Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Apple Pay: A Necessary Push To Transform Consumer Payments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
9/12/2014 | 7:46:20 AM
Device Account Number
Lucas, I really like this concept and it sounds very promising, but I'm not sure I totally understand how it works. So, for each transaction, Apple Pay creates a unique "Device Account Number" that is stored in the SIM card in your iPhone. But where does the Device Account Number come from? From the card company?
User Rank: Ninja
9/11/2014 | 8:53:35 PM
Re: The entire article falls apart at "Hopefully"
I hear you, I would think they would either hash or encrypt data at rest. They would not be able take a risk of credit card numbers being compromised. This is more regulated than the pictures we uploaded to iCloud which nobody really cares unless you are a celebrity.
User Rank: Ninja
9/11/2014 | 8:49:36 PM
Re: The entire article falls apart at "Hopefully"
I agree, handing over the credit card would more risky than using NFC with your iPhone.
User Rank: Ninja
9/11/2014 | 8:47:17 PM
I like the article, thanks for sharing it. I will most likely use Apple Pay simply because it is convenient. However we should not assume that the solution is secure enough that we feel comfortable. Keep in mind that the credit card itself provides two-factor authentication and unconnected, our iPhones may not provide the same capabilities because it is connected.
User Rank: Apprentice
9/11/2014 | 4:41:51 PM
Re: The entire article falls apart at "Hopefully"
We're already at risk of credit card data theft. I have an iPhone, and I'd rather pay via Apple Pay or similar service than hand out my card to all kinds of merchants out there. I have actually being carrying more cash on hand lately with all the security breaches going on.
User Rank: Apprentice
9/11/2014 | 1:52:20 PM
The entire article falls apart at "Hopefully"
From the article:

"Hopefully, Apple has implemented significant and sophisticated measures into protecting card data stored in the iPhones' Passbook from theft or unauthorized use. Regardless, removing sensitive payment data from the merchants' hands is a necessary step to solve the increased breach epidemic retailers have been facing."


If Apple cant keep private data (pictures and backups safe) what makes you think they can keep your personal finance information safe?

Lets all jump on the Apple bandwagon as quick as humanly possible because Apple can do no wrong, or when they do - its no big deal.

I understand this puts progress in a crux and I don't have a perfect answer - but I fear for the sheeple that will blindly follow and potentially expose themselves to risk of giving up their credit card information. 
<<   <   Page 2 / 2

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-02-08
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting
PUBLISHED: 2023-02-08
Missing authentication when creating and managing the B&amp;R APROL database in versions &lt; R 4.2-07 allows reading and changing the system configuration.
PUBLISHED: 2023-02-08
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.
PUBLISHED: 2023-02-08
Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.
PUBLISHED: 2023-02-08
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.