attempt (again, see JP Morgan). However, that same hack would make ANY payment type vulnerable - chip & pin, CurrentC, ISIS/Softwallet, or conventional cards.
The phone is not vulnerable for a few reasons:
1. The card number is NOT stored in the phone.
2. The Device Account Number is stored (encrypted) in the Secure Element, a special chip that is isolated from iOS and would need to be damaged in order to forcibly retrieve its (encrypted) contents.
3. The phone, if stolen, can be wiped remotely.
So, really, we are left with effectively one way for the hackers to get valuable data - attack the bank - as opposed to attacking the device, NFC transmission, merchant, processor, network connections between all of the above, AND the bank as with conventional cards AND Chip/Pin.
However, they enter it into their iPhone to initially authorize iTunes payments - and that card that is on file WON'T have to be entered to be used with Apple Pay. They also enter it into potentially insecure web sites and swipe it in terminals at stores that could be involved in the next big breach. Once they are told WHY this makes sense from a security perspective, the more intelligent will realize that this is a GOOD thing.
And plenty of security pros will counter with the fact that chip and pin only secures against the theft of a physical card, not the numbers on it. No one who did or would have used chip and pin would have been safe at Target, Home Depot, KMart, Michael's, TJ Maxx, or any of the other merchant breaches. Once that is made clear, that argument, if made at all, would be seen for what it is.
The fact of the matter is that they are, to a degree, complimentary technologies from a security perspective. If you have Apple Pay, but your wallet is lost or stolen, your normal credit card is still at risk. With chip and pin, it's less at risk. It's not SAFE, since vulnerabilities within the chip's transaction authorization protocol render it vulnerable to spoofing exist, but it's safer in that your average person finding the card won't be able to use it.
I think that when the next breach happens and the merchant announces that customers who paid with a credit card may have had it compromised, but people who paid with Apple Pay have nothing to worry about that many more people will change their minds.
----------
If I were Apple, I would encourage ALL phones to partake in the festivities. Remember Apple is getting a slice of that profit pie each time its used. So initially, it may be
I disagree. Apple wants to sell more of THEIR phones, and they can't control another manufacturer's phone. Apple Pay is both a revenue stream AND a market differentiator. "Your payments are not secure unless you buy OUR device!" is the message they will send. And, largely, they will be right, until and unless someone else does something similar. However, in the Android camp, someone like Samsung would have to work closely with Google to develop it and THEN they would have to sell it to the banks, merchants, and processors. From what I read, Samsung and Google - perhaps the only two parties that could dance this particular dance - don't get along so famously. Apple is a lot safer and surer bet as a technology partner.
21 million when there are 9 billion people on the planet, is not significant. I would bet the majority of people did not upgrade to the iPhone 6 because of ApplePay. So large percentage will likely not use it. Apple devices are behind the number of Android devices across the world. Android has 78% of all users worldwide, while Apple has 18%. And that spread will become larger as consumers in emerging markets by the cheaper android devices. ApplePay will fill niche market in the grand scheme of using credit. Just because the banks are on board, does not mean people are going to flock to this new technology and abandon credit cards. That's not going to happen. People don't like change, especially something they don't understand. Of those 21 million iPhones that have been sold, how many do you actually think will use Apple Pay consistently? I would bet not many. Sure, many may give it a try, if they happen to remember they can actually do it, before they pull out their credit card. Most people can pull out a credit card out of their wallet just as fast, or faster than they can pull their iphone out of their pocket, and then make sure they have their finger on the sensor, and then place it near the reader. Applepay will not become the most popular form of payment. Physical credit cards by far will have the Lion share. Consumers in the US don't suffer any real consequences if their credit card is stolen or lost and used by someone else. They are protected from those charges by the law. I have had bogus charges on my card a few times, without ever losing the card. Every time, the bank cancelled those charges and issued me a new card. All it took was a 10 minute phone call. It was a minor inconvenience. Considering the massive amount of charges that occur everyday using credit cards, the actual amount of fraud is extremely small. Identity theft is a much greater concern, and if one thinks using ApplePay will insulate them from the threat, then they are kidding themselves. Your information is out there already. Too late to reverse that.
Last edited:
Apple Pay is US specific at this time, so comparing US sales estimates against the total world population is nonsensical. Either you didn't think that one through or you're intentionally obfuscating.
As of the 2010 census, there were 235 million people aged 18 years and over. So they've sold enough devices to cover almost 9% of the population eligible to own a credit card within less than a month. If you add in the 54 million 5 to 17 year olds, and if iphone 6 sales were evenly spread across ages 5 and up, you're still at over 7% eligible population coverage. In a month.
It will be interesting to see the adoption of the technology and whether it takes off as is, or morphs into a vendor agnostic variant in time with other handset makers joining in. Initial adoption may be slow, but as businesses are incented to replace their terminals due to EMV anyway that may aid the chicken-and-egg problem.
This is disingenuous. Not only is Apple Pay only available in the US to start, but to suggest that the majority of people won't make use of a feature that is available to them simply because they didn't upgrade to get it is as best a gross assumption on your part. I didn't buy an iPhone to listen to music, I didn't upgrade to the 4S for Siri, and I certainly didn't upgrade to the 5s for slow-motion video, but I use all of those features.
Now, there will be owners of the 6 that CANNOT yet use Apple Pay because their bank doesn't (yet?) support it. But no one - Apple included - is saying that Apple Pay will be adopted by the majority of iPhone 6 owners; certainly not in the beginning. Like anything else, successful adoption would generally breed further adoption.
We can talk market share, how many Android users switch to iPhone and vice-versa, but in the end, Apple Pay is not intended to replace the use of a physical card for anyone but iPhone owners, and they do and will number in the tens of hundreds of millions. As the years go on and people upgrade older iPhones to Apple Pay capable models, adoption would be poised for growth.
Forbes puts iPhone US market share at 41% as of June. (). Even if this declines to say 30% over the next few years - a point I do not concede, mind you - that's still a LOT of people using a more secure way to pay. And, again, all you need is one big breach that DOESN'T impact Apple Pay customers, and that will convert a lot of people who haven't yet tried Apple Pay.
They won't be replacing credit cards at all. Just the way they use them. A more secure way to use them. By the end of 2015 most cards will be chip and pin, combating card loss and theft, and systems like Apple Pay will combat interception of payment transactions.
Obviously not everyone will use Apple Pay; to suggest otherwise would be silly. But to say that Apple Pay will fail because not everyone will use it is just as silly. Time will tell how successful it is, how secure it is, and how much it is adopted.
Like I said, it depends. Apple Pay, to me, is less about convenience and speed than it is about security. I know that I can get my phone out and ready to pay a lot faster than I can do the same with a card, but I am not everyone.
There are a few points to consider here.
First, you gain fraud protection when you report the fraudulent charges promptly. If you don't notice them, you risk losing some protections.
For me, the major inconvenience is in getting a new card number and having to change all of the recurring billing associated with it. I had to do that after Target was breached, and it's a pain.
The amount of fraud is not extremely small, you just don't hear about it personally. From working with banks, I can tell you that not only is it NOT insignificant in occurrence, but the banks spend a truckload of money in investigations, manpower, AND loss absorption. Why do you think they are finally getting on board with chip and pin AND jumping on to Apple Pay? They are giving Apple a slice of the pie when they do - what's their incentive to participate at all? Simple, reduction in fraud costs.
Some statistics for you - which you could have easily Googled:
* Credit card and debit card fraud resulted in losses amounting to $11.27 billion during 2012.
http://www.cardhub.com/edu/credit-debit-card-fraud-statistics/
..And it's ramping up:
* A survey released in 2012 by the Aite Group and ACI Worldwide, a research and a payment-software firm respectively, found that 42% of Americans had experienced some form of payment-card fraud in the preceding five years.
http://www.economist.com/news/finance-and-economics/21596547-why-america-has-such-high-rate-payment-card-fraud-skimming-top
..And that was before the recent large breaches.
Apple Pay obviously has nothing to do with identity theft, and I haven't seen anyone confuse that issue anywhere. That's likely why Apple Pay was pitched by Apple as a convenience for customers, and as fraud protection to the banks.
It's not a panacea, it doesn't cure cancer or save the whales; it is a great first step towards protecting Apple's customers from card fraud while making payments more convenient. Why are you trying to make it more than it is and then say it isn't all that?
Last edited:
Doubly so since he's overstating the world population by 25%. It's about 7.2B right now, not 9B. http://www.census.gov/popclock/
I'm sorry... you don't like a feature on your phone because it... requires your phone???
Don't be an idiot and let your phone die? I have a charger in my car and at home. Sure, if I'm away from both for a long time it MIGHT be an issue, but in reality it's almost never is.
Anyway, you will still carry your wallet until we have digital driver's licenses.
PS: One more thing. Apple Watch.
I've never seen that. The cashier tells me what I owe, I put my phone to the terminal, and the cashier just looks at his screen until it says approved, then I'm good to go.
Apple Pay is going to make Apple a ton of money 2-4 years from now when most devices, including one you wear on your wrist, has it
So leave your credit cards at home and use Apple pay because I'm sure im one of very few who has had their phone battery die on them. Whatever makes you happy.
Never had a problem with apple pay, only time it didnt work I hadn't inputted the correct details
Apple need to increase the spend limit though to really challenge visa and the rest.
I think the limit is about 30£ ?
I think the limit is about 30£ ?
That's not Apple's fault, it's a UK banking limit for contactless payments. Some retailers have updated their terminals to allow for higher payments with Apple Pay and we'll probably see more join in this year.
It don't matter whos fault it is, maybe Apple should have pushed for a higher limit from the beginning. Especially with the added security of touch id.
It's wasn't Apple's decision to make. The only other option was to refuse to allow Apple Pay in the UK.
Now that it's taking off I'm sure we'll see the limit increase over the next couple of years.
I have used Apple Pay since I got my iPhone 6s plus a few months ago. So far, Trader Joes and Whole Foods are the only places I regularly shop that have it but once I got the hang of it the system works pretty well and is convenient. I realized the iPhone has to be very close to the terminal (almost touching it) at my local Whole Foods. It doesn't make the transaction go any quicker but its good to have another payment method and its a novelty to pay with my phone.
Once Apple is forced to provide a backdoor to access all our iPhones, the NSA will also have a copy of my fingerprints and will know that I tend to eat over a pound of food at the breakfast bar.
Once Apple is forced to provide a backdoor to access all our iPhones, the NSA will also have a copy of my fingerprints and will know that I tend to eat over a pound of food at the breakfast bar.
Well I'm sure they could have used their influence a bit more to get it increased the 30£ seems a bit half assed.
But I suppose its better than nothing at the moment
Just came across this thread after just getting my iPhone 6S and have a question. I've used contactless payment on my Visa Debit Card (RBS) loads and I'm very happy with it and how it works. I've now gotten my card setup with Apple Pay on my new 6S and I understand how it works. Question I have is I thought Apple Pay allowed for any size of purchase, just like if I was putting my card into the machine? Or is Apple Pay limited to £30 like on Contactless Cards still?
Most of my purchases are under £30 anyway but I was hoping this would be one of the benefits to Apple Pay?