“Counterfeiting of bank-issued credit and debit cards is likely to fall precipitously during the next few years in the U.S.,” Gail Bronson reports for TheStreet.
“By next October, most bank card issuers will have swapped out their payment cards for new ones that carry embedded microprocessor chips. The chips work to curtail card fraudsters’ attempts to steal information during in-store transactions on point-of-sale terminals,” Bronson reports. “Meanwhile, Apple recently released its own technology platform for mobile payments, called Apple Pay, which enables iPhone 6 customers to use their devices to make secure, electronic transactions with many bank-issued cards.”
“Apple Pay facilitates secure transactions through the use of tokens issued by the banks. These are short pieces of encrypted software code, which contain all the data required to complete a transaction, similar to the data held in mag stripes and chip-embedded cards. The actual customer data remain with the banks that issued the cards. When a customer makes a purchase using his iPhone 6, a software token is sent to the card issuer who decrypts the transaction data for review. So neither Apple nor the retailer ever sees any customer information,” Bronson reports. “‘In my opinion, Apple Pay is as secure as or more secure than a chip card because it uses a biometric, your fingerprint, to authenticate the transaction, instead of a PIN or a signature,’ said Thad Peterson, a senior analyst at Aite Group, a business technology and financial-services research firm. ‘And if you lose your device and activate Apple’s ‘Find my iPhone’ app, it shuts Apple Pay down immediately. So there is virtually no risk of a customer losing his data or having it stolen.'”
Read more in the full article here.
Saw on TV news last night that you need to wrap your chip imbedded credit cards in tinfoil because they can be hacked easily. Me? I will just stick mine under my tinfoil hat I wear because of NSA. Just a word of caution folks.
That was debunked years ago. It’s the story that won’t die.
Good luck finding tinfoil. I think it was taken off the market in the ’50s.
Been doing this for the last 9 years with my European Cards. The Bank recommended this and also to prevent the magnetic strip from becoming demagnetized. It works. Don’t waste your money buying the advertised cases for credit cards. Good old foil does the trick and I’m really looking forward to TD Bank using Apple Pay. Just my humble two cents.
Good to see Apple’s NFC efforts working unlike Androids at Pwn2Own. But Apple’s Safari browser was compromised, so there is work to do on security.
http://arstechnica.com/security/2014/11/iphone-galaxy-s5-nexus-5-and-fire-phone-fall-like-dominoes-at-pwn2own/
“unlike Androids at Pwn2Own”
You are hilarious. Buying items via NFC using Google Wallet works just fine on the $80 Kyocera Android phone that I bought as an extra phone for emergencies. That phone is just now upgrading from Jellybean to KitKat but hey, for $80 what do you expect? The main thing is that where you have to pay $650 for an iPhone 6 to use Apple Pay, Android users can get the same functionality with an Android Phone that costs less than $100. Even if you are worried that Google Wallet will not protect your credit card info, you don’t even need to use credit cards or your bank account info for Google Wallet in the first place! It works just fine with PayPal (which you can use to add money to your Wallet account) or with gift or prepaid cards. Any way you slice it, as with everything else on the Android platform, Google Wallet is a viable alternative to Apple Pay. Which is why you hate it so much 🙂
What does this mean for Google Wallet: http://macdailynews.com/2014/11/13/google-retires-google-wallet-for-digital-goods/
I don’t want google anywhere near my wallet. As MDN frequently points out…they are in the personal information business. All the “freebies” they give away are for the purpose of collecting, mining and ultimately monetizing your info. Some folks are OK with that. Personally, I like to buy products from a company which is committed to making awesome hardware with an amazing ecosystem. Yup I’m a fanboy and a shareholder…and I get what I pay for!
I have a Nexus sitting in my drawer and I use an iPhone 6. Wonder why? I used the Nexus for a year- it is on it’s best day a sad copy of iOS.
There is a profound difference between the two. Google Wallet may provide the semblance of a viable alternative to Apple Pay from the perspective of the consumer’s convenience at the moment of the transaction (i.e. both are reasonably intuitive to complete, with Google Wallet requiring no more than one or two extra steps compared to ApplePay), but looking at the consequences of such transaction, the difference is enormous.
Google Wallet contains all of your personal information (Name, address, employer, phone numbers, bank and credit card numbers, etc). So does Apple Pay, however, Google happily collects and mines all the transaction data you make with Google Wallet (and takes it into the context of the rest of your Google online identity); Apple encrypts everything and mines nothing. Furthermore, Google happily shares all of your personal data with each merchant when you pay with Google Wallet, so that the merchant will have ability to mine your transaction and personal data.
Google’s ability to put purchases into perspective is even scarier; they can see what you were googling online, then they can track where you actually bought it and when, and how much you paid for it; they can see if you discussed the item in your g-mail…
Not quite the alternative some seem to think it is…
There is always work to be done on security fronts. Very likely there always will be.
All systems can be compromised given enough time, money and effort. Many of these teams spend several months (and in some cases years) developing their hacks. This is why the target device was an iPhone 5S in this case, not an iPhone 6 or 6+. Also note that nowhere does it state what version of iOS was on the 5S. Because these hacks take time to develop, prove out and make them work every time, it is very likely that the hack was against iOS 7 and the Safari browser that came with iOS 7. But, the press typically just says “iPhone” and that the hack took xxx seconds to do. Even Ars Technica’s headline just says “iPhone”.
(And just as an aside, I’d take anything posted anywhere about Apple by someone who lists The Register in their resume with a huge grain of salt. The Register is one of the few “news” organizations that has been banned from any Apple announcement event because of their position on all things Apple. Note that Goodin’s article title just says “iPhone” but specifically mentions the Android variants hacked — the implied statement being all iPhones are vulnerable but only certain Android models are vulnerable.)
Often Apple’s systems are hacked at the events because hacking an Apple system gets the hackers a lot of press — and likely money down the road.
It’s no different with corporate press releases. Apple raises its security capabilities with iOS 8, then Google issues a statement saying it is just as secure — just wait for Android-L. Then *two months later* Lollipop starts to ship to some devices with it being almost a secure as iOS 8, but Google’s statements are that it is more secure (and behind closed doors is saying that Apple won’t catch up for another 10+ months as iOS 9 likely won’t ship until September 2015).
The question I posted on Ars was what version of iOS was on the phone.
This technology has been in Canada for years. Both the chip and pin technology, as well as NFC payment terminals. It’s a shame we still don’t have Apple Pay. I guess it’s up to the Canadian banks to jump on board, because the technology is already in place for Apple Pay.
Chip and pin had also been in Europe for years. This summer in th UK it was hard for cashiers to use my US card because they rarely swipe anymore.
Weird how the US can be so backward in certain areas.
Just follow the money to understand why America is lagging and look at Congress to understand why little is likely to change. Welcome to the slippery slope of making sure the rich stay that way.
We had the same experience in the UK this past summer. Trying to use our Amex, we invariably met with a confused, “oh, a swipe card!” Half the time it would not work.
But who will protect us from Rite Aid? Since they think they know what’s best for us.
I use Apple pay as often as I can. I despise handing my card over. Apple pay is faster then paying with cash or credit card and the cashiers always say, “wow, what was that” They’ve had NFC terminals for years and some cashiers have never seen them used until now. Get on the boat retailers, I still have 11 months left on my credit monitoring from the Home Depot intrusion.
Coming from Sweden, it is always a nervous moment the first time you want to use your credit card in the US. We have a magnetic stripe on our cards but they are never used at home so you never know wether or not the magnetic information is good or not before trying it out. Sometimes I ordered a new card before traveling to the US just in case…