back to article Payment security bods: Nice pay-by-bonk (hint: NO ONE uses it) on iPhone 6, Apple

Apple's confirmation that the iPhone 6 will enable contactless payments via NFC has received a broadly positive reaction from security firms and payment-processing vendors. Apple said it wouldn't access any payment data, so the transaction would take place between a user, bank and retailer. ‪This privacy, along with ease of …

  1. Phil O'Sophical Silver badge
    Thumb Up

    The technology is compatible with the upcoming Apple Watch as well

    So if I get a small POS handset and put it in my pocket, which is at just about the height where most peoples wrists are when walking, I can just mingle with the crowds in any Apple store and cream off cash everytime someone's wrist brushes my coat? Great!

    1. Steve Davies 3 Silver badge

      Re: The technology is compatible with the upcoming Apple Watch as well

      Only if they are holding their phone the 'wrong way' {sic}

      apparently (and I could be wrong) you have to have:-

      1) Selected a card to use from the wallet

      2) Have your 'key' finger over the correct place on the handset so that 'secureID' can validate it.

      The Watch would no doubt be paired with the phone and then hopefully and payment related comms between the devices would be encrypted. The jury is decidedly out on that one though.

      I fully expect that there are a lot of so called security experts out there just itching to get their hands on these devices so that they can try to find the holes in the Apple approach and then tell the world by shouting it from the rooftops.

      1. Sir Sham Cad

        @Steve Davies 3

        That sounds like needing to have your finger over the home button on the phone for the biometric auth at the same time you bonk your Apple Watch against the reader. Which means you've already got your hand on the phone which surely means it's easier to just bonk the phone, unless I'm really picturing this wrong.

        With my bank card all I need to do (apart from having some actual money in the account) is bonk it for transactions < 20 quid so I'd expect the same convenience from the watch. Maybe the watch can select the card and is pre-authenticated for a certain amount of time with a secureID session?

        As much as it pains me to say it, if nowt else FruitCo have restarted the NFC conversation.

        1. big_D

          Re: @Steve Davies 3

          Hmm, you need to get your phone out, unlock it, choose a credit card, touch a button and hold the watch (or phone) against the NFC reader?

          Why not just pull out your plastic pal, which over here is already NFC enabled, and tap it against the NFC reader and enter your code?

          1. Anonymous Coward
            Anonymous Coward

            Re: @Steve Davies 3

            Why not just pul out a £10 note and hand it over? Job done.

            1. Anonymous Coward
              Anonymous Coward

              Re: @Steve Davies 3

              Right, pull out a tenner for all the muggers to see that you carry cash!

              Oh, hang on...

              1. beast666

                Re: @Steve Davies 3

                Yeah, much better to whip out your iPhone 6 Plus and flash your 18k gold Apple watch...

                Oh, hang on...

          2. Anonymous Coward
            Anonymous Coward

            Re: @Steve Davies 3

            Because very few cards in the US have NFC.

            In my wallet I have 6 cards from various US and UK banks - none of them have NFC

  2. Anonymous Coward
    Anonymous Coward

    Too late

    I've just been to Palo Alto, nobody buys anything at merchants. It's all Amazon. There are no taxi cabs because it's all Uberx. This will be relegated to a morning coffee.

    1. Kraggy

      Re: Too late

      But since we in Europe are doing our usual Ludd impressions, Uber is being banned left, right and centre so that argument is largely moot.

      1. Haro

        Re: Too late

        Regarding Uberx being banned, won't Europe have to go totally Poutine to stop it? At the core, it is informal ride sharing, which gov't has encouraged. Now they'll need Uber-trap cars, and sexy Uber-cops to suck people in. Tourists will be horrified when the Uber-arrests start.

    2. Steve Davies 3 Silver badge
      Joke

      Re: Too late

      Isn't Palo-alto the hipster capital of the world? Have you beein infected? Are you in danger of becoming a 'hipster Zombie'?

      1. Haro

        Re: Too late

        I was there one day, and we had an earthquake! My son, though, goes to Stanford, and lives there. No hope for him.

    3. James Delaney
      Gimp

      Re: Too late

      Apple already announced a partnership with Uber for the "Ride Now" feature. I imagine retail apps will want to support Apple Pay as it potentially reduces friction for purchases. So they look to have that covered too, at least in terms of mobile commerce.

  3. hammarbtyp

    NFC useful or not debate Depends where you live

    I can forsee a split in a opinion on this technology between the States(which after all is Apple's main market) and the rest of the world because basically everyone outside the states uses chip and pin which is pretty secure, while the states still mag stripe technology and signatures, which in terms of security is pretty laughable.

    So basically in the states anything is better than the current system, while every where else the gains are not so apparent.

    1. big_D

      Re: NFC useful or not debate Depends where you live

      And in parts of Europe NFC has been active for a while now.

      In Poland the banks were offering NFC stickers for non-NFC capable phones for tap-to-pay last year...

      1. Bush_rat

        Re: NFC useful or not debate Depends where you live

        Yeah Commbank in Australia have been offering all of that too. You can get PayPass NFC Credit Cards that have the chip and the mag stripe as the new standard. You can use NFC from pretty much any new phone that has NFC or get a sticker that does the same thing. You can even use the Commbank app on your phone to get cash out of any ATM now remotely.

        You request to withdraw money from the app itself, it gives you a code and a temporary pass key, you take both to an ATM and it spits out the cash. Really handy for sending money to friends and family.

    2. R 11

      Re: NFC useful or not debate Depends where you live

      Though in the US, I'm required by law to carry my driver's license and therefore my wallet goes with me every time I drive. If I was in the UK, I don't need my driver's license (since I'm old enough that no one IDs me anymore). I could just grab my phone before going out and have one less thing to carry.

  4. cs94njw

    Help me out here...

    So Android (Samsung S3) had NFC 2 years ago, and no-one took it up (much to my annoyance!)

    What's changed now? Is there something new that NFC didn't have then? Is it just that Apple (the brand for the rich, but gradually the more niche) is now behind it?

    1. James Delaney

      Re: Help me out here...

      If Apple manage something it's getting people to do more technical stuff without realising. Enabling it on the Apple devices, linking it to you already existing iTunes account, which already has your card details, may take enough of the effort out of it that those with their gold iPhones might give it a try.

    2. This post has been deleted by its author

      1. R 11

        Re: Help me out here...

        Well, here it was the banks and mobile networks that didn't want to work with Google in a way that would allow Wallet transactions to go directly from merchant to bank. That, as I understand it, is why Google had to accept the payment and then effectively pay the merchant with their own card.

        The reason was all the banks and mobile networks wanted a piece of the action, so we had various competing proposals that worked on some networks with some card issuers on some phones. And unsurprisingly there was no consumer take up.

        After the banks and networks realized they couldn't do this, the ground was open for Apple to take advantage.

      2. Anonymous Coward
        Anonymous Coward

        Re: Help me out here...

        Google have also shown that they will randomly drop support for something with little notice, no matter how useful it is, if it doesn't fit with their advertising and data slurp goals.

        Those of us who pay attention are therefore very leery about committing to anything produced by Google

    3. Fazal Majid

      Re: Help me out here...

      The issue is cellcos, banks and handset manufacturers were all angling for the pie. If they couldn't succeed, they would make sure the others failed. Net result: stalemate. Verizon disabled NFC and the Secure Element in the phones they sell, for instance (they want the SE to reside in the SIM card where they can control it, not in the phone where the handset manufacturer is).

      Apple clearly has cut a deal with the banks where they agreed not to take a cut or collect data, so they have a better chance of getting adoption on the merchant terminals because banks won't actively sabotage their efforts the way they did with Google, Samsung or Verizon.

      On the flip side, this system is built on a foundation of quicksand, the terminally insecure credit card number. It's not clear how it will handle the 2015 transition to EMV.

      1. Anonymous Coward
        Anonymous Coward

        Re: Help me out here...

        Apple's system is NOT building on the credit card number. It uses a one time code, so if the merchant's systems are compromised it doesn't matter.

        Essentially Apple Pay is EMV, arriving a year early.

  5. AMBxx Silver badge
    Coat

    My new Amex has pay by bonk

    Pair of scissors and a small cut on one side soon stopped it though.

  6. Uberseehandel

    Contactless Payments - Not Thought Through

    In the UK, the limit for contactless payments is GBP 20. In other words, not a lot.

    So the most likely retail outlet that a user would seek to make a contactless payment is the local store, where folk go for papers, milk, small grocery items. Very few local stores use the internet to link their payment terminals to their card payment supplier, most still make a (time consuming) telephone call. I have asked storekeepers why they don't use their internet connection and I am told that the charges are too high, I have been surprised by the amounts quoted.

    Pay By Bonk (PBB) is unlikely to have a strong uptake if payment authorisation is slow, or if shopkeepers place a minimum payment amount limitation on transactions.

    1. DainB Bronze badge

      Re: Contactless Payments - Not Thought Through

      in Oz it's $100 AUD, which is more than enough for someone to buy few bottles of schnaps using stolen card without any authorization whatsoever.

    2. jonathanb Silver badge

      Re: Contactless Payments - Not Thought Through

      I pay for my lunch at Tesco and Waitrose in London using pay by bonk, using a bank card which is much quicker than getting the phone out and loading the appropriate app.

  7. Anonymous Coward
    Anonymous Coward

    Obvious question.

    What about Android's 85% marketshare, were a hefty amount of those are also NFC equipped and have been for years.

    1. Jonathan 29

      Re: Obvious question.

      As with most things in Android land it is a mess of competing carriers, handset manufacturers and os versions. Everyone wants to cream money off of mobile payments, but they can't agree on how. Apple should help them come together.

    2. Anonymous Coward
      Anonymous Coward

      Re: Obvious question.

      As someone who has written an NFC payment application for a few banks, I can tell you that it was a complete waste of time (I still get paid, so I don't care).

      It was just a "me too" band wagon, solving a problem that doesn't exist.

      Perhaps Apple will make it fashionable and then it might catch on. You can imagine those "wear your wealth" types, conspicuously whipping out their iCraps at the till to buy their tat.

      1. Anonymous Coward
        Anonymous Coward

        Re: Obvious question.

        I'm hoping Zapp sort it out. http://www.zapp.co.uk/

        They seem to have everyone that matters onboard, and it's imminent launch.

      2. Anonymous Coward
        Anonymous Coward

        @AC

        Apple has done more than made it fashionable, they've made NFC as anonymous and secure as cash payment through use of one time codes and the fact that no personal information is shared with the merchant. Nor is Apple collecting data on your purchases because they make their money selling you the phone, not selling you out to advertisers.

        I always said NFC was a solution looking for a problem, and it identified something I consider a problem - the fact that using my credit card to buy stuff allows the merchant to have my name and track my purchases in places I visit frequently (like a grocery store) or that have my info on file because I've bought stuff online from them as well as in person (Best Buy, Walmart, etc.)

        Not sure if it will really be enough to get me using it regularly, we'll see, but it at least interests me enough to try it when I get an iPhone 6. If they had simply implemented NFC the same way everyone else has up until now I would have gone into settings, disabled it, and never changed it because as implemented previously it added nothing but insecurity (risk of skimming)

  8. Test Man

    I'm just hoping that this will mean that if Apple Pay will be available in the UK next year, Google Wallet will also appear at the same time.

  9. Mike Bell

    "To use Apple Pay you take a photo of your credit card to enrol it in the system. Hmm, Apple, photos and security ??? :)"

    The chances of such a photo being uploaded anywhere are about as likely as the photo being retained when you use the phone's camera in the App Store app to scan a gift card. i.e. zero.

    1. Anonymoist Cowyard
      Megaphone

      Already been branded as iSwipe

      thieving from iTwats since 2014.

  10. psychonaut

    also i could use my tshirt

    my special tshirt which has all my card details in 70 point font emblazoned on the front, so if i want to buy something, and im too lazy to get my card out of my pocket, i just stand there and the retailer just enters them into the terminal without me even having to move. its brilliant.

    i know what you are thinking.

    what about in winter?

    well, thats when my jacket, my special jacket, comes in handy.

    all bases covered, and absolutely secure.

    1. VinceH
      Joke

      Re: also i could use my tshirt

      I had a shirt like that, but just for extra security, I had the shirt made in red, with the text in white.

      But that security didn't work.

      Last week II was held up at gunpoint by someone wanting the shirt, so that they could use my credit cards. I said I wasn't going to give it up, and pointed out that if he shot me to get it (a) there'd be a hole in the shirt, which might compromise one of the card numbers, and (b) my blood is red, so they'd be unreadable anyway.

      The bastard changed his aim to my head and pulled the trigger.

      Now I'm dead, and he's spent loads of money on my cards.

      Git.

      1. psychonaut

        Re: also i could use my tshirt

        i didnt want to do penetration testing before because, you know, crims and that, they get taught odd things in prison. i wasnt sure they'd understand the semantic difference between what i was talking about, and what they might be thinking. im keen to keep my anus intact and with the grippage of a 12 year old gymnast.

        damn. theres obviously a hole the size of the wound in your head in my security precautions. its nice to know someone did some penetration testing on it...thanks for the heads up!

        i'll be using yellow on white from now on - just ordered the new garments.

        oddly, the tshirt company insist on me actually entering the details into their website to buy it!

        when i called them to say, i dont need to, you have everything you need, they hung up. odd that, but hey, they make great tshirts! apparantly mine is one of the most popular on their site. ahh, they know good taste when they see it dare i say!

  11. Irongut Silver badge

    "a whole swathe of consumers one step closer to ditching their wallets"

    Because they have no need to carry cash, ID, drivers licence, loyalty cards, receipts for expense claims, etc, etc.

    "a 248 per cent increase in contactless payments since 2012"

    2.48 x nothing is still nothing.

    "Through the use of this data-centric security strategy, Apple Pay reduces risk of data breaches and credit card theft"

    Really? Sounds like it's a greater risk to me. Data on a phone can be copied, stolen, etc by hackers or a malicious app much more easily, and without the user's knowledge, than the credit card in their pocket.

  12. David Roberts

    Loyalty cards?

    I only have one main credit card for shopping, plus a debit card for Aldi/Lidl.

    So no major hassle in carrying them around and using them.

    I have so many store loyalty cards that I need a second wallet just to carry them all around.

    Now wouldn't it be nice if I could just bonk my phone to collect loyalty points and ditch all the plastic?

    No security issues because who would want to add to my loyalty points?

    O.K. someone might like to hack my phone to substitute their loyalty card details but this isn't going to bankrupt me.

    Be nice if loyalty cards could be linked to payment cards as well.

    Ummm.....scan the bar code and have the till scan the phone screen?

    Might just try that........

    1. psychonaut

      Re: Loyalty cards?

      wouldnt it be nicer if the supermarkets just put their prices down instead of doing all this coupon nonsense??

  13. Jeff Lewis

    First clue your 'expert' may not be that much of an expert...

    When they suggest something might happen that already *has* happened...

    "Google is likely to copy Apple on the security features and then will have to enlist their handset manufacturer partners to link NFC chips to the Google Wallet. Apple has it easier in this regard since they have a closed system – ie, they manufacture the handsets and the software that runs on them. But once Google gets in the game and Android phones are enabled with more secure payments, we may actually see mobile NFC payments catch on."

    I can forgive not knowing about Google's "Tap and Pay" system, which is an extension of their older "Google Wallet" system, because (a) it's US Only and (b) it's not exactly something well known or supported... but all Google has to do now is get together with Samsung, LG and HTC and talk to the credit card companies and say 'You do know that Apple Pay is less than 1/4 of all cell phones in the US and 18% of the phones outside the US.. maybe you'd like to work with the majority group?"

    In a real sense, the only 'sea change' that this causes is to force Google to get its act together and finish something it started.

  14. Smilin' Stan

    NFC: Not Found Commonly (in northeastern US)

    A year or so ago I got an updated major bank credit card with NFC. Worked great at McDonald's (in particular, the drive-thru cashiers loved it - one less thing to do for them). The only other retailer I came across that had a NFC reader didn't have the NFC feature hooked up. The bank replaced it last month with a card with a chip, but no NFC ("There was no strong useage for it."). Chip worked OK in Europe (but since I never set up a PIN, I still had to sign receipts), but no one around here knows what it is.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like