Posted on 03/17/2015 2:00:55 PM PDT by Zhang Fei
Paid or unpaid, you’re clearly nothing but an Apple Troll here: 99.9999% of your posts here are solely to extoll the putative wonders of Apple Corporation.
You've been told that I maintain the Apple/Mac Ping list for over 700 of your fellow Freepers. I naturally will be involved in more Apple threads because each and every single one of those 700 have asked me personally to keep them appraised of events having to do with Apple, iPhones, iPads, and Macs. They have also asked that I keep them accurately informed, and to correct falsehoods. When I agree to do something I do it.
YOU are the thread troll in these threads. . . Do you have ANY Freepers asking you to disrupt Apple threads in anywhere near a number like 700? I seriously doubt it.
Really?..so why are we not seeing the same banks having the same problem with Goggle Wallet that been in place for some years..
FYI I have worked in the past for American Express doing network design.. and now with security company doing PCI compliance for business.... and moving in to pen testing/white hat hacking...
It odd the banks only screwed up and exposed ApplePay but not Goggle Wallet....
So whats the variable that the same banks has two different result’s with two different systems?
Two totally different payment models.
Google Wallet is merely a payment system that uses an Android App to connect to Google through NFC in place of normal credit card processing services for Credit Cards that are registered with Google. To do this, Google stores the credit card numbers, the card holder's name, and ID information on their servers. The Google Wallet App generates a one-time Token which is transmitted to Google where it is linked to the credit card data, and then Google converts it to a normal credit/debit card sale and sends it on to the issuing bank. Google is intimately involved with every transaction made with Google Wallet. . . and acts as the clearing house for the transfer of funds. Acting as an agent for the people who have entrusted their credit/debit cards with them have almost become a Quasi transfer bank similar to PayPal. As such, they have to be sure they are representing the correct person, the owners of the cards.
On the other hand, taking a hands off approach, Apple never registers a card number or any user's ID information. Apple knows a user is using ApplePay, but that's it. Apple will know a transaction has taken place, but not where, with whom, or the amount. . . and only after the fact when they get anonymous aggregated payment of fees. Apple never stores the card number on an Apple server. Apple never sees the card number or the name on the card. Apple is never involved in any of the transactions made with ApplePay. Any such identifiable information never leaves the control of the card and iPhone owner. It is stored on the iPhones Secure Enclave in the processor under 256 bit AES encryption keyed to the fingerprint of the owner. Aple never stores the card number on an Apple server. Apple never sees the card number or the name on the card. Apple is never involved in any of the transactions made with ApplePay. Apple is NOT acting as an agent for the user of the Credit/Debit card.
As I stated, Google does the validation process. Users provide Google with the credit card number, their address, the card's security number on the back (I never have quite figured out what is so secure about that number on the back of the card), if it's a Debit Card, their PIN, their Social Security Number, other identifying information such as their mother's maiden name, and then Google will validate their card with the issuing bank. Then when ever the owner of the card used their Google Wallet, Google would step between the merchant and their Credit Card processor and do the processing instead, charging the merchant Google's fees, which were generally quite a bit higher than what the Credit Card and the Merchant may have agreed to.
Since Google Wallet has taken on far more of a financial involvement, they are far more at risk of fraud than is Apple so must take a greater participation in making sure the cards belong to the people registering them. As a matter of financial self-interest to Google, Google took care of validating the cards.
Apple does not validate anything except that the owner of the iPhone has an AppleID account with a credit card attached. . . it leaves the validation of the card and the fact it is the owner installing it to the issuing banks themselves to do, just as the banks do when they issue a card in the first place.
No. My position is that if Apple is selling a product, then Apple is responsible for making it secure - full stop.
They control their developers that way. Why not the banks?
BofA is so bad they’ll never qualify for this.
Come on. You guys have been in business for a long time - the responsibility of the product’s efficacy is on the one selling you the product.
Tech has had such a pass for the last three decades. If your hard drive fails, you’re not calling Kingston, you’ll call Dell or HP.
Not secure in one aspect of the product is not secure in ALL aspects of the product. This is especially true in this day and age.
Apple’s big enough that they could have told the banks, “Look, you don’t want all this found business - business that isn’t going through the CC companies first - then don’t follow the spec and we’ll work with the other banks.”
Walmart is what it is today precisely because they demand suppliers meet their logistics spec.
So, yes, its Apple’s fault. That they aren’t going to deign to explain the product in the first place to anyone in a coherent manner is just part of their unique charm.
The logo on the box of ApplePay has an Apple on it. People rank on MSFT all the time for selling beta to their customers. I don’t see how this is any different, except that THIS beta can wipe you out financially, and perhaps lead to your identity being stolen so that you don’t $hit right financially for a decade.
They think they’ve got political cover to do stuff like this, so they do it. It’s bad business.
It’s the banks that are in the position to authorize use of a given card. Once that authorization is established, Apple’s part is so far secure.
The failure of some banks to properly verify a cardholder is akin to people “side loading” malware onto iOS devices: despite clear security warnings, banks/people proceed to take risky behaviors. Remember, the article notes this problem hinges on people getting their card verification DENIED, calling the bank, and the bank routing them to a problem resolution center instead of the fraud prevention department. The bank is getting the same “are you sure you want to trust this client?” message as a user trying to “side load” an app to bypass the App Store.
If Apple DID get further involved in the verification process on the banks’ side, methinks you’d be complaining that Apple is meddling and unduly squelching the banks’ options for verification. They COULD shut down “enterprise distribution” and “verification waivers”, but then a whole lotta valid customers would get pi$$ed off.
At some point, the responsibility of the product’s efficacy is on the one USING product: if a bank is complicit with someone masquerading as a customer, it’s not Apple’s fault. If the banks would VERIFY THE #%$&*!# CUSTOMER fraud wouldn’t be a problem.
You are delusional.
Apple does not and can not control what the banks do beyond requiring certain behavior in the contracts the banks sign when agreeing to participate in ApplePay. In that contract Apple required them to take what the bank industry themselves have defined as the "YELLOW ROAD" which requires two factor authentication of any credit/debit card authorized to be used in ApplePay. Some of the over 3000 banks signed up with ApplePay did not use the Yellow Road and for reasons known only to them, opted to use the GREEN ROAD, accepting any card they had issued as OK to be used in ApplePay without further validation.
The criminals who specialize in credit card fraud very quickly learned that these particular banks were not validating cards being put into ApplePay and the value of stolen card numbers and IDs associated with those banks skyrocketed overnight. . . because they knew they could buy stolen cards, put them into a fraudulently bought iPhone and the bank would not validate any of their cards put into ApplePay, unlike the other card issuers. It was a license to steal. . . and steal they did.
They control their developers that way. Why not the banks?
This was NOT a failing of Apple or Apple's requirements on the banks by contract, it was a failure of the banks who chose to take the GREEN ROAD in validating their own cards! There is NOT A THING APPLE COULD DO TO SAVE THE BANKS FROM THEIR OWN STUPIDITY! If you cannot see that, you are truly delusional.
BofA is so bad they’ll never qualify for this.
Bank of America and Wells Fargo were the first two banks signed up, and happen to be two of the card issuers that I use. BOTH use the YELLOW ROAD and two factor validation to authenticate the cards I put into my ApplePay. Bank of America telephoned me using my on file phone number which they had with my credit and debit cards, while Wells Fargo texted a PIN activation number to my on file phone number as per my arrangement for two-factor ID confirmations for activation. Neither just willy-nilly accepted the card. I also have a card with Chase and they called me on the phone to confirm that I was indeed adding the card. Several other credit or debit cards were handled either by emailing a PIN activation code to my email address on file with the credit/debit card issuing bank, or a phone call. Not once was it just suddenly activated without two factor YELLOW ROAD activation from my issuing bank.
So, yes, its Apple’s fault. That they aren’t going to deign to explain the product in the first place to anyone in a coherent manner is just part of their unique charm.
What part of "THE REQUIREMENT TO USE TWO-FACTOR VALIDATION IS IN THE CONTRACT WITH APPLE" do you fail to understand?
Apple did explain the product and the requirements to these banks. . . who must have competent legal departments who also explained to them what was required and expected of them. SOMEONE failed to follow through. It was easier to just not do the proper validation . . . or they just did not expect the sheer numbers of people who were going to be trying to provision their cards in their iPhones and did not put the staff in place to handle the influx. . . and pushed it off onto the Customer Service instead of their Fraud Prevention Department. . . or just threw up their hands and said "Approve every card!"
Perhaps the bankers were naive. . . in any case, the problem has been shown it was not at Apple's end. The logo on the box of ApplePay has an Apple on it. People rank on MSFT all the time for selling beta to their customers. I don’t see how this is any different, except that THIS beta can wipe you out financially, and perhaps lead to your identity being stolen so that you don’t $hit right financially for a decade.
This is NOT a beta product, RinasesofDs. ApplePay is working as described. ApplePay is secure. No one has hacked into ApplePay. And, no Rina, it cannot lead to having your identity stolen. There is no part of ApplePay that is even in question for that. As a matter of fact, the identity of the cards being used was ALREADY stolen before ApplePay was involved. Those were stolen when someone used their legitimate card to make a purchase at a restaurant and gave the card to a waiter or waitress who took it away charged it for your meals, but also made a complete copy of it, swiped it through a magnetic reader to copy what's on the strip on the back, and then sold it on websites dedicated to that purpose to supplement his or her income, or to buy something on line with the real card number and provided the information to a shady website, or a hacker got it from Home Depot, Starbucks, Target, or any number of merchants where the card was used sometime in the past. . . or the card owner used it at an ATM or Gas Pump with a secondary card reader added on top to the legitimate card reader and a miniature video camera positioned to record the entering of the PIN. . . or other phishing expeditions to separate the card owner from his information.
They think they’ve got political cover to do stuff like this, so they do it. It’s bad business.
This is a PROTOCOL problem at a few banks. This is an operator error. It's a Read the F'ing Manual problem. It is a problem created by someone making an assumption. It is a loose nut on the keyboard problem; an ID10T problem at the BANKS; a midlevel MANAGEMENT problem where some heads are going to roll. The cost of this will come out of the bottom line at the banks who allowed their mid-level manager to make the bad assumptions. . . and ignore the contract their upper level management signed with Apple which required much more stringent safeguards.
It is not, however, a problem inherent in ApplePay or at Apple.
I love it when I'm with someone who never carries cash and is puzzled when confronted with that situation!
ApplePay + the banks part in this = the product.
I can’t make it any simpler than that. It doesn’t matter than an idiot at the bank is responsible for the problem. All that matters is the product isn’t reliable.
That’s not a delusion. That’s marketing.
Talk to GM about this. The airbags being just one reason for the record recalls they had last year. GM’s logo is on the car. That the airbag tried to decapitate some of their customers, while being a significant supply chain problem, damages the GM brand.
Apple needs to be the one coming down on the banks - like a ton of bricks. The public and the government need to see that Apple’s got this.
Apple’s not doing that.
Government Motors, in the end, probably doesn’t care about the recalls like Ford would because in the end Uncle Sugar will be there to bail them out, like Chrysler.
“Imported from Detroit” - probably a truer statement now than it was 30 years ago, given you can put ‘-istan’ on the back of Detroit and be pretty close to the truth.
This is Apple’s problem. The bank is an absolutely critical part of the supply chain here. Either they deal with the supply chain issues or pull the product.
Apple should go the whole road. If they can’t find a suitable banking partner for the supply chain, then by all means, by Ally bank and make it ApplePay only. Failing that, charter your own bank and knock everyone out of the box.
They don’t want to do that because now the SEC becomes their regulator (and slave). Regarldless. Take the idiots out of the supply chain and relaunch the product. All that matters was the fraud, and that it happened using their product.
I drive a Nissan Quest. The front end had to be replaced after 75,000 miles. Nissan doesn’t make the front end. The reason I won’t select a Nissan on my next vehicle buying experience is because they made a poor supply chain decision, and then expect me to live with it even though the rest of the vehicle performed to spec.
This isn’t hard to understand. Tech is going to need to start owning THE ENTIRE product going forward.
“Not my problem, it was the bank.” - this isn’t going to sell more ApplePay. Who is in a better position to exert influence on the bank? Not the defrauded end-user.
by = buy
Apple should buy a bank? That’s stupid, I shan’t count the ways.
Own “the entire product”? As in Crutchfield become an audio equipment manufacturer and buy a music recording studio? or Ford buy Texaco and change pumps so only their gas can be used, all arranged so only private Ford-owned roads can be driven on? or Olive Garden only serve food grown by wholly-owned subsidiary farms? Ain’t happening.
Kick non-compliant banks out of the process, yes. The product just launched 5 months ago, we’re not talking a long established service here. I’m sure Apple is having some rather animated private meetings with banks, and may very well have a timetable for partners to shape up or get shoved out. Remember, you just heard about this, what, today? takes a little time for a new large-scale service to get started and shake the stupid out of partners.
BTW: an absolutely key point seems you’ve completely missed is...
This doesn’t affect cardholders who legitimately sign up. Anyone who attaches their own card to Apple Pay doesn’t have a problem. Ergo, it doesn’t discourage people from signing up because those who do don’t have a problem.
This ONLY affect STOLEN CARDS. If a bank is stupid enough to not verify cards with the required 2-factor authentication, then they (and the BANK’S customers) have to eat the cost of fraud. Legit Apple Pay users in general are not victims of this, the bank customers are.
Your car analogy fails because it applies to all Quest cars, breaking for legitimate owners. The analogy would fit if your mechanical problems with it ONLY affected stolen Quests which theives then took to repair shops for free warranty service (the actual cost of fraudulently-obtained service then being passed on to legit buyers).
What’s stupid about Apple becoming a bank and then spinning it off later if it wants out?
Both Apple and MSFT had talked about morphing into banks in the past.
As a bank, they could operate on some sort of modified wire transfer basis and cut out the human. It’s not a horrible idea. Add to that they can cut the bank out of their current currency arbitrage process and there are all kinds of reasons why a bank makes sense.
Why have branches when you have Facetime and ApplePay?
Rather than go into ALl the reasons, what is a show-stopper reason why a company with the free cash of Apple not do something like this. One showstopper is the SEC. I get that, potentially.
What would be another? Any business that had a cash register and a bank account to give cash to an Apple banking customer and that business would automatically see funds in their account for the amount of the cash, plus a fee for their trouble. The whole world could be a teller, for the most part. Loans would be a little different, and maybe you stay out of those for now.
I don’t know. You want to talk about really having transaction traffic - be your own bank.
Showstopper? Banking is not a subset of making computers. It’s a completely unrelated industry. Businesses which dive deep into very large industries which have nothing to do with their core competencies rarely survive. It’s as stupid as the assorted examples I gave and apparently you didn’t read, so I’ll just stop here.
All the fees associated with Apple Pay transactions are paid by the bank. Apple becoming the bank result in Apple having to pay itself for the transactions.
They are paid by the customer, ultimately. Apple being a bank means they double-end the deal. That’s bad, how?
Core competencies, like iTunes?
What’s selling music got to do with making computers?
Believe me, companies as big as Apple and Microsoft are nearly operating as banks as we speak.
Handling cash is what they do. It’s a massive part of what they do. I’m shocked they haven’t tried becoming their own bank a long time ago.
Google’s making cars now. Drones.
There has to be real showstoppers as to why they don’t want to be a bank, but it isn’t because it isn’t a core competency. It very much is. MSFT made almost $100M in currency arbitrage in 2013. That’s a rounding error in their revenue report, but it’s still a ton of cash. Apple’s pulling in even more than that.
No cards to issue. No fees to third party banks. No encryption or security issues. AppleBank would be clean.
It will create a potential conflict of interest that could cause the rest of the banks to bail.
Nice list of non-sequiturs there.
iTunes is pretty straightforward to operate, being little more than a giant file server. Lots of people hate it. Apple created it just to streamline music player sales and to draw/keep people in the iOS ecosystem. You can still get music from many other sources. Your analogy backfires because piracy is rampant, and Apple had to cut some awfully pricy deals with studios to tolerate it (note it was NOT solved by buying a music publisher).
Google doesn’t make cars beyond a few prototypes to explore the possibilities of self-driving. They didn’t buy a cell phone manufacturer to promote Android. You can’t buy a Google Drone.
There’s a big difference between being a combination manufacturer and specialized retailer, vs taking on banking outright. Yeah, there’s big money in a Apple Pay Bank, but there’s much bigger - and easier - money in letting a whole lotta other banks pay for your service and handle the extensive details of customer relations & high-risk investing. Phillips doesn’t manufacture CDs or own recording studios & publishers, they just get a little fraction of every single CD out there - and it’s serving them very well without the headaches.
Stick to your core competencies. Reach out too far, you die. Remember, Apple doesn’t even do their own manufacturing - they contract out to other manufacturers. Why would they buy/be a bank when they don’t even make their own products?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.