Hype about Apple Pay

MrCrispy

2[H]4U
Joined
May 14, 2007
Messages
3,960
Once again Apple has managed to fool people into thinking they've come up with something new. The fact is Apple Pay is a new thing for Apple to use tech that's been out for years.

Google Wallet is every bit as secure regardless of what Tim Cook says about 'secure element' . Wallet will work everywhere Pay will (and vice versa), its basic NFC payment. They will both be supported by the same financial institutions, and they both use existing payment standards.

The only difference -

1. TouchID is marginally faster than entering a pin in Android
2. Google does a terrible job of marketing and informing users. Apple as usual is great at polishing the experience and making it visible.

The real benefit might be raising public awareness.

And one more thing I'm not sure about -

3. Apple Pay will bill your CC directly by using the token generated. Not sure if Wallet will do this or the transaction will have to go via Google.
 
Last edited:
And btw, the only reason this is needed is because the US is behind the rest of the world and uses insecure magnetic stripes instead of Chip & Pin.
 
True but now that Apple is doing it will be used by a LOT more companies.
 
No doubt that Google's implementation is probably as secure as Apple's will be. However, I'm not sure anyone wants to trust either of them in significant numbers. When they have their first major breach, I wonder if they will pay out. I guess we'll see.
 
okay, sounds good.
giveup.gif
 
I think this is a good thing for all phone users if it catches on. And I hope its the death of scamware like Coin.
 
I'm fine with Google Wallet taking off more as long as they stop collecting data about what I'm buying and where. Until then I'll only use it for online purchases from a few specific retailers. I'd have no problem using Apple Pay for regular purchases in stores if they're serious about not collecting that data. I don't care how "secure" Google's implementation is when they collect data I don't want them to have in the first place.
 
Things are far from ideal with android NFC payments right now. It's actually pretty terrible.
On my android devices I have 2 options and neither work the way I want.

Wallet - Rarely works. I don't know how many times I've tapped on an NFC payment terminal and it says it's not supported. Red lights when I tap for payment on the bus, red lights when I try and pay at the grocery store, red lights when I try to use it at the gas station. Red lights everywhere. Why? Because they only accept Isis. So what's the big deal? Switch to Isis right? Well... That doesn't work either.

Isis - accepted everywhere I can use NFC. Problem solved right? Nope. Isis only supports a handful of banks. US Bank isn't one of them, and neither are the 2 other banks I use for credit cards. My only solution is to use an Amex prepaid card through Isis.

Did Apple invent the payment system? No. Is it already better than the 4+ year old system android uses? Well, considering it will accept all of my credit cards and will work everywhere Isis does (pretty much everywhere) apple is already doing a better job and the system hasn't even been released.
 
I am glad that Apple is finally on the NFC band wagon, now more stores will implment it.....and I will be able to use Wallet more :)

As for the "Secure Element" .... That is in the android phones as well, has been since the G.Nex atleast, there were plenty of issues initially with people getting locked out of their secure element when they changed ROM's, or reset the phone w/o clearing the secure element (It would lock itself out for security, if the OS was not the same as it was config'd on, or something like that)

To address some points ...

No doubt that Google's implementation is probably as secure as Apple's will be. However, I'm not sure anyone wants to trust either of them in significant numbers. When they have their first major breach, I wonder if they will pay out. I guess we'll see.

Well Wallet has been around since the galaxy nexus was the nexus to get...Yet to be breached, google has a Master card that is actually used, and you are charged by google for the amount (no-fee) to your prefered method (So in reality your backed by your CC + Google + MC)


Things are far from ideal with android NFC payments right now. It's actually pretty terrible.
On my android devices I have 2 options and neither work the way I want.

Wallet - Rarely works. I don't know how many times I've tapped on an NFC payment terminal and it says it's not supported. Red lights when I tap for payment on the bus, red lights when I try and pay at the grocery store, red lights when I try to use it at the gas station. Red lights everywhere. Why? Because they only accept Isis. So what's the big deal? Switch to Isis right? Well... That doesn't work either.

Isis - accepted everywhere I can use NFC. Problem solved right? Nope. Isis only supports a handful of banks. US Bank isn't one of them, and neither are the 2 other banks I use for credit cards. My only solution is to use an Amex prepaid card through Isis.

Did Apple invent the payment system? No. Is it already better than the 4+ year old system android uses? Well, considering it will accept all of my credit cards and will work everywhere Isis does (pretty much everywhere) apple is already doing a better job and the system hasn't even been released.

That sucks man, ive been using Wallet for years no issues, never seen a not supported (And im in central fl, not one of the test markets), granted ive only used it on a supported phone ( Nexus devices ).
 
Miami, FL here. NFC payments is 25/75. Some terminals have the damn thing and others don't. Then the ones that do have it are usually disabled or broken.

Hopefully Apple's "revolutionary" technology gets people to push support for it so our 4 year old Nexus phones can finally use it.
 
We actually talked about this at work yesterday. The general consensus was that Google may have been first, and maybe even better, but it doesn't matter because they're not Apple. Now that Apple and the iPhone brand name have been thrown behind it, expect to see it take off, purely on the brand name recognition.
 
Our web dev, who happens to have a background in payment system design (ATMS, pin pads etc) has been slammed with emails from companies confirming they support the service. So, Apple's going to be out there, and in a big way.
 
I believe one of the original plans for marketing NFC on Android phones was the London Olympics in 2012. The plan was to use NFC for payments and the Underground. It turned out that NFC is too slow to be used for the metro turnstyle system so that marketing plan died.
 
I'm wondering if Google Wallet will work on the iPhone at some point, if not right away, using the NFC chip.
 
NFC is getting an API in iOS 8, so there's no technical reason why they couldn't.
 
I believe one of the original plans for marketing NFC on Android phones was the London Olympics in 2012. The plan was to use NFC for payments and the Underground. It turned out that NFC is too slow to be used for the metro turnstyle system so that marketing plan died.

Really? That's weird... most transit companies in the states have transitioned to the NFC design. Miami, FL metro swapped over in 2010.
 
And btw, the only reason this is needed is because the US is behind the rest of the world and uses insecure magnetic stripes instead of Chip & Pin.

This is not needed the credit card companies already put in place policies to use token generation at ALL retailers in 2015. The migration was posted as news on this site a long time ago.

What is needed is just for apple to adopt the standard. The reality is the USA above all other nations is in apples pocket and so many millions here have iphones. As long as apple did not adopt the standard it simply meant the standard would never gain wide spread appeal unless it cost less, or google took over the market nearly completely.

Look at it like this roughly 50% of everyone I know has an iphone, in 2 years when many of them upgrade we will finally see most americans NFC capable. And that was what was needed.

Also in general iphone and apple users seem to be more pushy about getting their way. What your app isn't for iphone????? Or how come this doesn't work for macs. That type of bitching heard store after store will push more small businesses to upgrade their equipment.
 
Once again Apple has managed to fool people into thinking they've come up with something new.

Once again, an anti-Apple forum post begins with a strawman and descends into a fallacy.

Google Wallet is every bit as secure regardless of what Tim Cook says about 'secure element' .

Congrats, you have no idea about how either technology is implemented or why one type of tech may or may not work. Hint: consider market penetration and risk.
 
Also in general iphone and apple users seem to be more pushy about getting their way. What your app isn't for iphone????? Or how come this doesn't work for macs. That type of bitching heard store after store will push more small businesses to upgrade their equipment.

Is it too difficult to use facts to explain what is actually happening?:
The “liability shift” is a big moment in the changeover. Can you explain what it means?

Part of the October 2015 deadline in our roadmap is what’s known as the ‘liability shift.’ Whenever card fraud happens, we need to determine who is liable for the costs. When the liability shift happens, what will change is that if there is an incidence of card fraud, whichever party has the lesser technology will bear the liability.

So if a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.

The key point of a liability shift is not actually to shift liability around the market. It’s to create co-ordination in the market, so you have issuers and merchants investing in the migration at the same time. This way, we’re not shifting fraud around within the system; we’re driving fraud out of the system.
 
Once again, an anti-Apple forum post begins with a strawman and descends into a fallacy.



Congrats, you have no idea about how either technology is implemented or why one type of tech may or may not work. Hint: consider market penetration and risk.

I'd like to hear exactly what makes Pay more secure than Wallet from a technical point of view? My post was entirely accurate and factual.
 
NFC is getting an API in iOS 8, so there's no technical reason why they couldn't.

Probably not, payments requires the secure element. Chances are that the secure element will be exclusively used by Apple.

@Terpfen, How is Pay going to be more secure? Both Apple and Android utilize the exact same tech (Secure element), and both utilize NFC....So AFAIK The implementation is the same, I'd be interested to see what is making apple more secure when everything ive noticed (Not really looked far into it), poitns to the same tech thats been used and proven over 3 years.

That is not to say that I dont think Apple will implement it better, and that retailers will bring it in to the main stream.... I think thats exactly what will happen, and am glad because it will make my Google Wallet more usable.
 
I'd like to hear exactly what makes Pay more secure than Wallet from a technical point of view? My post was entirely accurate and factual.

Your post was nonsense.

Google Wallet stores your card number and information on Google's servers. Apple Pay stores it in an enclave on the iPhone and does not transmit it. Biometric authentication is required to initiate an Apple Pay transaction on every device; there is no equivalent requirement on Android devices, because not all have biometric readers, or an equivalently secure alternative. Apple never sees or knows your card number, it's not centrally stored somewhere else. This is all extra security just on the user side.

Where Apple really succeeded is on the back end, where they assumed some of the fraud risk by requiring Touch ID, and then managed to get the major card issuers and banks on board with their single solution. So now when all those POS terminals are replaced over the next 24 months to support chip and pin, they're also going to support Apple Pay. This is a huge deal; Google did nothing to assist with the infrastructure and POS side of NFC implementation, they just added it into Android and offered to hold on to your card number for you.

Apple's timing and implementation is way better than Google's, and as a result their method will be more widespread and taken more seriously than Google Wallet. Whether or not it works remains to be seen, but they've already embarrassed Android's NFC deployment.

But continue thinking that being first to something is more important than doing it right. How's that working out for, say, the Galaxy Gear?
 
To my knowledge the Apple Pay uses the credit card already on file with Apple for your App Store (I Could be wrong, but that is one thing I do remember seeing in one of the articles) ... so its stored on a Apple server. The Android implementation is the same, phone side its stored in the secure element, but there is still a server with your CC.....Apple has your CC already remember (Typically, and the typical user)....

I dont see anyone claiming one is superior to the other (Especially considering only one is to market ... and Wallet encompasses more than Pay does, atleast to my current understanding)
 
To my knowledge the Apple Pay uses the credit card already on file with Apple for your App Store (I Could be wrong, but that is one thing I do remember seeing in one of the articles) ... so its stored on a Apple server. The Android implementation is the same, phone side its stored in the secure element, but there is still a server with your CC.....Apple has your CC already remember (Typically, and the typical user)....

I dont see anyone claiming one is superior to the other (Especially considering only one is to market ... and Wallet encompasses more than Pay does, atleast to my current understanding)


The Slanted said:
“Security and privacy is at the core of Apple Pay. When you’re using Apple Pay in a store, restaurant or other merchant, cashiers will no longer see your name, credit card number or security code, helping to reduce the potential for fraud,” said Eddy Cue, Apple’s senior vice president of Internet Software and Services. “Apple doesn’t collect your purchase history, so we don’t know what you bought, where you bought it or how much you paid for it. And if your iPhone is lost or stolen, you can use Find My iPhone to quickly suspend payments from that device.”

Apple Pay will change the way you pay. When you add a credit or debit card with Apple Pay, the actual card numbers are not stored on the device nor on Apple servers. Instead, a unique Device Account Number is assigned, encrypted and securely stored in the Secure Element on your iPhone or Apple Watch. Each transaction is authorized with a one-time unique number using your Device Account Number and instead of using the security code from the back of your card, Apple Pay creates a dynamic security code to securely validate each transaction.

http://theslanted.com/2014/09/16690/apple-pay-how-it-works-and-when-you-can-use-it/

==========

Same info on Cnet

CNET said:
The second hardware solution is the real key to keeping our financial information locked away: the secure element.

Built as a chip and only available in the iPhone 6 and iPhone 6 Plus, the secure element is where your financial information is stored. It is only accessed when a random 16-digit number must be generated for a transaction. The data stored on the secure element never makes their way onto your phone's software, so even if someone hacked your operating system, there would be no way to extract your financial information.

...

At the register, you'll tap the top edge of your phone to the credit card terminal, which is where the NFC chip is located. Your iPhone will then prompt you to scan your finger on the Touch ID button. The phone will then access the secure element to generate a random, 16-digit number that mimics your "real" card number. That information gets sent back to the NFC chip, which sends it to the POS. From there, the payment finishes processing as usual.

Not only does the tokenization happen with the help of the secure element, but none of your financial information is stored in the retailers servers, Apple's servers, or your iPhone. Plus, according to Apple, the company does not keep track of your purchases.

http://www.cnet.com/how-to/apple-pay-how-it-works-security/

==========

Apple Themselves

Apple said:
Every time you hand over your credit or debit card to pay, your card number and identity are visible. With Apple Pay, instead of using your actual credit and debit card numbers when you add your card, a unique Device Account Number is assigned, encrypted and securely stored in the Secure Element, a dedicated chip in iPhone and Apple Watch. These numbers are never stored on Apple servers. And when you make a purchase, the Device Account Number alongside a transaction-specific dynamic security code is used to process your payment. So your actual credit or debit card numbers are never shared with merchants or transmitted with payment.
 
Last edited:
I don't really use any of these third party services so can someone answer the following related to credit card, apple pay, google wallet, and paypal?

Let's say I have a credit card which gives 1% cashback as rewards, purchase protection/insurances, and extended warranty. Let's also say this card is linked to all 3 services.

If I make a purchase for lets say a $1000 item if I use the credit card directly I know -

- cost will only be $1000, no other fees either from the merchant or the payment source/CC issuer.
- I get 1% cashback ($10) through the CC issuer.
- I get purchase protection (chargebacks, accident, theft, etc.) through the CC issuer.
- I get extended warranty through the CC issuer.

How do these 4 points apply to Apple Pay, Google Wallet and using Paypal?
 
Your post was nonsense.

Google Wallet stores your card number and information on Google's servers. Apple Pay stores it in an enclave on the iPhone and does not transmit it. Biometric authentication is required to initiate an Apple Pay transaction on every device; there is no equivalent requirement on Android devices, because not all have biometric readers, or an equivalently secure alternative. Apple never sees or knows your card number, it's not centrally stored somewhere else. This is all extra security just on the user side.

Where Apple really succeeded is on the back end, where they assumed some of the fraud risk by requiring Touch ID, and then managed to get the major card issuers and banks on board with their single solution. So now when all those POS terminals are replaced over the next 24 months to support chip and pin, they're also going to support Apple Pay. This is a huge deal; Google did nothing to assist with the infrastructure and POS side of NFC implementation, they just added it into Android and offered to hold on to your card number for you.

Apple's timing and implementation is way better than Google's, and as a result their method will be more widespread and taken more seriously than Google Wallet. Whether or not it works remains to be seen, but they've already embarrassed Android's NFC deployment.

But continue thinking that being first to something is more important than doing it right. How's that working out for, say, the Galaxy Gear?

The tech behind the security is basically the same behind Google Wallet, ISIS, and Apple Pay. Hell, Apple isn't even handling the tokenization (This is done by the bank).

Also, security of the NFC is same across since they all require a pin to activate. I'm pretty sure Apple Pay allows for a pin input when a finger print isn't accessible. It is already confirmed by Apple that a pin is used when paying with an Apple Watch. From security standpoint, Apple Pay is a bit less secure since they allow access via pin or finger print (so security is only as strong as the weakest link).

Anyways, the only innovation of Apply Pay is their leverage to charge banks 0.15%!!! Kudos to Apple, but its going to hurt implementation via cost barrier. No way the banks aren't going to pass this fee down to the merchants. This is a huge considering alternative NFC payment via Google Wallet, ISIS, Pay Pass are basically free.

To put in perspective, competitive credit card processors only charge 0.10-0.15% for a business that does hundreds of thousands of CC transaction. If your volume is in the millions, you can get rates as low as 0.03-0.05%. These % cost are on top of what VISA, Master, and AMEX charge.
 
The tech behind the security is basically the same behind Google Wallet, ISIS, and Apple Pay. Hell, Apple isn't even handling the tokenization (This is done by the bank).

This is sort of like saying all phones are rectangles. Implementation matters. The security is not the same.

Both sides need to support tokenization. The user side has to know to send a tokenized number to the card issuer for payment authentication.

To my knowledge the Apple Pay uses the credit card already on file with Apple for your App Store (I Could be wrong, but that is one thing I do remember seeing in one of the articles) … so its stored on a Apple server.

This is false. You do not need to add a credit card number to iTunes to use Apple Pay. They are entirely different systems. Apple Pay expressly does not require you to send your credit card number to Apple. You add your card number to Passbook, which stores the number in a Secure Enclave chip on the iPhone directly. It is not uploaded to Apple.
 
Ahh I was unaware that google stopped relying on the secure element (Havent looked into it since my G.Nex ages ago).


@Terpfen, I must have mis-read the article, not planning on getting an iPhone 6, but htis is def. one of the reason I had not purchased one in the past. Thanks for the info.
 
I don't really use any of these third party services so can someone answer the following related to credit card, apple pay, google wallet, and paypal?

Let's say I have a credit card which gives 1% cashback as rewards, purchase protection/insurances, and extended warranty. Let's also say this card is linked to all 3 services.

If I make a purchase for lets say a $1000 item if I use the credit card directly I know -

- cost will only be $1000, no other fees either from the merchant or the payment source/CC issuer.
- I get 1% cashback ($10) through the CC issuer.
- I get purchase protection (chargebacks, accident, theft, etc.) through the CC issuer.
- I get extended warranty through the CC issuer.

How do these 4 points apply to Apple Pay, Google Wallet and using Paypal?
Apple Pay is directly partnered with VISA/MC/AMEX and major banks, developed in consortium. You maintain all benefits.

Cost to you $1000
You get cash back rewards, even as it pertains to specific categories.
Merchant gets hit with normal ~1.6% fee to VISA.
Apple takes .15% of that 1.6% away from VISA and pockets
You get extended warranty.

You’ll still enjoy all the benefits, service, and rewards your current Chase card offers.
http://www.loopinsight.com/2014/09/10/chase-sends-out-mass-apple-pay-mailing/
 
So essentially the process is "transparent" (not sure the correct term here) to the end user other than the actual payment method (using your phone, or I guess watch, instead of your plastic card)?

So the question then is how this stacks up to for example other options like Google Wallet? I can't seem to find the answer to this using search. Although something does turn up saying Google directly charges the user 2.9% for CC transactions (or just adding funds?)?

As long as the extra fees Apple charges(earns) are not directly passed onto the consumer who specifically uses Apple pay I'm not sure why that matters other than affecting merchant adoption rate.
 
So essentially the process is "transparent" (not sure the correct term here) to the end user other than the actual payment method (using your phone, or I guess watch, instead of your plastic card)?

So the question then is how this stacks up to for example other options like Google Wallet? I can't seem to find the answer to this using search. Although something does turn up saying Google directly charges the user 2.9% for CC transactions (or just adding funds?)?

As long as the extra fees Apple charges(earns) are not directly passed onto the consumer who specifically uses Apple pay I'm not sure why that matters other than affecting merchant adoption rate.
google wallet is free. That 2.9% fee is for sending someone a cash advance on credit card.

No first hand experience, but per their documentation, Google Wallet is far less transparent.

You may get neither cash back, nor insurance.

You may not earn certain reward points and benefits for purchases through your card issuer's credit or debit card rewards program (such as overall spending and purchase protection or insurance). Keep in mind that for purchases where Google Wallet facilitates the payment and then charges your selected card, the amount charged to your registered card is charged by Google Wallet and not by the merchant where you make a purchase.

Rewards and benefits, if applicable, will be decided by your card's issuer. Your card's issuer (not Google Wallet or The Bancorp Bank) determines and is responsible for whether rewards points or other benefits apply to these purchases.

If you receive additional rewards when shopping at a specific merchant, these benefits may not be applied when using Google Wallet.

https://support.google.com/wallet/answer/2688794?hl=en&topic=2467414&ctx=topic
 
We actually talked about this at work yesterday. The general consensus was that Google may have been first, and maybe even better, but it doesn't matter because they're not Apple. Now that Apple and the iPhone brand name have been thrown behind it, expect to see it take off, purely on the brand name recognition.

Definitely have to agree there. Even though I don't have an iPhone or use Apple that much they still play an important role for everyone. If Apple wasn't there to get people to flock to the payment system it likely would never be implemented. They have the pull to get things done that others might not be able to.
 
Definitely have to agree there. Even though I don't have an iPhone or use Apple that much they still play an important role for everyone. If Apple wasn't there to get people to flock to the payment system it likely would never be implemented. They have the pull to get things done that others might not be able to.

Apple's pull exists because their implementations are generally superior. Google's implementation was not secure enough for the user, and not reasonable enough for the merchants. They also refused to assist in POS upgrades. Lastly, only some Android devices support NFC, so yet again the platform's fragmentation kills feature support.
 
Apple's pull exists because their implementations are generally superior. Google's implementation was not secure enough for the user, and not reasonable enough for the merchants. They also refused to assist in POS upgrades. Lastly, only some Android devices support NFC, so yet again the platform's fragmentation kills feature support.

So you're saying the iphone has a 99% upgrade rate? Because technically wouldn't the iphone be fragmented? I mean from the point of view you people look at things the entire iOS system is fragmented. The Nexus line of android phones has had NFC since the 2nd generation so in a sense, Google has 80% of their devices adopting the technology. Which puts iPhone at what, 15%?

And how was Googles implementation not secure enough? And not reasonable? It's free and works with all current card machines with NFC input. If by not reasonable you mean they didn't pay hundreds of millions of dollars to major card corporations to push their machines to retailers. Then I guess Google was being unreasonable by offering a free service that makes use of something major card companies already had implemented but were too lazy to support.
 
That's currently true of iPhones as well.

Not really. iOS 8 emphasizes adaptive app UI layouts. You design your app and then the OS adapts it to the screen size of the device. Developers merely need to write for iOS 8 and they'll automatically be supported on devices as far back as the iPhone 4s and iPad 2.

That's anti-fragmentation.

So you're saying the iphone has a 99% upgrade rate?

iOS 7 has a 90% adoption rate as of July 14, 2014.

And how was Googles implementation not secure enough?

Storing your credit card number on Google's servers, with no local safeguards specifically against unauthorized use. To contrast, Apple Pay doesn't require you to upload your card number to Apple, and you have to use biometric authentication at the time of payment (so someone who steals your phone while it's unlocked and manages to run to an NFC terminal still can't use your card).

Then I guess Google was being unreasonable by offering a free service that makes use of something major card companies already had implemented but were too lazy to support.

Yep, it's the fault of everyone except Google.
 
Back
Top