back to article Your security is just dandy, Apple Pay, but here comes Android

Most security experts estimate that the security offered within (and by) Apple Pay is superior to that seen in existing contactless credit or debit card systems. However, the success of the technology in the UK may well depend more on commercial factors than anything else, with one payments expert warning that merchants fees …

  1. Roger B

    Security chip?

    If the special chip on the device holds the unique device account number, does that mean users need to enter their credit card details on to each device separately? but if one device is lost or stolen then the actual account details are still safe due to the secure element? That seems pretty good, but, I thought the Apple Watch (Do we capitalise that because Apple invented it I forget?) was not much more than a screen that needed to communicate with an "i" device? It still has the secure chip inside?

    1. Mike Bell

      Re: Security chip?

      The answer to each of your questions is yes.

      1. Lallabalalla

        Re: Security chip?

        Even a webpage can scan your card for the numbers using the camera - pay the Dartford Crossing toll some time and see for yourself.. So getting the device to do it should be a cinch.

    2. ThomH

      Re: Security chip? @Roger B

      We call it the Apple Watch because proper nouns are capitalised. Just like Battersea Power Station isn't capitalised because Battersea invented power stations, Tower Bridge isn't capitalised because the Tower invented bridges and the Watford Gap isn't capitalised because Watford invented gaps.

      Otherwise, yeah, it seems problematic to me from a security point of view that the watch acquires some sort of trusted status whereby as long as it doesn't realise its been removed and the related phone is within range then it authorises payments without requiring any sort of password or fingerprint. Any sort of special trusted status makes me a little uneasy. But I'm sure the article's cited security experts have factored it in; mine is at best armchair punditry.

  2. Mike Bell

    Existing cards

    Perhaps Independent IT security consultant Paul Moore would be a little less blasé about the use of existing contactless cards were he to have his card skimmed. That happened to me a few months ago, and caused me quite a bit of bother. That couldn't happen with Apple Pay and, presumably, similar systems in the pipeline.

    1. Blank Reg

      Re: Existing cards

      If it's a hassle then you need a new bank. All my cards have 0 liability and any cases of fraud have been resolved with just a single call, often initiated by the bank as they were the ones to detect the fraud.

      1. Mike Bell

        Re: Existing cards

        My cards have zero liability to me, as well. But it won't stop a bank cancelling the card when fraudulent use is detected, requiring you to get a replacement.

        1. Yugguy

          Re: Existing cards

          RFI-proof wallets

          I've got one. It looks just like any other wallet, but means the contactless Barclaycard I was forced to have can't be skimmed.

        2. TonyJ

          Re: Existing cards

          "...My cards have zero liability to me, as well. But it won't stop a bank cancelling the card when fraudulent use is detected, requiring you to get a replacement..."

          I moved from Smile to Barclays a few years ago (primarily because Smile were incapable of providing anything like real time transactions and on the odd occasion I had to phone rather than use the web portal, they'd made it almost impossible to get through to a person to speak to).

          Last year someone managed to charge a load of transactions for what appeared to be office supplies and printing services.

          Since I occasionally do buy such things, the fraud went unnoticed by the bank but I spotted it the next day on the banking app.

          One phone call later, a trip to the local branch at lunch time and I had the money back in my account, the original card cancelled and a replacement in my hand. All I had to do was sign a document to say the transactions were outside of my knowledge, consent and control.

          All very painless.

      2. fruitoftheloon
        Thumb Up

        @Blank reg: Re: Existing cards

        Blank,

        likewise, my bank rang me after brekkie, they were fairly sure I hadn't initiated the transaction due to it being circa two in the morning (which historical data suggested would be a little unlikely for me).

        On several other occasions over the lasat ten years or so, my bank (First Direct) have called me within minutes of me making a given (legitimate) transaction.

        Which I think is jolly good!

        Cheers,

        jay

    2. Anonymous Coward
      Anonymous Coward

      Re: Existing cards

      Place contactless card in special skim-proof wallet.

      Job done.

    3. Sgt_Oddball

      Re: Existing cards

      That couldn't happen with Apple Pay yet.

      FTFY

      1. chr0m4t1c

        Re: Existing cards

        In order to do it with Apple Pay (and similar), the skimmer would have to validate the transaction on the device, which you would probably notice. At the very least it's no longer skimming.

        In addition to that the authorization token generated by the device is single use, so they couldn't repeatedly charge the account from a single skim like they can now.

        I would also note that cards that issue single-use tokens are in the pipeline already, which will make skimming less lucrative in future for the same reason.

  3. Richard Jones 1
    Meh

    Watch Out for Flat Battery Syndrom

    See the warning from the London Transport system about boarding a train by using a phone and then leaving at the end of the journey with a flat battery and getting billed the maximum charge.

    This is just a cautionary note, I am not knocking any of the contactless systems.

    It is a 'don't care' for me as I never use the London trains - or any others either.

    1. TheProf
      Devil

      Re: Watch Out for Flat Battery Syndrom

      and woe betide you if you're caught recharging your ticket from the train electrical supply.

      1. Roger B

        Re: Watch Out for Flat Battery Syndrom

        I wonder which is higher, the fine you'd pay for not having enough charge in your phone to bump or the fine you'd pay for charging your phone enough so you could bump your ticket.

        Bump to pay? bruised Apples? I wonder if anyone breaks their phone tapping the NFC device?

        1. Rimpel

          Re: Watch Out for Flat Battery Syndrom

          Well you will be 'charged' either way - but the OP was referring to the recent story where a man was charged by police for charging his phone on a train, the offence was 'abstracting electricity' and carries a maximum sentence of 5 years. The choice is yours...

    2. Anonymous Coward
      Anonymous Coward

      Re: Watch Out for Flat Battery Syndrom

      Any decent phone would let you swap the battery.

      1. Sean Timarco Baggaley

        Re: Watch Out for Flat Battery Syndrom

        Or you could just plug in an external 'booster' battery.

        I really don't get what the big deal is over 'replaceable' batteries. How is popping a fiddly case off, easing out the drained battery, digging around your bag for its replacement, fitting it, then popping the back of the phone back on "better" than just plugging in an external battery?

        Either way, you'd be carrying two things around with you instead of one.

        1. Charles 9

          Re: Watch Out for Flat Battery Syndrom

          I insist on replaceable batteries in case one goes bad. The battery is one of the soonest things to go and being able to swap it out adds longevity.

          1. Lallabalalla

            Re: Watch Out for Flat Battery Syndrom

            The battery on my 5 year old iPhone is still good, thanks.

            1. Charles 9

              Re: Watch Out for Flat Battery Syndrom

              Sure about that? Sure it lasts as long on a full charge as the day you bought it?

  4. SuccessCase

    "“The UK launch will boost the payments industry as a whole, but however cool the technology, it will take years to reach anything near mainstream adoption," said Rich Wagner, chief exec and founder Advanced Payment Solutions, and an advisory board member of the Emerging Payments Association.

    “However, it’s worth noting that Apple’s margins will be far lower in the UK than in the US, due to the huge discrepancy in interchange fee rates between the two continents. This reduces the commercial opportunity for Apple Pay in this market," he warned."

    Come on Register. Identify when you are interviewing a competitor (not a direct competitor but a competitor nevertheless), it makes a big difference to the credibility of what they are saying. For a start, Apple pay has the fastest adoption rate of all the competing solutions, secondly Apple customers are simply worth far more as consumers. Online transactions, App Store revenues and value per transaction are all far, far higher for Apple customers than competitor customers. Retailers are not going to be missing out on the opportunity to satisfy the needs of retails most valuable customers. It won't happen ibstabtly, but it won't take too long either. In the U.S. holdout stores are rapidly changing their minds and adopting Apple pay for this very reason.

    Lastly If margins are lower for Apple for Apple Pay transactions in the UK, so what? They aren't doing it for the per transaction margin, which whilst nice is not a big business for them. They are doing it to sell phones. The margin makes zero difference to that and so will make zero difference to the effort they put in to promote Apple pay (thus illustrating if Mr Wagner is an "expert," he's an "expert competitor" and isn't being quite as objective as he is trying to sound).

    1. Anonymous Coward
      Anonymous Coward

      Unlike all those unbiased gushing comments, presumably originating from the left side of the pond where having a secure cryptographic element (embedded in a card, imagine that!) is seen as a novelty.

    2. Lee D Silver badge

      Fastest adoption rate isn't hard when the competition isn't released yet. It's easier to be "first past the post" when nobody else is playing. Betamax was superior, HD DVD came out before Blu-Ray, etc.

      However, Apple Pay ONLY works on Apple devices. Android Pay may well be the same but, being software, it should be portable if necessary. However NEITHER are the real solution people actually want, and the biggest barrier to adoption is that you have to have one of those devices in the first place.

      As the article states, Android enjoys four times as many users as the Apple competition before you even start. And "Apple Users Spend More" doesn't equate for me. It's like the Humble Bundle statistics that their Linux purchases voluntarily contribute more. Individually, yes. But en-masse the greatest amount of total profit comes from the much larger user base of Windows gamers each contributing less. (Technically, my owning an Android device instead means I have more money to pay the shops, because I haven't given it to Apple!).

      As such, kitting out all your stores with Apple Pay and then having to replace it because it wasn't the most popular system is what will hold people back - as the article implies, adoption is years away. Hell, stores have been "able" to take PayPal on your phone for years now... nearly a decade? How many of them actually do it? How much of their transaction totals go through it? Nearly zero. So you spend all the money for the kit based on the manufacturer's promises and end up not profiting from it at all.

      If margins are lower for Apple Pay, that means that the risk of prices rising once it becomes mainstream is even higher. Not only that, if they are only doing it to "sell phones", the cost of that phone is actually part of the overall cost of the system. And I'm not sure I want a payment system that's designed to "sell phones" as the way to pay my bills, thanks.

      This isn't blind anti-Apple sentiment. This is just early days of a single, non-cross-platform, still-has-flaws payment system. Nobody is going to leap onto it unless they are terminally stupid or incredibly rich and has a particular phone anyway.

      No, wait... that last part WAS just anti-Apple sentiment...

      1. SuccessCase

        What are you talking about! Apple pay is one of the last out. Google have attempted pay before but failed. It's their latest attempt that isn't out yet. US retailers have their own contactless solution (CurrentC). Paypal also. Plus countless other banking industry initiatives.

      2. SuccessCase

        @Lee D. Why on earth would you be worried that Apple implement features to make their phones more appealing. The fact they are doing it to sell phones, instead, as is the case for the banks, to make money on each transaction, or as is the case for the stores, to get your personal details, IS good for the consumer because it means their incentives are aligned with yours. That is very important. Aligned incentives means they adopt the consumer position. Consequently Apple pay keeps your personal details secret. Neither Apple nor the retailer store transaction details. Only the bank/Credit card provider. Secondly the per transaction processing fee is much lower than competing solutions. Third, you got your argument the wrong way round. As they are doing it to sell phones, they have LESS incentive to increase per transaction fees and in any case the per transaction fees are locked down in contracts with the banks, so your fears aren't justified.

      3. Thomas Chippendale

        "As such, kitting out all your stores with Apple Pay and then having to replace it because it wasn't the most popular system is what will hold people back - as the article implies, adoption is years away. Hell, stores have been "able" to take PayPal on your phone for years now... nearly a decade? How many of them actually do it? How much of their transaction totals go through it? Nearly zero. So you spend all the money for the kit based on the manufacturer's promises and end up not profiting from it at all."

        I don't understand this. What special equipment does it need? I have not found a card machine yet that doesn't accept Apple Pay - it seems to work on the bus, in Tescos, in all the various shops and coffee-stops this week, as well as some oddities such as at an ice-cream van in Milan, and a petrol station in Switzerland for chewing-gum. It also seems to work on the perfectly ordinary unmodified card terminals attached to the EPOSs at our client sites, which I know we have done nothing new to, and which are pretty elderly. So far Apple Pay doesn't seem to have any lack of functionality requiring any special equipment, system or agreement, and seems, like other ordinary contactless cards, to work perfectly well across borders - regardless of whether the function is enabled in that country for a locally-registered device.

        Perhaps the error is the odd branding, which does imply rather that it is some separate system. I don't know why it even has a name rather than just saying 'keep a copy of your contactless cards on your phone or watch.' But it appears to work as a perfectly ordinary contactless card, universally.

        Confused by comments like the above though - is there some other element to accepting payment that I am not understanding - is something required other than any ordinary PDQ machine and merchant account?

      4. soldinio

        paypal

        PayPal adoption has been slow because there are significant downsides for the trader. I work for a large organisation that considered paypal a couple of years ago, but their binding arbitration service for disputes and the ability to yoink back funds with no redress means it will probably never be considered again.

        I wonder if Apple are planning for any liability in case of dispute/fraud/etc. or just off-loading to the card provider.....

    3. Charlie Clark Silver badge
      Thumb Down

      Lastly If margins are lower for Apple for Apple Pay transactions in the UK, so what? They aren't doing it for the per transaction margin, which whilst nice is not a big business for them. They are doing it to sell phones.

      Whilst Apple can indeed ignore the margin, it isn't really adding the feature to cell more phones but to bind its customers to it even more – it gets to mine all the sales data.

      However, the market will be determined as much by the merchants as by the customers. Merchants will favour anything that reduces the time of the transaction and avoids cash. Something that gets used for buying a pack of chewing gum is more important than a credit card replacement (outside the US, because in the US you can buy a pack of chewing gum with a credit card, I've even bought a stamp with one).

      Personally, I'm still waiting for something that is more convenient and useful than cash which is universal and also helps me budget.

      1. SuccessCase

        "it gets to mine all the sales data."

        Nope. The solution is architected such that neither Apple nor the retailer know who the customer is. Only the bank can relate the transaction to a customer. The retailer doesn't even get the customer's card number. Just confirmation they have received the money. Case in point. Go into an Apple store, make a purchase with Apple pay. If you want a receipt, you have to separately provide your email address. They don't have it and don't know who you are from th Apple pay transaction alone.

        Maybe once you do some Googling and confirm for yourself what I am saying is correct, the penny will drop and it will become clear why when incentives are aligned it's actually a good thing for consumers.

        1. Lee D Silver badge

          It is not a good thing for consumers to be required to buy a specific manufacturer of device to make a credit card transaction, when the credit card number that had to be entered in the first place is in their other pocket.

          Go abroad, your payment system doesn't work.

          Battery dies, your payment system doesn't work.

          iOS chooses a bad time to update/reboot, your payment system doesn't work.

          The shop choose a rival system, your payment system doesn't work.

          So you still have to carry the card anyway.

          And, let's be honest, Apple know exactly who you are as they have your Apple ID on the same device. Just because they've not shown it linked in, doesn't mean they couldn't, can't, don't, haven't or won't. If you are authenticating the software on the device and the device is linked into an Apple ID account or course they know who you are. Whether they join the dots or not greatly depends on local legislation, not technical capability.

          I'm actually much more interested to know how Apple will work at the business end. Because, for sure, every time I call them about the 100's of iPads my schools use, on the Mac Mini servers that we have, with the stupendously expensive MDM system we bought, they couldn't care less and literally do not want to know.

          They are one of the few cloud providers to not provide an EU data protection guarantee for their cloud services (which technically means you shouldn't be using them in EU businesses like schools etc.). They are one of the least "business-friendly" companies that I've ever seen. Last time I rang up about a pupil iTunes account, it took 10 business days to reset and they were demanding original receipts showing the iPad serial number before they would touch it (despite being enrolled into our MDM and supervised by us) - security for home user, unnecessary hassle for verified businesses with tens of thousands of pounds worth of business with them. And we had to say literally dozens of times "No, we're a school, it's a school email, it's for a school pupil, it's a school device, we're a school".

          I've also yet to see "other" payment systems that use the original credit card details separately in an auto-generated token with bank authorisation - that's the "new" thing, not that other payment systems don't exist (but, again, they aren't popular, even when they're cross-platform like the PayPal one I mentioned - I can show you any number of shops with the logo in London, but when you ask to do it, they have to go call the one guy who knows how and tell you "Never had a customer ask for this before", etc.).

          Sorry, but even Android Pay is dead if you have to have it alongside Apple Pay etc. and you lock it to certain brands of phone. That's not a payment system, that's vendor lock-in. Either everyone has to take everything (e.g. like websites take Google Wallet, Amazon Payments, PayPal, WorldPay, etc.) or they have to take nothing.

          And, I'm afraid, Apple just doesn't appeal to enough of the market to be the "one true payment system", no matter what gimmick they use, and they absolutely DO NOT co-operate with any other vendor whatsoever. They barely co-operate with some of their largest customers.

          Like the whole "ID card" debacle... enjoy it while you can use your one type of phone in one particular location and look cool to your mates. Because, for sure, the next time you leave the city and travel outside, you'll realise that you need to pull out your card every moment still anyway.

          1. SuccessCase

            "And, let's be honest, Apple know exactly who you are as they have your Apple ID on the same device."

            Oh and lets be honest. You don't know what you're talking about, they don't and repeating your error prepended with "let's be honest" and not even bothering to check the widely available documentation of architecture and process which show why they don't know makes the assertion quite a bit less honest not more.

            "It is not a good thing for consumers to be required to buy a specific manufacturer of device to make a credit card transaction"

            Well they don't do they, because there are many competing systems.

            Then every following point you make applies to those other mobile payment solutions so doesn't in any way justify your first point. Running out of battery - well yes, that's a problem with mobile phones not exclusively Apple. Doesn't take away the fact the transaction is far more secure than handing over a credit card or entering a pin in a situation where it is often difficult/impossible to ensure you are not overlooked by others and/or security cameras.

            Well done for sticking your neck out and making a prediction that it will fail. Especially brave since all the indicators are that it is succeeding quicker than expected in the US and ignores the factual point I made that Apple customers are simply bigger spenders than competitor handset users. So to think retailers won't respond to that is brave, but wishful, analysis based I would suggest on little more than your dislike of Apple.

            1. dogged
              Stop

              We get it, you like Apple.

              Apple Pay will still fail everywhere outside Starbucks.

              1. Handy Plough

                In much the same way that you fail at life, eh?

          2. Handy Plough

            "And, let's be honest, Apple know exactly who you are as they have your Apple ID on the same device. Just because they've not shown it linked in, doesn't mean they couldn't, can't, don't, haven't or won't. If you are authenticating the software on the device and the device is linked into an Apple ID account or course they know who you are. Whether they join the dots or not greatly depends on local legislation, not technical capability."

            Prove it. With actual tangible evidence. If you can't shhhhhhh. You're talking shit.

        2. Anonymous Coward
          Anonymous Coward

          A major problem with many Apple Pay competitors in the states is that

          a) they are collecting and reselling your data (and probably keeping the data forever) in order to monetize that data via pelting the user with ads; and

          b) they are resisting using credit cards to avoid interchange fees. This is done by directly sucking money out of the user's bank account (with the permission of the user naturally). The problem is, by centralizing the process and accumulating data, they are making a juicy target for thieves. In the US, there is no legal guarantee of restitution if your checking account is drained by thieves (banks usually make good on the cash... since there are few breaks so far. But is it timeconsuming and inconvenient to claw back the stolen money).

          CurrentC (or MCX, or formerly ISIS (really!)) have to make money directly off the user while Apple Pay and (to a large extent) Android Pay don't have to directly monetize the user's personal information.

          1. Anonymous Coward
            Anonymous Coward

            @AC

            Android Pay doesn't have to directly monetize the user's personal information.

            Monetizing personal information is Google's whole business model! Unless they've committed somewhere to not do so you better believe they will do exactly that.

            They'd LOVE to get this data from consumers, as they could link ads they've seen, products they've searched, stores they've been in etc. down to what products the customer ended up actually buying. Can you imagine how valuable that would be to retailers - they could figure out which ads / promotions are actually effective, instead of just guessing. No way Google doesn't stick its fists in that jackpot up to its elbows!

    4. fruitoftheloon
      Happy

      @SadCase...

      Blimey,

      are you quite sure about that?

      Pleased with your Apple dividends recently?

      Just wondered...

  5. kmac499

    Barclays bPay

    The revised generation of Barclays contactless NFC chip is out but I think they missed a trick.

    The chip comes in three packages, naked, wristband and keyfob. The naked one you stick on the back of your phone or whatever. The wristband is designed for festivals sports etc. The interesting one is the key fob and this is where I think they missed a trick. My gripe with all contactless devices is that they are permanently 'live'. It's like walking around with your purse or wallet open and on show. If waved near an active reader they will make a payment. Which is a real pain if you have multiple wireless debit cards in your wallet, how would you know which one just paid out?

    What the keyfob needs is a simple button which when held down enables the chip. The equivalent of opening your wallet which when used, immediately snaps shut.

  6. Dazed and Confused

    Longevity

    > Add the fact that fingerprints stay with you for life and

    Sounds like someone never done a days real work in their lives.

    My finger print reader worked fine for months till I decided to undo a nut and bolt with my fingers. The scans don't work any more. The kids school uses fingerprint scanners to their meal system, my eldest stupidly touched a piece of hot gauze in chemistry and their scanning system won't recognised his dabs anymore, nor accept new dabs for him.

    Finger prints ain't for life.

    1. Charles 9

      Re: Longevity

      Give them time. Barring a total maiming, fingerprints usually heal.

  7. Anonymous Coward
    Anonymous Coward

    Is there a tumblr or something with pictures of people paying for things with an enormous iPad? I want to see that. Like the one with pictures of people in red trousers.

  8. Charlie Clark Silver badge

    Good article

    Independent IT security consultant Paul Moore (one such critic) noted: "I'd rather de-couple my payment card from a mobile device. It's safer IMO. ‪#ApplePay‬ doesn't solve a problem I don't have."

    Can't really argue with that.

    Interoperability is key and payment systems are fairly well regulated in Europe, hence the far lower margins.

  9. Cuddles

    Convenience?

    "a convenient way to make payments of up to £20 without the need to fork out their debit or credit cards"

    Because taking a credit card out of your pocket is so much less convenient than taking a phone out of your pocket. It's the same problem with "smart" watches - adding convenience in a place that wasn't lacking it in the first place isn't really a big selling point.

    On the other hand, I don't recall ever having a card payment fail because my battery had run out.

    1. Ed 11

      Re: Convenience?

      Apple Pay:

      1- Phone out pocket

      2 - Phone against card reader

      3 - Phone back into pocket

      Contactless card:

      1 - Wallet out of pocket

      2 - Contactless card out of wallet

      3 - Contactless card against card reader

      4 - Contactless card back into wallet

      5 - Wallet back into pocket

      So I make that a 40% reduction in terms of the number of steps needed to pay, and a slight bump in security too. What's not to like?

      And before someone suggests leaving my intended payment card in my wallet and holding my wallet to the reader, I am not the only person with more than one card in my wallet.

      1. PrivateCitizen
        Stop

        Re: Convenience?

        Minor issue but you need to add "place finger on finger print reader" to the phone step so it is 4 steps vs 5 (and if the fingerprint reader has fit, as mine is wont to do, then it adds a few more steps where you retry).

        Also, if you have multiple cards you want to pay with, how do you select them in Apple Pay? Wouldnt that add an extra step making it the same?

        However, on the whole, this is a solution to a non-existent problem for me, so I wont bother. I am sure lots of people think differently and may bother to install it.

        The problem for the vendor is that they have to have technology to support the luddites and the trendy fanbois. I have been to a large number of shops who are unable (or unwilling) to support contactless payment of any sort making this a moot problem.

        1. zb

          Re: Convenience?

          You forgot to mention taking finger off screen :)

      2. Yugguy

        Re: Convenience?

        1) Take wallet out of pocket

        2) Take choice of several pin-protected cards out of wallet.

        3) Actually, I couldn't give a toss about the rest of the steps as I prefer security over presumed "convenience" anytime. Not that I've EVER stood there thinking "HOLY SHIT I WISH I DIDNT HAVE TO SPEND A GOOD 2 SECONDS OF MY LIFE TYPING IN A PIN"

        1. Fink-Nottle

          Re: Convenience?

          > "HOLY SHIT I WISH I DIDNT HAVE TO SPEND A GOOD 2 SECONDS OF MY LIFE TYPING IN A PIN"

          On the other hand, a surprising number of people have either physical or visual issues which make entering as pin anything *but* convenient.

      3. omnicent
        Trollface

        Re: Convenience?

        Apple Pay:

        2 a - Place fingerprint on reader

        3 b - Try again because it failed

        :-)

      4. VinceH

        Re: Convenience?

        The "more than one card in my wallet" is a key point that fucks the notion of Apple (or other phone) Pay being more convenient.

        I, too, have more than one card in my wallet - and the reason for that is I use different cards for different things. So, step 2 in your contactless* card sequence should be "select contactless card and remove from wallet" - and there therefore needs to be a similar step for Apple (or other phone) Pay: They need to be able to hold details for multiple cards, so the user needs to be able to select which card they are going to use. Which means:

        Apple (or other phone) Pay:

        1. Phone out of pocket.

        2. Unlock phone, navigate to the app to select which card to use, and make the selection.

        4. Phone against card reader.

        5. Phone back into pocket.

        I've been generous and bundled the necessary sequence into a single step 2.

        And, of course, you could do this before going to the till to make payment - but, then, you could also do that with the relevant steps for using a card.

        I'm assuming Apple (and other phone) Pay systems will allow multiple cards to be set up.

        * Not that I use contactless payments, but that's beside the point.

        1. Anonymous Coward
          Anonymous Coward

          Re: Convenience?

          At least learn how it actually works before you troll - ApplePay automatically switches to the app when there is a payment to process. The amount to pay and list of cards (with a default) will be displayed automatically. "Unlock the phone" means "press the fingerprint reader".

          Why are people on a tech site suddenly luddites just because it's an Apple feature? Would you post this crap if it was GooglePay?

          1. VinceH

            Re: Convenience?

            "At least learn how it actually works before you troll - ApplePay automatically switches to the app when there is a payment to process."

            Non-Apple user doesn't know the specific workings of an Apple system. In other shock news, it has been discovered that the Pope is indeed a Catholic.

            "The amount to pay and list of cards (with a default) will be displayed automatically. "Unlock the phone" means "press the fingerprint reader"

            All that does is shorten step 2 - but there is still a step there that wasn't included in the original sequence.

          2. zb

            Re: Convenience?

            Yes, like all the tech love expressed here for Google Glass

      5. Anonymous Coward
        Anonymous Coward

        Re: Convenience?

        You missed out:

        - insert my card into a reader of unknown ownership

        - type my PIN number into said reader.

        ...and...

        - how far away does an NFC card actually need to be for me to charge money to it (a hacker's reader, not "a reader within published spec"). Seriously, Google away to find the answer :)

        I don't care if it is built by Apple or Google, or the NSA. I want something with a screen and pin pad/fingerprint reader. Yes - I actually trust the NSA more than an ATM on the street!

      6. Anonymous Coward
        Anonymous Coward

        Re: Convenience?

        Drop phone, phone smashy.

        Drop wallet, nothing happens.

        Therefore you can whip out your wallet much quicker with less care.

        1. Sean Timarco Baggaley

          Re: Convenience?

          If there's one thing a phone-based NFC system can't do, it's get swallowed up by a Windows XP-running ATM that's just decided to have a bad hair day and crash in quite spectacular fashion.

          It was fascinating to watch it die, painfully slowly... until I realised I wasn't going to get that peach iced tea and pizza I'd been looking forward to for most of the afternoon. I got the card back the following day, but it has carried the scars ever since. It looks like it got run over by a very small bicycle with particularly filthy tyres.

          (Oh, and I've had my card skimmed too, with the consequent sorting-out involving giving a police statement and a 60 km. round trip -- in a borrowed car as I don't own one -- to sort out the paperwork. Still, that's Italian bureaucracy for you. At least it got sorted, though I was without any money at all for about three weeks.)

      7. Phil O'Sophical Silver badge

        Re: Convenience?

        1 - Wallet out of pocket

        2 - 5.00 note out of wallet.

        3 - Hand over note to pay.

        4 - (optional) put change in pocket.

        1. Anonymous Coward
          Anonymous Coward

          Re: Convenience?

          beat me to it -

          (optional) - buy a coffee with the change...

          The other benefit is withdrawing cash and then budgeting with the cash you have on your pocket (so when its gone that is it) - not constantly debit card purchasing. It does make a difference when you have a solid block of real cash to budget against over a week/2 weeks etc.

          1. Charles 9

            Re: Convenience?

            Also makes you a hot pickpocket target. Plus some of us keep the phone even easier to reach than the wallet for fear of missing a call.

      8. This post has been deleted by its author

  10. gbru2606

    Paying with an iPad

    I can't imagine anyone ever paying for anything with an iPad in Blackpool....Round here the police wouldn't be too sympathetic if you were mugged for it afterwards either.

    1. Anonymous Coward
      Anonymous Coward

      Re: Paying with an iPad

      Blackpool is not typical though.

      It's full of drunk working-class stag/hen parties - particularly popular with Scots.

      I was once in a bar in Blackpol and a fat woman was trying to press her (bare) chest against the window from outside, but her belly got in the way. V funny at the time, but not typical of the UK.

  11. IHateWearingATie

    Meh

    I don't just have payment cards in my wallet - I have cash (as not everyone takes cards - the coffee van that comes round to my client site for example), my card for the AA, my Tesco clubcard. I like the technology and where it is going, but I'll still need my wallet for now and so I don't see a great benefit (certainly not enough to make me replace my Android phone for an Apple one next upgrade cycle)

  12. fruitoftheloon
    Stop

    Err what? leave my wallet at home

    Methinks there is a slight flaw here (and not with the 'security')

    I somehow doubt that even if I were fortunate enough to find that all commercial entities I interacted with on a given day would accept it, I sure as fekk wouldn't leave my wallet at home.

    Methinks the 'regurgitated press release' quotient is a little higher than usual today.

    /end cynicism

    1. Charles 9

      Re: Err what? leave my wallet at home

      I see many who have no pockets so can't keep their wallets or refuse for fear of pickpockets.

  13. Speltier

    I want some of what they are smoking

    "...such as tamper-proofing software..."

    Really.

  14. Madbury

    If you're a tiny bit OCD then the main problem with entering a pin on a pad is the hygiene factor. Do I really want to be dabbing the same keys that a thousand other people have pressed that day? I suppose you could use a key or something to provide some physical separation from the filth magnet that is the key pad.

    I'm only being half serious really. There is a marginal convenience and time improvement with contactless in my experience and as a result it is my preferred method.

    As far as I can see Apple pay is completely pointless for the following reasons:

    1. I have to carry my card with me anyway in case I wish to make a purchase at a store which does not have a contactless reader - presumably this problem will diminish to zero ultimately

    2. My card has no battery to go flat, is relatively small (I don't carry a wallet) and therefore easy to carry. I can leave a backup (different) card in my bag too in case I lose my main card.

    3. My card is free (effectively) whereas an iPhone is really rather expensive.

    In short I think it will be a long time before I leave the house without a credit or debit card in my pocket and since the contactless card is already very convenient I don't see the need for Apple pay other than as a novelty.

    I'm completely ignoring the security points in the article here obviously, but this is just the way I see things.

    1. Anonymous Coward
      Anonymous Coward

      1. If the store doesn't do NFC I don't go. End of.

      2. I'm prudent enough to keep my battery charged. If I know I'll be out longer than usual I pack a spare.

      3. I needed the phone anyway, so the feature's just a free bonus.

  15. Anonymous Coward
    Anonymous Coward

    trollin time

    The problem with Android pay systems is it assumes Android punters have much to spend. Android obviously had it first and can probably stay ahead on the technology but the whole thing was DOA until Apple came along.

    1. Simon Taylor 1

      Re: trollin time

      You certainly are trolling. I could have had a iPhone cheaper on my contract but still chose Android. My current phone smokes an iPhone in all the areas I care about. The old crap about "can't afford Apple" is just that, er, crap.

      Disclosure. I despise Apple for the damage they do to the industry and their reality distorting, lying, genius bar filling, cool aid tsunami. Wouldn't own an Apple thing if it costs pennies.

  16. jonathanb Silver badge

    Retailers don't have access to card info?

    Is it true that retailers don't have access to card info? If it was, then it wouldn't work on TFL, but it does, see https://tfl.gov.uk/fares-and-payments/contactless/other-methods-of-contactless-payment/apple-pay?cid=applepay

    They know that you've bonked in and out of the network with the same phone/card combination, so they can charge the correct fare for the journey rather than two penalty fares. They know if you bonk back into the network at a nearby station on a different line so they can treat it as a continuation of the previous journey rather than a new one, if it is a recognised pair of interchange stations. They know if you have reached the daily or weekly charging cap and are entitled to free journeys for the rest of the day or week, and they can request a single payment from your bank at the end of the day for every journey you made that day. You can register on their website with your card details to get travel statements showing all the journeys you've made.

    1. Fuzz

      Re: Retailers don't have access to card info?

      The TFL help page is quite interesting, it suggests that at the point of transaction TFL don't have access to your card details, but they do have access to something that uniquely identifies your device. You have to use the same device to tag in and out on stations, can't tag in with your watch and then out with your phone.

      It seems they then get your card details later since they are able to match your journeys up with your card details and display them on their web portal.

      It's also interesting for the guidance on how to use Apple pay, I don't live in London but have experienced the tube during rush hour and I wouldn't want to be the person whose phone times out because I unlocked it more than 1 minute before hitting the gate, or the person who gets a phone call has they're trying to enter/exit the gate.

      The whole point of contactless is that you trade security for convenience, it's less secure than chip and pin but it's quicker. Apple seem to have added some more security and for that they've had to trade convenience.

      1. Anonymous Coward
        Anonymous Coward

        Re: Retailers don't have access to card info?

        Retailers have access to the Device Account Number - what the device sees as the card PAN. This is consistent for a device/physical card. If you put the same card on your phone and watch they get different Device Account Numbers, hence in the TfL case if you tapped into the system with your phone, then out with your watch they would see two different PANs they couldn't match.

  17. jamie m

    Waiting in the wings is ... Android Pay

    Waiting in the wings is Zapp with Pay By Bank App.

    Vocalink, the company behind Faster Payments in the UK and Immediate Payments in Singapore is launching Pay By Bank App for payments in the autumn removing the need for cards and wallets when shopping online.

    Already in development is work to bring the feature to NFC equipped phones allowing contactless payments in shops again without registering cards or creating wallets.

  18. Anonymous Coward
    Happy

    Here's how Android Pay transactions will be charged out...

    92% will go to the merchant.

    3% will go to Google.

    5% will go to your bank.

    573% will go to a team of Ukrainian hackers who slipped a virus onto your phone embedded in that Twitter stream you just have to, like, so keep up with.

  19. Lamont Cranston
    Thumb Down

    I put all my eggs into the one basket. Far more convenient that way.

    No worries for me - the basket weaver assures me it's drop-proof.

  20. Joe Harrison

    who pays

    So Apple get paid a small slice per transaction, which is to say using the phone costs more than using the card. Who ultimately foots the bill for that? You already know the answer.

    Seems to me very similar to having your airport boarding card on your phone - quite cool the first couple of times but rapidly becomes annoying.

    1. Smorgo

      Re: who pays

      No, it's not more expensive. Part of the transaction cost is based on the risk associated with the payment. Apple have convinced the banks that Apple Pay is more secure than card transactions, so their cut comes out of this risk element.

  21. Lallabalalla
    Trollface

    Gaah! Don't you people get it??

    Apple is going to make - is already making - an incredible success out of an idea that many have tried and failed to do before, and they will "revolutionize" payments and maximise their revenue and user base AND multiply diverse device ownership in almost no time at all - a trick they have literally NEVER managed to pull off in the past.

  22. ToadOfToadHall
    Stop

    twenty quid?

    No, No, No, No! The amount is not limited to £20... If you can identify yourself (mobile passcode, fruity biometric, signature for Americans...) then you can, in principle, buy anything with Apple Pay or other contactless payment thing.

    HOWEVER, most merchants in the UK still have crappy old contactless terminals which don't run the latest version of the software etc. etc. so, in most cases you'll have problems buying anything costing more than £20. But, of course, some shops are bang up-to-date... Like, err, the Apple Store.

  23. Super Fast Jellyfish

    Multiple cards

    So I get the idea of a DAN (Device Account Number) associated with the phone but if this is how a transaction is identified, how does it work if you don't select your default card? There must be another step not mentioned anywhere I've seen.

    1. jonathanb Silver badge

      Re: Multiple cards

      There is a separate device account number for each card.

  24. -tim

    If it quacks like a duck...

    These nice 16 digit tokens that everyone is jumping to as a way to bypass some PCI-DSS issues leave out one small problem. If it looks like a card number, from the PCI-DSS point of view, it is a card number.

    It is amazing that we are still not using strong public/private key encryption to move data around the credit card networks.

  25. OllyL

    Opinions of a user

    So as someone who has actually used Apple Pay (on both sides of the pond), I actually quite like it.

    It didn't magically solve a problem in my life, however I do rate it as an improvement.

    I have four US cards registered against the iPay thing (only one of which is natively NFC - an amex, and three visas from two different banks) and two from the UK (Nationwide in case anyone cares). I like that it gives me the option, and it seems to remember which card I used where last as the one it pops up first seems to be tied to whatever I used at the location last (one of my cards gives me better cash back on fuel, the other has a better rate for pretty much everything else).

    I am still required to use a PIN however if I use it against a debit account (confusingly, one can present a US debit card as a credit card at POS terminals), so I'm not sure how that works.

    The one thing I find particularly curious about the UK implementation is the 20 pound cap. Does anyone know why that is? Here in the states I can spend as much as the bank will let me (as far as I'm aware...I think the largest transaction I've put through Apple pay was about $800)

    The one thing I'd love for them to add to the phone would be some form of ID verification, such that if I forget my wallet and I meet with a particularly officious checkout operator that really won't accept that I'm legally old enough to buy whatever booze happens to be in my cart

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like