Tech News
Just how secure is Apple Pay? Uh oh.
(Tech News) With Apple Pay being a key feature of the new Apple devices, consumers begin to wonder, just how secure is the Apple Pay feature?
All hail the Apple Pay system
One of the best features of the new iPhone is the Apple Pay system. It allows iPhone 6 users to take a picture of their credit cards, verify the numbers, and add them in to their Passbook so they can use these cards at a later time.
This is also supposed to allow the user to pay without ever providing the business with their credit card number. But, they seem to have forgotten that not every one will use this feature as intended. Some people may scan a credit card and begin to use it without the cardholder’s permission.
Consumer Reports (CR) actually gave this potential problem a test drive. Glen Derene, from CR, scanned and verified a few credit cards that were in his name and then proceeded to add two of his CR co-worker’s cards (presumably with their knowledge).
It looked like it was going to work, at first, but when prompted to verify by email, text, or a customer service call, using it would be difficult. This two-step verification system would require access to the cardholder’s email, phone, or the ability to answer security questions with customer service.
However, if you think about this in terms of theft, it becomes a bit worrisome.
Why this is so worrisome
Say you leave you purse at a restaurant and do not realize you have left it until you are almost home; if someone were to take it, they would more than likely have access to your phone and your credit cards. Theoretically, someone could add and verify your cards, since they likely have your phone from your purse. If you enable the passcode feature on your phone, this would of course, slow any thieves down a bit, but it is still a bit worrisome.
According to CR, Apple Pay works by a process known as credit/debit card provisioning. “You aim the camera of an iPhone 6, 6 Plus, or one of the new iPads at a credit card and the device reads the card number, customer name, and expiration date off the face of the card, then encrypts that data and sends it to Apple’s servers.
Apple then displays any terms and conditions to which the card-issuing bank needs the customer to agree. Once those terms and conditions are agreed to by the end user, the Apple Pay servers send information from the device (which can include the last four digits of the phone number and location information) and info from the user’s iTunes account to the bank for verification.
No additional verification needed
When Derene attempted to add his wife’s card, it was added with no additional verification necessary. She knew he was attempting to use it, but he was not an authorized user on the account.
Derene stated, “that was unexpected, since it is my wife’s private card, and she has never authorized me as a user. Also, that card isn’t associated with our family iTunes account. In fact, I have no current financial relationship with Citibank at all,” and yet he was allowed to fully use her credentials as if he had the actual card in his hand, making several purchases.
Derene did reach out to Citibank to ensure this was not just an unfortunate glitch, and was told sine he had all the vital information, including the same verified address, the system assumed he was authorized. He also reached out to other financial entities involved with Apple Pay, and no one really wanted to provide much detail about how provisioning works. Not too comforting considering the amount of damage that could be done, should your credit card information fall into the wrong hands.
In defense of Apple Pay
In defense of Apple Pay, there have been instances were credit card information has been stolen through air waves, as well as, several cases of major corporations’ data files being hacked.
Basically, your credit card information has the potential to be stolen any time you use it, but if you use Apple Pay, you may want to take a few extra steps to ensure it stays a little bit more secure: enable a pass code, make sure your credit card fraud alerts are enabled so you know if your card has been used, and regularly check your statements to ensure all purchases were made by yourself or an authorized user.
But, they do need to mandate a two-step verification regardless of whether or not your possess all the “correct” information.
Tech News
Nate app: $38M Series A fintech startup you should keep an eye on
(TECHNOLOGY) The nate app combines the best of social media and shopping into one platform, streamlining the check-out process for hassle-free purchases.
No one likes to hop around from store to store searching aimlessly in aisles for all of their necessary items. That’s why the big guys win, like Walmart, Amazon, and Target – they have all you need in one swoop! Users choosing to shop online feel the same way. Having to reenter payment, billing, and shipping information over and over again becomes a pain – or worse, a deterrent to purchase, resulting in cart abandonment- that’s where the nate app comes in.
Nate combines the best of social media and shopping into one platform.
The well-funded, series A startup utilizes artificial intelligence (AI) to complete purchases seamlessly without all of the fluff a user discovers when checking out at various online retailers. Once a user inputs shipping and payment information into the app during sign-up, nate keeps the data on file for subsequent purchases, virtually eliminating the time-consuming check out process. If a user sees a product they like from an online merchant, they simply have to “share” the item to the nate app, and it will take care of the rest.
Unicorner’s startup analysis states, “In essence, nate is bringing the benefits of shopping on a centralized platform like Amazon to a decentralized shopping ecosystem.”
With a nod to Pinterest and LikeToKnowIt, the platform allows for users to create visual product lists on a personal account that can be shared with followers. If a follower likes an item they see, they can purchase the item in-app in just a click or two.
In contrast to the big wigs of the social media world, the nate app hopes that users will purchase based on true inspiration and not a targeted algorithm suggesting what they should buy. Instead, the app runs its business model on a $1 fee for each transaction which covers the ability to issue virtual cards, protect online privacy, and apply available discounts.
The nate app simplifies gift giving as well. Users are able to select a gift item and enter the recipients phone number – if the recipient is a nate app user, it can be shipped directly – otherwise, they will receive a text asking them where to send their new gift! This makes it a perfect choice for the upcoming holidays (yes, 2021 is almost over…whew).
To stay up to date on everything nate, download it now on the App Store.
Tech News
Facebook deletes developer over ironic browser extension invention
(TECHNOLOGY) Think a muted week for a nipple shadow is bad? Facebook just permabanned this inventor for…helping others to use the platform less.
It must be true that corporations are people because Facebook is pulling some seriously petulant moves.
In a stunt that goes beyond 24hr bans for harmless hyperbole, and chopping away at organic reach (still bitter from my stint in social media management), Facebook straight up permanently banned one of their users for the high crime of…aiming to get people to use the platform a little less.
Developer Louis Barclay came up with Unfollow Everything, an extension that basically instantly deleted your feed without having you unfriend anyone or unlike anything. Rather than have users manually go through and opt out of seeing posts, they’d now opt IN to keeping who they wanted front and center.
In his own words on Slate: “I still remember the feeling of unfollowing everything for the first time. It was near-miraculous. I had lost nothing, since I could still see my favorite friends and groups by going to them directly. But I had gained a staggering amount of control. I was no longer tempted to scroll down an infinite feed of content. The time I spent on Facebook decreased dramatically. Overnight, my Facebook addiction became manageable.”
Since more time spent on Facebook means more ads that you’re exposed to, means more you spend, the add-on started slowly making headway. I myself pretend to be a ranch owner to keep ads as irrelevant to me as possible (though my new addiction to hoof trimming videos is all too real), and Unfollow Everything probably would have been a great find for me if it hadn’t been killed by a cease and desist.
Law firm Perkins Coie, representing the internet giant, let Barclay know in their notice that Unfollow Everything violated the site’s rules on automated collection of user content, and was muscling in on Facebook trademarked IP.
They also added, in what I can only assume was a grade-school narc voice, that the add-on was “encouraging others to break Facebook’s rules.”
Barclay, not having the resources to fight a company with the finances of a small country, promptly ceased and desisted. Practical.
Officially speaking, Facebook might have actually have some ground to stand on vis-à-vis its Terms Of Service. The letter and legal team may have been warranted, not that we’ll ever truly know, since who’s taking Facebook to court? But then they followed up with a ‘neener neener’ deletion of Barclay’s 15 year old account – which was still very much in use.
Look, Facebook is the only way I connect with some of my friends. I don’t take enough pictures to make full use of Instagram, I fully hate Twitter, my Tumblr is inundated with R-rated fanfiction, and any other social media platform I’m happy to admit I’m too haggish and calcified to learn to use. So a complete WIPE of everything there with no notice would be pretty devastating to me. I can only imagine how Barclay felt.
And in light of the fact that the browser extension wasn’t hurting anyone, taking money, or spewing hateful rhetoric, there’s really only one thing to say about Facebook’s actions…they’re petty.
Sure, they may have the legal right to do what they did. It’s just that when you notice every fifth post is an unvetted advertisement, their high ground starts to sink a little. I mean nothing says ‘We’re being totally responsible with user information’ like the number of add ons and user tactics popping up to avoid seeing the unnecessary. This isn’t the first time we’ve seen Facebook put up a fight against losing ad traffic.
We all know all those stores with amazing deals aren’t actually going out of business, or even using their own photos right? Right?
Barclay added in his article, “Facebook’s behavior isn’t just anti-competitive; it’s anti-consumer. We are being locked into platforms by virtue of their undeniable usefulness, and then prevented from making legitimate choices over how we use them—not just through the squashing of tools like Unfollow Everything, but through the highly manipulative designs and features platforms adopt in the first place. The loser here is the user, and the cost is counted in billions of wasted hours spent on Facebook.”
Agreed, Mr. Barclay.
Now I’m off to refresh my feed. Again.
Tech News
Glowbom: Create a website, using just your voice
(TECH NEWS) Talk about futuristic! This app allows you to create quizzes, surveys, an online store, and even a website in minutes–without typing.
-
Opinion Editorials2 weeks agoWhy tech talent is in the process of abandoning Austin
-
Business News1 day agoLeadership versus management: What’s the difference?
-
Business Marketing1 week agoHow many hours of the work week are actually efficient?
-
Business Marketing1 week agoJack of all trades vs. specialized expert – which are you?
-
Opinion Editorials3 days agoArt meets business: Entrepreneurship tips for creative people
-
Tech News1 week ago4 ways startups prove their investment in upcoming technology trends
-
Business News1 week agoUnify your remote team with these important conversations
-
Business Marketing1 week ago3 considerations when marketing in an era of uncertainty
wonderYrednow
October 26, 2014 at 11:14 pm
Or maybe using the fingerprint pass code on the iPhone 6 would slow down potential thieves.
Of course, if you cut off your finger and left it in your purse….well, that would speed things up for the thieves.
jmmx
October 26, 2014 at 11:17 pm
Interesting article with some good points.
I do have some issues with this:
“Say you leave you purse at a restaurant and do not realize you have left it until you are almost home; if someone were to take it, they would more than likely have access to your phone and your credit cards. Theoretically, someone could add and verify your cards, since they likely have your phone from your purse.”
First – if you lose your cards than you have problems Apple Pay or not.
More importantly, Apple Pay usually works with Touch ID. TID requires you to have a passcode. Assuming your their does not know your passcode then he is locked out of your phone.
If you get all the way home before realizing you lost your purse, the first thing to so would be to get on your computer, and use Find mi iPhone to deactivate it, then call the credit card companies to notify them.
If you lose your physical cards to thieves, you will always have problems. If you did not have your cards with you because you knew you had your iPhone, will that certainly would be better.
Michael Long
October 27, 2014 at 9:54 pm
“More importantly, Apple Pay usually works with Touch ID. TID requires you to have a passcode. Assuming your their does not know your passcode then he is locked out of your phone.”
It doesn’t usually work with Touch ID, it requires it. You can’t use Apple Pay on a device without a passcode set and Touch ID enabled. Disable Touch ID and/or the passcode, and you lose the ability for the system to access the encrypted token in the Secure Enclave.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 2:26 pm
I’ll stick with Apple Pay for secure transactions. The above scenarios are associated with physical card theft. Apple Pay or not, If someone gets ahold of you card, you are screwed. There is bandwagon effect in play to shoot holes in Apple’s security measures. Apple has taken an existing standard and made it better.
Sour grapes will always bring forward dubious criticism. You will see arrows flying from the supporters of Merchant Customer Exchange (MCX). MCX has actual security flaw as opposed to the circuitous flaws leveled against Apple Pay.
rolandestrada
October 27, 2014 at 4:29 pm
The final answer is very secure.
Michael Long
October 27, 2014 at 9:51 pm
This has to be the stupidest article I’ve ever seen. If a woman leaves her purse behind with a bunch of credit cards in it… SHE’S ALREADY LOST THE CARDS!
Further, you just need to jot down the numbers to steal them. The phone’s not needed at all.
But since you seem to think that they’re equally insecure, let’s try this. We both go to a seedy bar. You leave your wallet with credit cards behind, and I’ll leave my Apple Pay-enabled Touch ID protected iPhone behind.
We then wait to see whose card numbers get stolen first, and whose appear second (if at all).
Alfiejr
October 28, 2014 at 4:07 am
anyone that doesn’t have Passcode turned on is an idiot begging to be ripped off. not to mention TouchID makes Passcode drop dead easy to use and airtight (don’t insult us with James Bond latex finger mold scenarios – damn few of us are international spies) for Apple Pay devices.
the CR guy got his wife’s card to work because the accounts’ address was the same. so Citibank was sloppy – drop them. but i got separate email notices for each credit card i scanned in – all my own. Chase was not sloppy – use them.
rolandestrada
October 28, 2014 at 4:15 pm
Research is critical when writing articles like these. It’s easy to get clicks with inflammatory headlines. But when the facts fall down in the main article trouble ensues. Take a look at the flack of over CurrentC’s 2015 rollout of its’s payment system. CurrentC is the reason behind CVS and other merchants banning Apple Pay and Google Wallet as forms of payment. Even though some of these merchants have had NFC payments enabled for some time.
These merchants have banned NFC not because it is inherently insecure but because they have contractual obligations with CurrentC.
There are two good articles on this subject – John Gruber at Daring Fireball and Josh Costine at Tech Crunch. It’s a follow the money scenario.
rolandestrada
October 28, 2014 at 5:46 pm
If you have doubts about Apple Pay security versus CurrentC, go take a read of Nick Arnott’s post on iMore. CurrentC as a story is exploding all over the net. Will it cause CurrentC to implode before it actually launches? One can only hope. Take a look at the one star reviews of CurrentC on the iTunes app store. Hilarious!!.