Apple Pay and the problem with credit cards.

/Apple Pay and the problem with credit cards.

Credit cards are awesome, but also suck. Kirk Lennon gives a pretty good explanation why.

Lennon also goes into Apple Pay, a.k.a. Apple’s new “point your phone and pay” system. It’s… actually pretty hardcore ingenious, essentially transmitting “single use” credit card numbers to merchants for transactions. The idea is to prevent merchant-side fraud and security breaches (think all those times companies have come forward shuffling their feet admitting someone hacker has torn all the credit card numbers out of the databases).

The credit card companies are on board with Apple partly because they like making money (more people using credit cards = more transaction fees to credit card companies, and Visa doesn’t give a shit if you use a physical card or a “softcard” in the form of your phone), but also because they don’t like losing money (credit card companies are usually liable for fraud committed with their cards, and nearly all of that fraud happens because merchant and user security is lousy).

Meanwhile, once the service is implemented, Apple gets to sit back and make money merely by existing. It is a really fucking ingenious move on their part; remember that, at the moment, a lot of the hate that comes from content producers (publishers, the music industry, app developers, and so on) towards companies like Apple (and Amazon, and Steam) is because said companies monopolise the information of customers. Customer data is really freakin’ valuable. By sending out what are, in effect, one-time credit cards to merchants, Apple is blocking them from tracking the long-term spending profiles of customers. This really shits the big retailers off, which is why a bunch have, at the time of writing, blocked Apple Pay in an attempt to institute their own, crappier, alternative.

Point being, while a lot of people gave Apple Pay shit when it was announced ([insert obligatory “hur hur Apple is expensive” joke here]), the system does actually seem to be a pretty significant improvement on current infrastructure, at least from a security standpoint.

As for usability? Hard to say. Credit card chip+PIN just got phased in here at the expense of signatures, and I will say it is miles faster, particularly for PayPass transactions under $100 which don’t require the PIN (you just wave your card at the reader). It’s actually difficult to see that Apple Pay will be more user-friendly than PayPass, except maybe on the basis that my phone is usually more accessible (in my pocket) than my credit card is (in my wallet in my handbag). But, yanno. As a general rule, as a white collar upper-middle DINK, I’m always interested in technologies that make it easier for me to spend money. So… yeah. We’ll see.

2017-07-17T11:37:15+00:00 24th December, 2014|Tags: apple, apple pay, infosec|1 Comment

One Comment

  1. Kirk 30th December, 2014 at 9:22 am

    As a correction, the payment token (aka fake credit card number) is not single-use. When you add a card to Apple Pay, a single token is generated by the bank/payment network and stored on your phone. Every time you use that card with that phone, the same token is used. This is OK, however, because unlike a normal card number, this token can be used only with Apple Pay and the dynamic security code that your phone knows how to generate. If you were able to steal that number from a merchant, you couldn’t use it on a website, or load it onto a fake credit card to use; the number would be declined when you tried to use it.

Comments are closed.