Tim Cook as good as confirms Apple prepping mobile payments via Touch ID

“When Touch ID was first rumored, there had been much speculation about whether the iPhone 5s would act as an electronic wallet, with payments to retailers authorized by fingerprint,” Ben Lovejoy reports for 9to5mac.

“While that hasn’t yet happened, it does now seem clear that it’s on the way,” Lovejoy reports. “Asked about mobile payments during yesterday’s earnings call, CEO Tim Cook gave what is, in Apple terms, a surprisingly direct response: ‘The mobile payments area in general is one we’ve been intrigued with. It was one of the thoughts behind Touch ID […] it’s a big opportunity…”

“Cook’s unusually forthcoming comments very much indicates that mobile payment via Touch ID is a question of ‘when’ not ‘if,'” Lovejoy reports. “That isn’t going to happen overnight, but with major retailers already investing in iBeacon technology, there’s no reason at all we couldn’t see some pilot projects up-and-running in the near future.”

Read more in the full article here.

Related articles:
iWallet: Apple exploring expansion of mobile payments, sources say – January 25, 2014
Apple patent application reveals secure iWallet system with iBeacon – January 16, 2014
Apple’s revolutionary iWallet is coming – December 10, 2013
Apple could have 250 million iBeacon-capable units in the wild by 2014 – December 7, 2013
Apple turns on iBeacon to guide shoppers at 254 U.S. retail stores – December 6, 2013
Analyst: Apple to reach 600 million users with credit card accounts on file by year end – June 4, 2013

17 Comments

  1. Or a few more store credit cards hacked. More stores making the news every week now.

    If only there was a company that had billions in cash and some digital mobile devices that they could use to generate more boat loads of profits with. And they could use a personal account to charge against that was tied to a payment system all around the world.

  2. Apple needs to get this done quickly. Given the major retailer security breaches (Target, Michaels, JCP), it’s only a matter of time before another one occurs.

    The entire issue is the old, old magnetic stripe technology in cards. Replace it like with the Starbucks app, where the app is linked to a card/account and it generates a bar code to be scanned when paying. No personal information needs to be transmitted to the registers, just an approval of funds available for the purchase. All financial and personal information can be encrypted on the device and kept secure.

    1. You get a mixed score. But generally I like your point.

      Where I differ is the new meme that the ‘old, old magnetic stripe technology’ had ANYTHING to do with lazy-ass Target ad nauseam’s STUPENDOUS customer account hacking horror. IT DID NOT. Mythity myth myth myth perpetrated by the lazy-ass companies involved in order to divert attention from where it solidly belongs: ON THEM for being lazy-ass with their computer system security.

      These moron companies HAD BEEN WARNED that such malware existed and was being used out-in-the-wild in AUGUST of 2013. They chose to IGNORE THE BIG FAT WARNING like the lazy-asses they are.

      Now back to not ranting: Bravo for pointing out that non-automatic data dumping cards are required for a secure future. That specifically means NO RFID CHIP CREDIT CARDS EVER! Those stupid POS cards are even WORSE than ‘old, old magnetic stripe technology’ cards. Anyone passing by can grab the data. And what’s the use of having a pin number encryption if the pin is an eeny-weeny 4 digit number that can be cracked in less than a minute?

      The current best idea I’ve seen that uses just a QR Code image is SQRL (‘squirrel’) from Steve Gibson.

      I did a rant fest on this topic here:

      http://mac-security.blogspot.com/2014/01/target-et-al-are-to-blame-not-magnetic.html

      1. I’m tired of hearing everyone bitch about RFID as well. RFID only transmits a matter of inches. NOT feet, or yards. Someone can not just walk by you and hack the RFID – they literally need to be you in order to hack it.

        In contrast Apple is talking about using BT to transmit the data though iBeacon … gee I wonder if anyone will ever be able to figure out a way to hack that connection anywhere between where you’re paying, and the iBeacon receiver located up to 50 feet away.

        Of all the options out there, I like the Starbucks app model that Bizlaw was talking about. A simple barcode / QR with no wireless transmission, and nothing to be stored on someone else’s “secure” server. The only place my credit card info is stored in that scenario is in a device that I control.

        1. Your ignorance about RFID is NOT helping anyone. Inches is all it takes to lose your data to anyone.

          Meanwhile: I’m happy to champion the alternatives, which thankfully are plentiful and promising. The Starbucks model is fine, far better than the crap RFID chip systems.

          The SQRL system Steve Gibson has developed is even more powerful and protective. You can follow SQRL here:

          https://www.grc.com/sqrl/sqrl.htm

          1. Here’s what I know about RFIDs on credit cards and how they work …

            The RFID on a credit card does not transmit the card holder’s name, expiration date, or CVV code on the back of the card – so hacking the RFID for the info it does hold, makes it useless for reselling the data, or using it for online purchases, the 2 main reasons some one tries to steal credit card data.

            When RFIDs are used for credit card purchases, the system generates a new random CVV number for the next purchase made with the RFID. If some one were to steal the data off of the RFID, they would only get one use out of the stolen data at a POS location, then the RFID CVV would generate a new number which they then wouldn’t have access to. As well, if someone stole my RFID data, and I used my card again before they got a chance to try to use their cloned card / stolen data – the system would have generated a new RFID CVV before they used the old one, and it would get rejected.

            Again, since RFID is limited to inches, most RFID signals are blocked for any number of reasons. Men’s wallets usually contain more than a few credit cards, the mere presence of other cards on top of an RFID card is enough to block the RFID transmission. Women, tend to carry their cards in a purse, with the RFID card being buried somewhere in the middle of the purse, far enough away from any sweeping device’s ability to effectively grab the data transmission.

            In all of the years that RFID has been in use on credit cards, there are no wide spread reports of hacks, stolen card numbers, fraud or abuse. Because someone at a hacker expo can steal and replicate someone else’s RFID data during a demo, doesn’t mean there’s a practical application for doing it in the wild, or profiting from it.

            1. When/if the data on an RFID chip is encrypted, as it damned will must be for any modicum of security, there is still the weakness of unlocking the data with an deny-weeny little PIN number. As I stated here before, sticking a 4 digit PIN number on encrypted data as its key, in this day and age, is an utter JOKE. Thus, why even bother?

              One instance of access to the card data is all that is required for winner-take-all.

              since RFID is limited to inches, most RFID signals are blocked for any number of reasons

              WORTHLESS protection. The obviousness of this situation could not be plainer. You’re not going to understand, apparently.

              If you’d bothered to read my article on the subject, linked in one of my comments around here, you’d see me extremely well explained example of my personal New York State RFID driver’s license with is provided to victims with an AFDB, IOW a Faraday Cage, IOW a foil envelope to keep bad guys from triggering it by merely bumping into me anywhere on the planet. If you do your homework, you’ll find that such protection is provided with a wide variety of OTHER RFID cards. In my article I posted the picture of a Holiday Inn RFID card in its metal envelope.

              IOW: I call BULLSHIT on your claim of ‘no wide spread reports of hacks’. If these cards weren’t in their provided AFDB envelopes, there damned well would be.

              ∑ = BAD ‘gee whiz’ technology. Get over it and get secure please.

              And again YES: This entire issue is merely a RED HERRING to deflect people from pointing their furious finger exactly where it belongs: IN THE FACE of Target, Neiman Marcus and who-knows-how-many other LAZY ASS companies who were WARNED about this specific security hole and malware and DID NOTHING ABOUT IT.

              Yes, I’m yelling. IASSOTS from ignorant people who rant on and on with NO understanding of what they’re talking about. So there. Topic CLOSED. I won’t be bothering to reply to any more crap about crap RFID technology. Look elsewhere for superior security, including the current magnetic strip credit cards.

              Either do your homework about security or please just STFU before your ignorance damages other people.

            2. Look no further than your own arrogance and rantings of imaginary problems.

              If the state in which you reside is stupid enough to encode your entire life’s story in your RFID than that’s their problem. Credit cards aren’t doing that, and what’s what the subject of this thread was – credit card payment systems. Credit card RFIDs are not storing all the info needed in order to make their theft / skimming worthwhile. If there were wholesale issues concerning the theft of credit card data via RFID, I can’t find it, and I doubt you can produce it.

              If Target had been solely using RFID for use on credit cards, there wouldn’t be an issue. As the RFID CVV would only be good of one use on the stolen data. But Target used an arcane system that collects all data from the mag strip then foolishly stored all of that data on a server that wasn’t secured correctly. That’s an IT issue at Target – not a credit card / RFID issue.

            3. ‘And entire life’s story’ is as simple as a credit card account.

              And to hell with your attempting to remove the blame directly from Target ad nauseam. RFID would ONLY have made the situation WORSE and in:

              W O R S E

              You go get and RFID card and have fun. I sure as shite won’t, because I’ve done the research.

    2. Let me get this straight:

      You’re saying because retail security breaches on the rise, Apple should MOVE QUICKLY to get into that space? Not take take their time, not move slowly only once they know how to make it completely secure – just get in there, rush to every retail outlets you can with the millions of credit cards Apple has on file?

      You’re mentioning the Starbucks app – the one that was in the news last week for a massive security issue that allows attackers to steal steal ids and passwords – as if that’s a great example for Apple to follow?

      Am I the only one who sees a problem with all this?

  3. My fear is that Apple won’t get any deals done, and then won’t release anything. Notice what happened with TV. For years, Cook and Jibs were saying how TV was an area of great interest an wanted to “pull the string.” But they were never able to get their content deals done, and competition, possibly in frantic reaction to Apple’s comments, has improved the experience and number of offerings.

    With payments, Apple would have to either have to go head-to-head with the big boys (Amex or Visa) or become another service like PayPal, which will have tons of competition unless Apple unveils this service soon.

  4. “That isn’t going to happen overnight” – Tell that to Wall Street, who are now sure to slam Apple for every announcement that does not include releasing mobile payments.

  5. I hope Apple moves relatively quickly on this. Apple seems to take its time playing it safe while companies like Google, Samsung and Amazon just jump right into things. I’m not saying it’s right or wrong, but it seems most companies move a lot faster than Apple does. Apple’s whole iPhone business is moving at a glacial pace in terms of iPhone models.

    The quicker Apple moves it has a better chance at keeping a lead longer. Every time Apple gets a lead in something it’s so quickly overtaken by rivals. Yes, I agree that Apple should move only as fast as soon as they’ve taken necessary precautions but if possible Apple should increase its staff to speed up things (providing that’s how those things work).

    1. Yes, I agree. It seems Apple needs to paces and they have but one, glacial!

      One pace for R&D with new things like the iPad. Get it right, then amaze us! The second pace ought to be much quicker, quicker than anyone else. This ought to be the pace for continuing to make said product amazing and addressing industry trends, i.e., screen size, and any other areas the competition reveals might be worthwhile. They also clearly need to do something to quicken the pace for software fixes. By the time they have Mavericks working right, they will be releasing 10.10. Stop releasing software before it is ready and stop removing functionality while you get it ready!

Leave a Reply to GM Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.