Next-Gen iPhone & iPhone Nano Speculation

Discussion in 'Mobile Devices and SoCs' started by Arun, Jun 19, 2011.

  1. patsu

    Legend

    Joined:
    Jun 25, 2005
    Messages:
    27,709
    Likes Received:
    145
    rpgs.314's model is not quite right. The dynamic account number is kept in the secure element. The "credit card like credential" (payment token) is something else. It is generated on the fly, together with yet another one-time secure code for every transaction.

    Even if one captured these in-flight payment tokens, they can't use it for more fraudulent transactions. They should also be one-way. You can't guess the dynamic account number from these payment tokens.

    If you lost the phone, then you have to use Find My iPhone to revoke the dynamic account number.
     
  2. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,175
    Location:
    La-la land
    You don't really need to though, if all the thief took was the phone; nobody can pay with the phone without your thumb to press to the scanner... :twisted:
     
  3. patsu

    Legend

    Joined:
    Jun 25, 2005
    Messages:
    27,709
    Likes Received:
    145
    Well... I think peace of mind is very important. It's better to revoke and regenerate on a new phone.
     
  4. zed

    zed
    Legend Veteran

    Joined:
    Dec 16, 2005
    Messages:
    5,249
    Likes Received:
    1,323
    Whats that saying about fools and their money ;)
    btw you, you might wanna recheck your maths

    In NZ (the largest debit card users in the world per head of population) there are ZERO transaction fee's for the customer / shop. Yes a shop has to pay a fee ~$100/year to be connected so they do incur a cost which would be passed onto the customer but thats gonna be orders of magnitude less than a 0.15% fee

    How is google pay able to do this free?
    Well if this takes off, it will flow on to google wallet taking off logically
    and I assume google will say, hell if ppl are happy getting 0.15% deducted we'll do it as well.
    And with their much larger userbase this could turn into a nice little earner for both apple & google
     
  5. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,175
    Location:
    La-la land
    Google's schtik is grabbing market share by offering stuff for free, and then once they've achieved dominance they "monetize" the "service". So they're no different really. They, being a corporation with tens of thousands of employees and dozens of data centers around the world, offices in a multitude of countries and so on, obviously can't afford to offer their services completely free of charge in perpetuity.
     
  6. Mariner

    Veteran

    Joined:
    Feb 6, 2002
    Messages:
    1,934
    Likes Received:
    668
    The vendor/shop always pays a credit card fee and it is usually a lot more than 0.15%, I can tell you! Usually around 2% for credit cards (a lot more for Amex!) and a set charge for debit cards.

    Paypal fees for sellers are usually a little higher than this. Not sure about Google Wallet.
     
  7. zed

    zed
    Legend Veteran

    Joined:
    Dec 16, 2005
    Messages:
    5,249
    Likes Received:
    1,323
    you missed my earlier posts where I mention this, I made one yeaterday here and also about 2 weeks ago

    Like I said before from what I read a couple of days ago I believe this 0.15% is EXTRA on top of whatever the bank fee's they charge

    I wonder what happens if a thief chopped off someones thumb, imagine the public fear(*) involved? We could see the next iphone version without a thumbreader :)

    (*)totally unnecessary in real terms, but in todays (esp in the USA society) where 'fear rules the newswaves' and makes the public do irrational choices, who knows
     
  8. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,175
    Location:
    La-la land
    I believe Apple claimed last year that they check for life signs (meaning a pulse I suppose.)

    In any case, I wonder what would happen if someone was to use a knife to force you to give them your card and PIN rather than use it to chop off your thumb - oh wait, that already happens every single fucking day. While we're already in the unlikely realm of scenarios, you could also use your pinky (or perhaps tip of your nose) to unlock your phone, meaning your thumb would be useless to a thief...! ;)
     
  9. wco81

    Legend

    Joined:
    Mar 20, 2004
    Messages:
    6,620
    Likes Received:
    506
    Location:
    West Coast
    Only thing about thumbs is that there have been cases of cops demanding pass odes. Conceivably they can coerce you to apply your thumb against the scanner.

    There was a case where cop after beating someone erased the video off the phone of a witness who captured video.


    The banks hope people charge transactions under $25 and $10, which are now predominantly paid in cash. So they'd get a lower fee but potentially greater volume of CC transactions.
     
  10. zed

    zed
    Legend Veteran

    Joined:
    Dec 16, 2005
    Messages:
    5,249
    Likes Received:
    1,323
    yes I know and thats why I wrote "totally unnecessary in real terms, but in todays (esp in the USA society) where 'fear rules the newswaves' and makes the public do irrational choices, who knows"
    eg 10's billions to protect against (the small possiblity) terrorists invading the USA and killing a few american's vs a few billion spent protecting against (the reality today) of american's dying in X number of 'unsexy' ways

    i.e. the masses make these total irrational choices not based on logic

    I can foresee a similar tech thing with
    We will soonish have widespread driverless cars I shudder to think when one malfunctions and kills someone (prolly a slowdown of its adoptation etc) even though in reality the deaths per km is prolly gonna be a lot less than a human driver, i.e. its irrational decision making

    Not in NZ, its rare to see someone pay with cash, even for $2. Im one of the view ppl that do try to pay with cash
     
  11. rpg.314

    Veteran

    Joined:
    Jul 21, 2008
    Messages:
    4,298
    Likes Received:
    0
    Location:
    /
    It's better than Google and carrier's implementation.

    It's no better than existing physical cards.
     
  12. rpg.314

    Veteran

    Joined:
    Jul 21, 2008
    Messages:
    4,298
    Likes Received:
    0
    Location:
    /
    The macworld article says that there is one token per device forever.

    No idea what apple said in their presentation.

    The banks and the retailers wouldn't let this get off the ground if their creepy behavior was blocked.
     
  13. rpg.314

    Veteran

    Joined:
    Jul 21, 2008
    Messages:
    4,298
    Likes Received:
    0
    Location:
    /
    That's not what Macworld says.

     
  14. silent_guy

    Veteran Subscriber

    Joined:
    Mar 7, 2006
    Messages:
    3,754
    Likes Received:
    1,380
    Physical cards without a PIN, no security at all.
    Physical cards with a PIN: 4 digits of security, often a birthdate of some sort. :wink:
    Hard for an electronic solution to beat that in terms of insecurity.
     
  15. zed

    zed
    Legend Veteran

    Joined:
    Dec 16, 2005
    Messages:
    5,249
    Likes Received:
    1,323
    I guess more money is gained electronically (scams/hacks etc) each year than physically robbing them at knife/gunpoint

    I think the issue is the number of electronic attacks/robberies will be far less but because its done electronically the capacity to 'attack' more accounts/ppl at once is magnitudes more
     
  16. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,175
    Location:
    La-la land
    The quote you present doesn't claim one token forever.

    Anyway, like I said, the presentation claimed one-time use tokens, so what macworld says doesn't really matter. :) Anyway, a permanent token which would be snoopable and re-used would also be highly insecure, nobody would accept that. It would invalidate and make redundant the whole thing with the on-chip secure store, virtual card numbers and fingerprint scanner. So I don't think this interpretation which you present is the correct one.
     
  17. Mariner

    Veteran

    Joined:
    Feb 6, 2002
    Messages:
    1,934
    Likes Received:
    668
    Only if you are a halfwit! Lots of them around... :smile:
     
  18. zed

    zed
    Legend Veteran

    Joined:
    Dec 16, 2005
    Messages:
    5,249
    Likes Received:
    1,323
    mine by chance was the most least likely choosen pin number, google it and you can find the article. After reading that article of course I changed it :)
    Its choice between convenience and security, personally I prefer convenience (within reason WRT security)
    A couple of days ago their was a 'meeting' here in nz, kimdotcom & (snowden & assange by web) now would snowden have been able to get those documents if it was the old days with harddata? just wait I'll go back and grab those other 5 suitcase's full of files prolly not, but I doubt anyone wants to go back to the old ways but we've lost so much freedom/anonymity these days

    edit:
    saw this on another site https://www.braintreepayments.com/features/one-touch?utm_source=ArsTechnica&utm_medium=disp&utm_content=OneTouch1A&utm_campaign=takeover&partner_source=US_DT_DIS_ARS_BAN_AWR_DEV_FLAT_ONE_NBR_x*OneTouch1A
    Only 2.9% + $0.30 :)
    0.15% seems a bargain (OK theyre different things)
     
    #2778 zed, Sep 16, 2014
    Last edited by a moderator: Sep 17, 2014
  19. rpg.314

    Veteran

    Joined:
    Jul 21, 2008
    Messages:
    4,298
    Likes Received:
    0
    Location:
    /
    My bad, I was referring to privacy aspects here, not security.
     
  20. rpg.314

    Veteran

    Joined:
    Jul 21, 2008
    Messages:
    4,298
    Likes Received:
    0
    Location:
    /
    It seems to imply on token forever.

    Your existing physical cards have the same token forever and they work fine (from a security point of view) most of the time. And it is accepted universally.

    If there was a dynamic token per use, then the merchant won't be able to track you, but the bank will.

    I don't see why the merchants will buy into it if it didn't let them be creeps.
     
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...