Discussion:
Apple Pay
(too old to reply)
Your Name
2014-09-10 01:52:52 UTC
Permalink
Looks like people who steal credit cards are going to have an even
easier job - they won't even need to take the card itself, just a quick
photo of it will do ...

Users can add credit cards to Apple Pay by taking a photo
of their card.

"Setup involves either granting Apple Pay access
to whatever existing credit card you have on
file with iTunes or adding a second card: you
can do that by taking a photo of the card
itself. We've seen the same system used in
Uber's app, among others, and generally it does
a solid job of recognizing characters."
Jolly Roger
2014-09-10 02:01:25 UTC
Permalink
Post by Your Name
Looks like people who steal credit cards are going to have an even
easier job - they won't even need to take the card itself, just a quick
photo of it will do ...
Users can add credit cards to Apple Pay by taking a photo
of their card.
"Setup involves either granting Apple Pay access
to whatever existing credit card you have on
file with iTunes or adding a second card: you
can do that by taking a photo of the card
itself. We've seen the same system used in
Uber's app, among others, and generally it does
a solid job of recognizing characters."
Seriously? *That's* what you took away from it? *smh*
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
jackson
2014-09-10 02:14:01 UTC
Permalink
Post by Your Name
Looks like people who steal credit cards are going to have an even
easier job - they won't even need to take the card itself, just a quick
photo of it will do ...
Users can add credit cards to Apple Pay by taking a photo
of their card.
"Setup involves either granting Apple Pay access
to whatever existing credit card you have on
file with iTunes or adding a second card: you
can do that by taking a photo of the card
itself. We've seen the same system used in
Uber's app, among others, and generally it does
a solid job of recognizing characters."
The presentation says that you have to take it to your
bank to prove that its your card before it can be added.
nospam
2014-09-10 02:29:45 UTC
Permalink
Post by jackson
The presentation says that you have to take it to your
bank to prove that its your card before it can be added.
where did they say that?

they did say you just take a photo of the card to add it, presumably
with some sort of validation, otherwise people could have a field day
with photoshopping card photos.
jackson
2014-09-10 02:38:26 UTC
Permalink
Post by nospam
Post by jackson
The presentation says that you have to take it to your
bank to prove that its your card before it can be added.
where did they say that?
Just after saying that bit about the photo.
Post by nospam
they did say you just take a photo of the card to add it,
For the phone to get the details off the photo so you
don't have to type them in manually, quite a good idea.
Post by nospam
presumably with some sort of validation,
That's where they said you had to go to the bank
to have the bank validate that it is your card.
Post by nospam
otherwise people could have a field
day with photoshopping card photos.
Yeah, they aren't stupid enough to just have the photo.
nospam
2014-09-10 02:43:36 UTC
Permalink
Post by jackson
Post by nospam
Post by jackson
The presentation says that you have to take it to your
bank to prove that its your card before it can be added.
where did they say that?
Just after saying that bit about the photo.
specifically what did they say?
do you have a link or timecode?
Post by jackson
Post by nospam
they did say you just take a photo of the card to add it,
For the phone to get the details off the photo so you
don't have to type them in manually, quite a good idea.
it makes it much easier to add cards and eliminates typos.
Post by jackson
Post by nospam
presumably with some sort of validation,
That's where they said you had to go to the bank
to have the bank validate that it is your card.
there isn't always a bank to go to.

for instance, there isn't anywhere to go for capital one or american
express and the others may not have a local branch.
jackson
2014-09-10 03:00:20 UTC
Permalink
Post by nospam
Post by jackson
Post by nospam
Post by jackson
The presentation says that you have to take it to your
bank to prove that its your card before it can be added.
where did they say that?
Just after saying that bit about the photo.
specifically what did they say?
Some comment about going to the bank, which
caused me to groan, too primitive for me.
Post by nospam
do you have a link or time code?
Fraid not. What I was watching the last bit of the live feed
on doesn't work anymore and the full thing isnt visible to
me at all yet.
Post by nospam
Post by jackson
Post by nospam
they did say you just take a photo of the card to add it,
For the phone to get the details off the photo so you
don't have to type them in manually, quite a good idea.
it makes it much easier to add cards and eliminates typos.
Yeah, good idea. They did also say that the card you
already have setup to do the app store purchases
with would be used by default, but that other cards
could be added that way.
Post by nospam
Post by jackson
Post by nospam
presumably with some sort of validation,
That's where they said you had to go to the bank
to have the bank validate that it is your card.
there isn't always a bank to go to.
Yeah, only one of mine has a physical branch
in my town and some of them don't have any
physical branches at all, anywhere.

But you can still open an account with those
using some form of proof of identity, usually
at the local post office, but sometimes entirely
online.
Post by nospam
for instance, there isn't anywhere to go for capital one or
american express and the others may not have a local branch.
Yeah, that's the other reason I groaned when I heard him say that.

Presumably he didn't intend to cover all the possibilities.

You don't have to do anything like that when setting up
your iphone and that card will be used by the payments
system initially, with others able to be added.

Presumably the apple site will spell out the detail eventually.
JF Mezei
2014-09-10 03:06:38 UTC
Permalink
Post by jackson
Some comment about going to the bank, which
caused me to groan, too primitive for me.
If you go to your bank with your credit card, what is the bank to do ?
Have the bank manager take a selfie with you and send it to Apple ? Not !

The only thing I could think of is that perhaps banks have to add a flag
to your credit card to enable those types of transactions and possibly
set a purchasing limit.

(in canada a purchase above certauin amount can be done with paywave and
you have to use chip/pin.)


Quite possible that such an operation could be done over the phone.
jackson
2014-09-10 03:17:23 UTC
Permalink
Post by JF Mezei
Post by jackson
Some comment about going to the bank, which
caused me to groan, too primitive for me.
If you go to your bank with your credit card, what is the bank to do ?
Presumably get you to answer the security questions they
have on file for you and supply the PIN or something.
Post by JF Mezei
Have the bank manager take a selfie with you and send it to Apple ? Not !
That would kill too many phones with the average bank manager, silly.
Post by JF Mezei
The only thing I could think of is that perhaps banks have to add a flag
to your credit card to enable those types of transactions and possibly
set a purchasing limit.
Trouble with that line is that he did say that it would use
the card you use for your app store purchases by default
and that photo thing was only for adding extra cards.
Post by JF Mezei
(in canada a purchase above certauin amount can be
done with paywave and you have to use chip/pin.)
Yeah, same system here in Australia. And when
you want to get cash from the self checkouts too.
Post by JF Mezei
Quite possible that such an operation could be done over the phone.
We can do all that stuff using online banking
in fact the bank which pays the best interest
rates on savings, actively discourages you
from ringing them and says quite explicitly
on their web site that if you don't like that,
maybe they aren't the bank for you.
nospam
2014-09-10 03:33:31 UTC
Permalink
Post by jackson
Post by JF Mezei
Post by jackson
Some comment about going to the bank, which
caused me to groan, too primitive for me.
If you go to your bank with your credit card, what is the bank to do ?
Presumably get you to answer the security questions they
have on file for you and supply the PIN or something.
that can be done on the phone.

it's likely the same validation process would be as if you logged into
their web site for the first time.
jackson
2014-09-10 04:46:42 UTC
Permalink
Post by nospam
Post by jackson
Post by JF Mezei
Post by jackson
Some comment about going to the bank, which
caused me to groan, too primitive for me.
If you go to your bank with your credit card, what is the bank to do ?
Presumably get you to answer the security questions they
have on file for you and supply the PIN or something.
that can be done on the phone.
Doesn't explain why the bank was explicitly mentioned.

Maybe because they want to avoid the situation where
both the phone and the cards are stolen at the same time.
Post by nospam
it's likely the same validation process would be as
if you logged into their web site for the first time.
Doesn't explain why the bank was explicitly mentioned.
nospam
2014-09-10 04:49:19 UTC
Permalink
Post by jackson
Maybe because they want to avoid the situation where
both the phone and the cards are stolen at the same time.
which is why there would be a validation process.
Jolly Roger
2014-09-10 06:19:27 UTC
Permalink
Post by jackson
Post by nospam
Post by jackson
Post by JF Mezei
Post by jackson
Some comment about going to the bank, which
caused me to groan, too primitive for me.
If you go to your bank with your credit card, what is the bank to do ?
Presumably get you to answer the security questions they
have on file for you and supply the PIN or something.
that can be done on the phone.
Doesn't explain why the bank was explicitly mentioned.
Maybe because they want to avoid the situation where
both the phone and the cards are stolen at the same time.
Post by nospam
it's likely the same validation process would be as
if you logged into their web site for the first time.
Doesn't explain why the bank was explicitly mentioned.
I'm pretty sure I know the portion of the event you are talking about,
and I think you misheard. As I recall, they didn't say *you* have to
*physically* go to the bank. Rather they said something to the effect of
"when you add a card, we contact the bank to verify it's really your
card". What I got out of it is that when you add a credit card, Apple
will contact the bank for that credit card, probably over a network
connection, and verify that the card you scanned is in fact your card.
The process is probably fairly quick - certainly faster than getting in
your car, or making a voice phone call to do it.
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
nospam
2014-09-10 06:27:28 UTC
Permalink
Post by Jolly Roger
Post by jackson
Post by nospam
it's likely the same validation process would be as
if you logged into their web site for the first time.
Doesn't explain why the bank was explicitly mentioned.
I'm pretty sure I know the portion of the event you are talking about,
and I think you misheard. As I recall, they didn't say *you* have to
*physically* go to the bank. Rather they said something to the effect of
"when you add a card, we contact the bank to verify it's really your
card". What I got out of it is that when you add a credit card, Apple
will contact the bank for that credit card, probably over a network
connection, and verify that the card you scanned is in fact your card.
The process is probably fairly quick - certainly faster than getting in
your car, or making a voice phone call to do it.
there *has* to be some sort of user verification.

simply taking a photo of a card is *not* going to work and they'll get
reamed for something so trivially hackable.

they got caught with their pants down already (literally) and they're
not going to make that mistake again.
Lewis
2014-09-10 05:48:30 UTC
Permalink
Post by jackson
Post by nospam
Post by jackson
Post by nospam
Post by jackson
The presentation says that you have to take it to your
bank to prove that its your card before it can be added.
where did they say that?
Just after saying that bit about the photo.
specifically what did they say?
Some comment about going to the bank, which
caused me to groan, too primitive for me.
There is no need to go out and stand in line at your bank.
--
Love seeketh not itself to please Nor for itself hath any care But for
another gives its ease And builds a heaven in Hell's despair
Michelle Steiner
2014-09-10 03:18:54 UTC
Permalink
Post by nospam
there isn't always a bank to go to.
for instance, there isn't anywhere to go for capital one or american
express and the others may not have a local branch.
Or USAA unless you live in San Antonio.
Michelle Steiner
2014-09-10 03:18:19 UTC
Permalink
Post by jackson
Post by nospam
presumably with some sort of validation,
That's where they said you had to go to the bank
to have the bank validate that it is your card.
You do not have to go to the bank; you do it on line.
jackson
2014-09-10 03:28:54 UTC
Permalink
Post by Michelle Steiner
Post by jackson
Post by nospam
presumably with some sort of validation,
That's where they said you had to go to the bank
to have the bank validate that it is your card.
You do not have to go to the bank; you do it on line.
I'm sure he used the word 'go to' but
he may have not meant that literally.
Savageduck
2014-09-10 04:30:46 UTC
Permalink
Post by Michelle Steiner
Post by jackson
Post by nospam
presumably with some sort of validation,
That's where they said you had to go to the bank
to have the bank validate that it is your card.
You do not have to go to the bank; you do it on line.
I would imagine they do it the same way PayPal does a bank validation.
The make 2 small in and out transactions to the account, usually just a
few cents. Then you have to validate the amounts from your online
statement, either bank or credit card.
--
Regards,

Savageduck
Rod Speed
2014-09-10 05:05:26 UTC
Permalink
Post by Michelle Steiner
Post by jackson
Post by nospam
presumably with some sort of validation,
That's where they said you had to go to the bank
to have the bank validate that it is your card.
You do not have to go to the bank; you do it on line.
I would imagine they do it the same way PayPal does a bank validation. The
make 2 small in and out transactions to the account, usually just a few
cents. Then you have to validate the amounts from your online statement,
either bank or credit card.
Doesn’t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.

There is a decent web page on Apple Pay,
but it doesn’t mention that detail at all.
Savageduck
2014-09-10 05:19:47 UTC
Permalink
Post by Rod Speed
Post by Savageduck
Post by Michelle Steiner
Post by jackson
Post by nospam
presumably with some sort of validation,
That's where they said you had to go to the bank
to have the bank validate that it is your card.
You do not have to go to the bank; you do it on line.
I would imagine they do it the same way PayPal does a bank validation.
The make 2 small in and out transactions to the account, usually just a
few cents. Then you have to validate the amounts from your online
statement, either bank or credit card.
Doesn’t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
There is a decent web page on Apple Pay,
but it doesn’t mention that detail at all.
Well it is only speculation on my part until Apple tells us what the
procedure will actually be.

What I would be interested in finding out is, if the Apple Watch is
supported by all of the iPhone 5 family, and the iP6 & iP6+; will the
Apple Pay system work with the Apple Watch & and iP5S even though the
iP5S doesn't support Apple Pay?
--
Regards,

Savageduck
nospam
2014-09-10 05:36:58 UTC
Permalink
Post by Savageduck
What I would be interested in finding out is, if the Apple Watch is
supported by all of the iPhone 5 family, and the iP6 & iP6+; will the
Apple Pay system work with the Apple Watch & and iP5S even though the
iP5S doesn't support Apple Pay?
apple pay on a 5/5s needs a watch and has some limitations.
on a 6/6+ no watch is required.
Rod Speed
2014-09-10 06:54:38 UTC
Permalink
Post by Savageduck
Post by Rod Speed
Post by Savageduck
Post by Michelle Steiner
Post by jackson
Post by nospam
presumably with some sort of validation,
That's where they said you had to go to the bank
to have the bank validate that it is your card.
You do not have to go to the bank; you do it on line.
I would imagine they do it the same way PayPal does a bank validation.
The make 2 small in and out transactions to the account, usually just a
few cents. Then you have to validate the amounts from your online
statement, either bank or credit card.
Doesn’t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
There is a decent web page on Apple Pay,
but it doesn’t mention that detail at all.
Well it is only speculation on my part until Apple tells us what the
procedure will actually be.
What I would be interested in finding out is, if the Apple Watch is
supported by all of the iPhone 5 family,
That web page does say that, and for the payment system too.
Post by Savageduck
and the iP6 & iP6+; will the Apple Pay system work with the Apple Watch &
and iP5S even though the iP5S doesn't support Apple Pay?
Yes, the web page says that explicitly too.
http://www.apple.com/apple-pay/
Michelle Steiner
2014-09-10 06:27:51 UTC
Permalink
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
David Empson
2014-09-10 10:09:10 UTC
Permalink
Post by Michelle Steiner
Doesn't explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Confirming Michelle's point:

The podcast of the keynote is available now. The relevant part is from
about 48:36. I misunderstood this bit when watching it live but got it
this time.

In reference to adding a new card, Eddy Cue says:

"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."

He is describing what Apple does with the data gathered from the card.
Apple "goes" to the bank for verification that it is your card, implying
that it is a rapid and automatic process.
--
David Empson
***@actrix.gen.nz
Rod Speed
2014-09-10 10:30:22 UTC
Permalink
Post by David Empson
Post by Michelle Steiner
Doesn't explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
The podcast of the keynote is available now. The relevant part is from
about 48:36. I misunderstood this bit when watching it live but got it
this time.
"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."
He is describing what Apple does with the data gathered from the card.
You don’t know that.
Post by David Empson
Apple "goes" to the bank for verification that it is your card,
Not even possible for Apple to do that.
Post by David Empson
implying that it is a rapid and automatic process.
Bullshit.
David Empson
2014-09-10 10:40:04 UTC
Permalink
Post by David Empson
Post by Michelle Steiner
Doesn't explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
The podcast of the keynote is available now. The relevant part is from
about 48:36. I misunderstood this bit when watching it live but got it
this time.
"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."
He is describing what Apple does with the data gathered from the card.
You don't know that.
Which part of the sentence starting with "We take a picture ..." do you
not understand?
Post by David Empson
Apple "goes" to the bank for verification that it is your card,
Not even possible for Apple to do that.
They can do it for verifying credit cards registered on iTunes Store
accounts, so why should this be any different?
--
David Empson
***@actrix.gen.nz
Rod Speed
2014-09-10 11:08:36 UTC
Permalink
Post by David Empson
Post by David Empson
Post by Michelle Steiner
Doesn't explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
The podcast of the keynote is available now. The
relevant part is from about 48:36. I misunderstood
this bit when watching it live but got it this time.
"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."
He is describing what Apple does with the data gathered from the card.
You don't know that.
Which part of the sentence starting with "We
take a picture ..." do you not understand?
I understand that the photo of the card
is JUST an easier/better way of getting
the data that can be seen than typing it in.
Post by David Empson
Post by David Empson
Apple "goes" to the bank for verification that it is your card,
Not even possible for Apple to do that.
They can do it for verifying credit cards
registered on iTunes Store accounts,
Bullshit they can on who owns the card.
Post by David Empson
so why should this be any different?
Because they can't actually do what you claim.

ALL they can actually do is verify that it’s a valid card.
David Empson
2014-09-10 13:28:10 UTC
Permalink
Post by Rod Speed
Post by David Empson
Post by David Empson
Post by Michelle Steiner
Doesn't explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
The podcast of the keynote is available now. The
relevant part is from about 48:36. I misunderstood
this bit when watching it live but got it this time.
"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."
He is describing what Apple does with the data gathered from the card.
You don't know that.
Which part of the sentence starting with "We
take a picture ..." do you not understand?
I understand that the photo of the card
is JUST an easier/better way of getting
the data that can be seen than typing it in.
Post by David Empson
Post by David Empson
Apple "goes" to the bank for verification that it is your card,
Not even possible for Apple to do that.
They can do it for verifying credit cards registered on iTunes Store
accounts,
Bullshit they can on who owns the card.
Apple already have the personal details (such as name and address) from
the user's Apple ID and any credit card already on file for that Apple
ID, plus an image of the new credit card from which they can get the
card number, expiry date and customer name.

As long as the personal details from the Apple ID can be verified by the
card company and/or bank as matching their records of the card holder,
it should just work without the user having to do anything more than
take the picture of the front of the card.

In situations where the personal details do not match (or the Apple ID
has minimal information), there would need to be a more complex
verification mechanism. I expect it would be sufficient to ask for the
user to enter the same data that iTunes requires when registering a
credit card, including the billing address and verification code on the
back of the card.

Apple didn't bother describing that scenario in the keynote, as it would
be rare when adding a second card, since the personal data must already
be present for the first card and would typically match for all cards
owned by the same person.
--
David Empson
***@actrix.gen.nz
Rod Speed
2014-09-10 19:44:46 UTC
Permalink
Post by David Empson
Post by Rod Speed
Post by David Empson
Post by David Empson
Post by Michelle Steiner
Doesn't explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
The podcast of the keynote is available now. The
relevant part is from about 48:36. I misunderstood
this bit when watching it live but got it this time.
"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."
He is describing what Apple does with the data gathered from the card.
You don't know that.
Which part of the sentence starting with "We
take a picture ..." do you not understand?
I understand that the photo of the card
is JUST an easier/better way of getting
the data that can be seen than typing it in.
Post by David Empson
Post by David Empson
Apple "goes" to the bank for verification that it is your card,
Not even possible for Apple to do that.
They can do it for verifying credit cards
registered on iTunes Store accounts,
Bullshit they can on who owns the card.
Apple already have the personal details (such as
name and address) from the user's Apple ID and
any credit card already on file for that Apple ID,
That doesn’t necessarily help them to work out whether
the new card is owned by that individual, most obviously
with kids and those who have not bothered to give Apple
any credit card.
Post by David Empson
plus an image of the new credit card from which they can
get the card number, expiry date and customer name.
Yes, but all that does is show that name is a rough match
SOME of the time.
Post by David Empson
As long as the personal details from the Apple ID can be verified by the
card company and/or bank as matching their records of the card holder,
Which likely the FI wont be able to do much of the time.
Post by David Empson
it should just work without the user having to do anything
more than take the picture of the front of the card.
That doesn’t prove that the person adding the card actually owns it.

The photo is just a quick alternative to tapping in the details on the card.
Post by David Empson
In situations where the personal details do not match
(or the Apple ID has minimal information), there would
need to be a more complex verification mechanism.
And it fact there is no verification at all with the
initial card that is supplied for the Apple ID, JUST
a check that it’s a valid card owned by someone.

So anyone wanting to scam the system can just create
a new Apple ID and loot that account using Apple Pay.
Post by David Empson
I expect it would be sufficient to ask for the user
to enter the same data that iTunes requires when
registering a credit card, including the billing
address and verification code on the back of the card.
Even that isnt very viable with people who move around a lot.
Post by David Empson
Apple didn't bother describing that scenario in the keynote,
as it would be rare when adding a second card, since the
personal data must already be present for the first card
But there is no verification with that card at all, just that
it is a valid card that hasn’t been reported as stolen etc.
Post by David Empson
and would typically match for all
cards owned by the same person.
Mine do vary considerably even with a simple
name like mine and that is my real name.

We do have some quite onerous ID requirements
when opening a new bank account etc and that
does require using other proof of identity like
a photo driver's license, passport or birth certificate
etc, but those do mostly require some presentation
of the ID documents in person.

We also require that for a new cellphone/mobile
account, and that can be done online, but one of
the IDs that is acceptable is a driver's license, but
my state does not allow anyone access to the
driver's license details from the number so there
is no way for the online system to check if the ID
supplied actually matches the name and address given.

Even the US social security number system has holes
in it you can drive a full carrier battle group thru.
JF Mezei
2014-09-10 16:38:09 UTC
Permalink
Post by David Empson
Which part of the sentence starting with "We take a picture ..." do you
not understand?
Apple's web site says you can enter the info manually, or take a picture
of it.

Your explanation in previous post makes sense. Apple takes the info,
gets an authorization for minimal amount with all your personal info
(address) sent to the bank. If bank verifies, then card is added.
Rod Speed
2014-09-10 20:01:34 UTC
Permalink
Post by JF Mezei
Post by David Empson
Which part of the sentence starting with
"We take a picture ..." do you not understand?
Apple's web site says you can enter the
info manually, or take a picture of it.
Your explanation in previous post makes sense. Apple takes the info,
gets an authorization for minimal amount with all your personal info
(address) sent to the bank. If bank verifies, then card is added.
But they don't do it that way with the original card for the Apple ID,
so all a thief has to do is create a new Apple ID to loot a stolen card.

And they can't just require that verification process
with the initial card for all Apple IDs either, because
that would mean that kids can't have Apple IDs.
nospam
2014-09-10 20:56:14 UTC
Permalink
Post by Rod Speed
Post by JF Mezei
Post by David Empson
Which part of the sentence starting with
"We take a picture ..." do you not understand?
Apple's web site says you can enter the
info manually, or take a picture of it.
Your explanation in previous post makes sense. Apple takes the info,
gets an authorization for minimal amount with all your personal info
(address) sent to the bank. If bank verifies, then card is added.
But they don't do it that way with the original card for the Apple ID,
so all a thief has to do is create a new Apple ID to loot a stolen card.
adding a card to an apple id account validates it. if the name/address
doesn't match, it's rejected.
Post by Rod Speed
And they can't just require that verification process
with the initial card for all Apple IDs either, because
that would mean that kids can't have Apple IDs.
credit cards are not required for an apple id.
Rod Speed
2014-09-10 21:45:56 UTC
Permalink
Post by nospam
Post by Rod Speed
Post by JF Mezei
Post by David Empson
Which part of the sentence starting with
"We take a picture ..." do you not understand?
Apple's web site says you can enter the
info manually, or take a picture of it.
Your explanation in previous post makes sense. Apple takes the info,
gets an authorization for minimal amount with all your personal info
(address) sent to the bank. If bank verifies, then card is added.
But they don't do it that way with the original card for the Apple ID,
so all a thief has to do is create a new Apple ID to loot a stolen card.
adding a card to an apple id account validates it.
Doesn't validate that its your card, most obviously with kids.
Post by nospam
if the name/address doesn't match, it's rejected.
Wrong, most obviously with kids.
Post by nospam
Post by Rod Speed
And they can't just require that verification process
with the initial card for all Apple IDs either, because
that would mean that kids can't have Apple IDs.
credit cards are not required for an apple id.
Some way of paying for stuff is required tho.
nospam
2014-09-10 21:53:33 UTC
Permalink
Post by Rod Speed
Post by nospam
Post by Rod Speed
But they don't do it that way with the original card for the Apple ID,
so all a thief has to do is create a new Apple ID to loot a stolen card.
adding a card to an apple id account validates it.
Doesn't validate that its your card, most obviously with kids.
Post by nospam
if the name/address doesn't match, it's rejected.
Wrong, most obviously with kids.
kids don't have credit cards.

it *does* validate the card and if the card name/address does not match
that of the apple id, it will not work.
Post by Rod Speed
Post by nospam
Post by Rod Speed
And they can't just require that verification process
with the initial card for all Apple IDs either, because
that would mean that kids can't have Apple IDs.
credit cards are not required for an apple id.
Some way of paying for stuff is required tho.
there is no requirement that an apple id user buy something.

those without credit cards on file can use gift cards.
Rod Speed
2014-09-10 22:23:05 UTC
Permalink
Post by nospam
Post by Rod Speed
Post by nospam
Post by Rod Speed
But they don't do it that way with the original card for the Apple ID,
so all a thief has to do is create a new Apple ID to loot a stolen card.
adding a card to an apple id account validates it.
Doesn't validate that its your card, most obviously with kids.
Post by nospam
if the name/address doesn't match, it's rejected.
Wrong, most obviously with kids.
kids don't have credit cards.
They do here, and I said cards anyway, not credit cards.
Post by nospam
it *does* validate the card
But not whether its YOUR CARD or not.

You can put a card on a kid's Apple ID fine.
Post by nospam
and if the card name/address does not
match that of the apple id, it will not work.
Wrong, as always. I've done it for a kid's Apple ID.
Post by nospam
Post by Rod Speed
Post by nospam
Post by Rod Speed
And they can't just require that verification process
with the initial card for all Apple IDs either, because
that would mean that kids can't have Apple IDs.
credit cards are not required for an apple id.
Some way of paying for stuff is required tho.
there is no requirement that an apple id user buy something.
But most of them do anyway.
Post by nospam
those without credit cards on file can use gift cards.
And debit cards work fine. And the name
and address doesn't have to match too.
Rod Speed
2014-09-11 06:26:33 UTC
Permalink
Post by Rod Speed
Post by nospam
Post by Rod Speed
Post by nospam
Post by Rod Speed
But they don't do it that way with the original card for the Apple ID,
so all a thief has to do is create a new Apple ID to loot a stolen card.
adding a card to an apple id account validates it.
Doesn't validate that its your card, most obviously with kids.
Post by nospam
if the name/address doesn't match, it's rejected.
Wrong, most obviously with kids.
kids don't have credit cards.
They do here, and I said cards anyway, not credit cards.
a debit card does not change anything
Irrelevant, they are fine for paying for things.
and most kids don't have those either.
Bullshit.
Post by Rod Speed
Post by nospam
it *does* validate the card
But not whether its YOUR CARD or not.
You can put a card on a kid's Apple ID fine.
it will validate any card added,
Bullshit. All it does is check that it works.
and if it's the kid's, the last name and
address will almost always match.
Even sillier than you usually manage.

And there is no way to check that address matches anyway.
Post by Rod Speed
Post by nospam
and if the card name/address does not
match that of the apple id, it will not work.
Wrong, as always. I've done it for a kid's Apple ID.
i've done it and it rejected it because
of a name/address mismatch.
The ones I did worked fine.
it *has* to validate it, otherwise thieves would have a field day.
But there is no way to get the address that bank has.
Post by Rod Speed
Post by nospam
Post by Rod Speed
Post by nospam
Post by Rod Speed
And they can't just require that verification process
with the initial card for all Apple IDs either, because
that would mean that kids can't have Apple IDs.
credit cards are not required for an apple id.
Some way of paying for stuff is required tho.
there is no requirement that an apple id user buy something.
But most of them do anyway.
that doesn't matter.
Corse it does when discussing payment systems.
the fact is that it's not required.
Irrelevant to whether its perfectly possible to have
a card on a kid's Apple ID that gets accepted fine.
Post by Rod Speed
Post by nospam
those without credit cards on file can use gift cards.
And debit cards work fine. And the name
and address doesn't have to match too.
a debit card does not change anything
Its fine for paying for stuff, which is what is being discussed.
and the name/address *is* part of the verification.
Bullshit. There is no way for Apple to see
what address the bank has for that card.

There's a reason PayPal etc doesn't do what
you claim Apple does, it isnt even possible.
nospam
2014-09-11 06:32:37 UTC
Permalink
Post by Rod Speed
and the name/address *is* part of the verification.
Bullshit. There is no way for Apple to see
what address the bank has for that card.
apple doesn't have to see the address.

the info is sent to the bank which verifies it.

standard stuff for credit card processing.
Post by Rod Speed
There's a reason PayPal etc doesn't do what
you claim Apple does, it isnt even possible.
paypal validates cards added.
Rod Speed
2014-09-11 07:07:56 UTC
Permalink
Post by nospam
Post by Rod Speed
and the name/address *is* part of the verification.
Bullshit. There is no way for Apple to see
what address the bank has for that card.
apple doesn't have to see the address.
the info is sent to the bank which verifies it.
You don't know that.
Post by nospam
standard stuff for credit card processing.
Even sillier than you usually manage.
Post by nospam
Post by Rod Speed
There's a reason PayPal etc doesn't do what
you claim Apple does, it isnt even possible.
paypal validates cards added.
But not by getting the bank to check that the address
they have is the same as the address the bank has.
nospam
2014-09-11 17:20:13 UTC
Permalink
Post by nospam
Post by Rod Speed
and the name/address *is* part of the verification.
Bullshit. There is no way for Apple to see
what address the bank has for that card.
apple doesn't have to see the address.
the info is sent to the bank which verifies it.
You don't know that.
yes i do.
Rod Speed
2014-09-11 20:01:03 UTC
Permalink
Post by nospam
Post by nospam
Post by Rod Speed
and the name/address *is* part of the verification.
Bullshit. There is no way for Apple to see
what address the bank has for that card.
apple doesn't have to see the address.
the info is sent to the bank which verifies it.
You don't know that.
yes i do.
Like hell you do.
nospam
2014-09-12 16:21:36 UTC
Permalink
Post by Rod Speed
Post by nospam
Post by nospam
Post by Rod Speed
and the name/address *is* part of the verification.
Bullshit. There is no way for Apple to see
what address the bank has for that card.
apple doesn't have to see the address.
the info is sent to the bank which verifies it.
You don't know that.
yes i do.
Like hell you do.
i do.

it's called address verification and done routinely and returns a
validation code.

<http://www.cybersource.com/developers/other_resources/quick_references/
avs_results/>
Address verification is performed by comparing portions of the
billing address from the request message with address data on file at
the issuing bank. Results are returned for the street address and for
the postal code.

<https://www08.wellsfargomedia.com/downloads/pdf/biz/merchant/visa_avs.p
df>
Why is the billing address such an important factor in reducing the
risk of card-not- present transactions? Because criminals using card
account numbers fraudulently usually do not know the account¹s
related billing address. If a card is stolen or lost, or if the
account number is copied from a sales receipt, a criminal could use
the account number to place fraudulent merchandise orders by
telephone or by personal computer‹typically for items that can be
³fenced² or sold for cash. Since the legitimate cardholder and card
issuer might not be aware of the situation for some time, the card
could be used repeatedly, leaving merchants vulnerable to unknowingly
accepting fraudulent transactions.
Rod Speed
2014-09-12 23:36:51 UTC
Permalink
Post by nospam
Post by Rod Speed
Post by nospam
Post by nospam
Post by Rod Speed
and the name/address *is* part of the verification.
Bullshit. There is no way for Apple to see
what address the bank has for that card.
apple doesn't have to see the address.
the info is sent to the bank which verifies it.
You don't know that.
yes i do.
Like hell you do.
i do.
Like hell you do.
Post by nospam
it's called address verification and done
routinely and returns a validation code.
That isnt what operations like PayPal
use to verify that the card is yours.

And checking whether the thief who stole the card
knows the address doesn't do a damned thing
about whether the thief owns the card ANYWAY.
Post by nospam
<http://www.cybersource.com/developers/other_resources/quick_references/
avs_results/>
Address verification is performed by comparing portions
of the billing address from the request message with
address data on file at the issuing bank. Results are
returned for the street address and for the postal code.
Fat lot of good that is when the thief has stolen both
the card and the card owner's details like the address.
Post by nospam
<https://www08.wellsfargomedia.com/downloads/pdf/biz/merchant/visa_avs.p
df>
Why is the billing address such an important factor
in reducing the risk of card-not- present transactions?
Because criminals using card account numbers fraudulently
usually do not know the account¹s related billing address.
BULLSHIT.
Post by nospam
If a card is stolen or lost, or if the account number is copied
from a sales receipt, a criminal could use the account number
to place fraudulent merchandise orders by telephone or by
personal computer<typically for items that can be ³fenced²
or sold for cash. Since the legitimate cardholder and card
issuer might not be aware of the situation for some time,
the card could be used repeatedly, leaving merchants
vulnerable to unknowingly accepting fraudulent transactions.
So all the thief has to do is steal the address too, stupid.
Your Name
2014-09-10 21:22:37 UTC
Permalink
Post by David Empson
Post by David Empson
Post by Michelle Steiner
Doesn't explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
The podcast of the keynote is available now. The relevant part is from
about 48:36. I misunderstood this bit when watching it live but got it
this time.
"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."
He is describing what Apple does with the data gathered from the card.
You don't know that.
Which part of the sentence starting with "We take a picture ..." do you
not understand?
Hey, it's dimbulb Rod Speed. He's struggling to understand the word
"a", let alone any of the bigger words you used. :-\
Michelle Steiner
2014-09-10 17:16:21 UTC
Permalink
Post by David Empson
"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."
He is describing what Apple does with the data gathered from the card.
You don¹t know that.
Sure he does; that's what Eddy Cue said.
Post by David Empson
Apple "goes" to the bank for verification that it is your card,
Not even possible for Apple to do that.
Goes electronically, you ignorant twat.
Rod Speed
2014-09-10 20:11:16 UTC
Permalink
Post by Michelle Steiner
Post by David Empson
"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."
He is describing what Apple does with the data gathered from the card.
You don¹t know that.
Sure he does; that's what Eddy Cue said.
Cue never said what apple does verification wise.
Post by Michelle Steiner
Post by David Empson
Apple "goes" to the bank for verification that it is your card,
Not even possible for Apple to do that.
Goes electronically, you ignorant twat.
Doesn't matter how its done, that doesn't verify
THAT ITS YOUR CARD, you stupid bull dyke.
Jolly Roger
2014-09-10 15:16:33 UTC
Permalink
Post by David Empson
Post by Michelle Steiner
Doesn't explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
The podcast of the keynote is available now. The relevant part is from
about 48:36. I misunderstood this bit when watching it live but got it
this time.
"But it's also easy to add a new card. You use your iPhone iSight
camera. We take a picture of the card, gather all the information, go to
your bank and verify that's your card, and we add it right to Passbook."
He is describing what Apple does with the data gathered from the card.
Apple "goes" to the bank for verification that it is your card, implying
that it is a rapid and automatic process.
Yup.
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
Rod Speed
2014-09-10 10:23:45 UTC
Permalink
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Michelle Steiner
2014-09-10 17:18:04 UTC
Permalink
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Rod Speed
2014-09-10 22:34:10 UTC
Permalink
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.

He should have said that better if he meant
it is done electronically by Apple. I just don't
believe that it is actually possible to do that
electronically by Apple with the bank, to check
that the address they have for you is the same
as the address you have put on your Apple ID.
Michelle Steiner
2014-09-11 00:27:16 UTC
Permalink
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
He said "*we* go to the bank." He did not say, "you go to the bank,"
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
presumably with some sort of validation,
That's where they said *you* had to go to the bank
to have the bank validate that it is your card.
(Emphasis added.)
Rod Speed
2014-09-11 00:48:15 UTC
Permalink
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
He said "*we* go to the bank."
He said nothing of the sort, you silly little pathological liar.
Post by Michelle Steiner
He did not say, "you go to the bank,"
I never said he did.
Post by Michelle Steiner
as Jackson erroneously reported,
He didn't 'report' anything and no one misheard either.
You're lying thru your teeth as you always do when you
have got done like a fucking dinner, as you always are.
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
presumably with some sort of validation,
That's where they said *you* had to go to the bank
to have the bank validate that it is your card.
(Emphasis added.)
Jolly Roger
2014-09-11 01:39:31 UTC
Permalink
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
He said "*we* go to the bank."
He said nothing of the sort, you silly little pathological liar.
You're wrong.

Here's what he said, verbatim, at 48:40 in the recorded video:

"It's also easy to add a new card. You can use your iPhone iSight
camera. We take a picture of your card, gather all the information, go
to your bank and verify that that's your card, and we add it right to
Passbook."

And while he said this, the audience watched an animation on the demo
screen showing the iPhone iSight taking a picture of the card and the
card being added to Passbook. It was very clear that he was talking
about an automated facility that does this over the network.
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
Michelle Steiner
2014-09-11 01:46:51 UTC
Permalink
Post by Jolly Roger
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn1t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
He said "*we* go to the bank."
He said nothing of the sort, you silly little pathological liar.
You're wrong.
"It's also easy to add a new card. You can use your iPhone iSight
camera. We take a picture of your card, gather all the information, go
to your bank and verify that that's your card, and we add it right to
Passbook."
And while he said this, the audience watched an animation on the demo
screen showing the iPhone iSight taking a picture of the card and the
card being added to Passbook. It was very clear that he was talking
about an automated facility that does this over the network.
In Rod Speed's world, facts that disagree with what he says simply do
not exist.
Rod Speed
2014-09-11 03:40:21 UTC
Permalink
Post by Michelle Steiner
Post by Jolly Roger
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn1t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
He said "*we* go to the bank."
He said nothing of the sort, you silly little pathological liar.
You're wrong.
"It's also easy to add a new card. You can use your iPhone iSight
camera. We take a picture of your card, gather all the information, go
to your bank and verify that that's your card, and we add it right to
Passbook."
And while he said this, the audience watched an animation on the demo
screen showing the iPhone iSight taking a picture of the card and the
card being added to Passbook. It was very clear that he was talking
about an automated facility that does this over the network.
In Rod Speed's world, facts that disagree with what he says simply do
not exist.
He didn't say anything like what you lied.
Rod Speed
2014-09-11 03:32:10 UTC
Permalink
Post by Jolly Roger
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
He said "*we* go to the bank."
He said nothing of the sort, you silly little pathological liar.
You're wrong.
"It's also easy to add a new card. You can use your
iPhone iSight camera. We take a picture of your card,
gather all the information, go to your bank and verify
that that's your card, and we add it right to Passbook."
Which is nothing like the bull dyke's lie.

And it isnt even possible for Apple to verify
that it is YOUR card anyway, whatever he said.
Post by Jolly Roger
And while he said this, the audience watched an animation
on the demo screen showing the iPhone iSight taking a
picture of the card and the card being added to Passbook.
Irrelevant to what he said about the bank.
Post by Jolly Roger
It was very clear that he was talking about an
automated facility that does this over the network.
If it was actually possible to verify that it is YOUR card
over the network with the bank, everyone else would
be doing it that way too, most obviously with PayPal
etc, and since they don’t, it obviously isnt possible to
do that. It isnt even possible to see what address the
bank has for you and see if that matches what you
have in the Apple ID, and even if that was possible,
obviously someone who has stolen the card can
just setup a new Apple ID and use the card owner's
address for the Apple ID and have that match.
Michelle Steiner
2014-09-11 01:41:11 UTC
Permalink
Post by Michelle Steiner
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
presumably with some sort of validation,
That's where they said *you* had to go to the bank
to have the bank validate that it is your card.
(Emphasis added.)
Post by Michelle Steiner
He said "*we* go to the bank."
He said nothing of the sort, you silly little pathological liar.
It's in the quote below, fuckwit. Here' I'll copy it again for you:

The fact that you are lying in the face of facts to the contrary
demonstrates that you are just plain fucked up in the head.
Rod Speed
2014-09-11 03:35:21 UTC
Permalink
Post by Michelle Steiner
Post by Michelle Steiner
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
presumably with some sort of validation,
That's where they said *you* had to go to the bank
to have the bank validate that it is your card.
(Emphasis added.)
Post by Michelle Steiner
He said "*we* go to the bank."
He said nothing of the sort, you silly little pathological liar.
It's in the quote below, fuckwit.
There is no quote below, you silly little pathological liar.
Couldn't even manage that.
Post by Michelle Steiner
The fact that you are lying in the face of facts to the contrary
Just another of your bare faced lies.
Post by Michelle Steiner
demonstrates that you are just plain fucked up in the head.
Any 2 year old could leave that for dead.
nospam
2014-09-11 04:49:48 UTC
Permalink
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
He should have said that better if he meant
it is done electronically by Apple. I just don't
believe that it is actually possible to do that
electronically by Apple with the bank, to check
that the address they have for you is the same
as the address you have put on your Apple ID.
it was in a keynote as opposed to a technical description of the
protocol, and it was clearly obvious what he meant.

nobody expects the user to go to the bank for every card they want to
add, especially when there is no bank to go to.

otherwise, why bother taking a picture? just do it all at the bank.

thus, it can't mean what you claim it means.

all the photo does is skip needing to type in the name and numbers on
the card. validation *must* still be done, and it may need to request
additional information to do so.
Rod Speed
2014-09-11 06:36:38 UTC
Permalink
Post by nospam
Post by Rod Speed
Post by Michelle Steiner
Post by Rod Speed
Post by Michelle Steiner
Doesn¹t explain why the presentation explicitly said 'go to the
bank' to validate it. Maybe that was just carelessly stated tho.
Maybe you and Jackson misheard it.
Nope, the podcast is available now.
Proving that you and Jackson misheard it.
Nope, that is precisely the words he used.
He should have said that better if he meant
it is done electronically by Apple. I just don't
believe that it is actually possible to do that
electronically by Apple with the bank, to check
that the address they have for you is the same
as the address you have put on your Apple ID.
it was in a keynote as opposed to a
technical description of the protocol,
Still would have been better to have said it better.
Post by nospam
and it was clearly obvious what he meant.
You don't know that he did mean that the address
the bank has is compared with that Apple has and
even if that was possible, that doesn't stop a thief
adding that stolen card to a new Apple ID that has
the correct name and address.
Post by nospam
nobody expects the user to go to the bank for every card
they want to add, especially when there is no bank to go to.
Then he shouldn't have said 'go to the bank'
Post by nospam
otherwise, why bother taking a picture?
That avoids having to tap in the details off the card
and is obviously a much more elegant way of getting
the details off the card when it isnt possible to swipe the
card or shove it into the iphone so the chip can be read.
Post by nospam
just do it all at the bank.
thus, it can't mean what you claim it means.
I didn't claim anything of the sort. I JUST said that that is what he SAID.
Post by nospam
all the photo does is skip needing to type
in the name and numbers on the card.
Duh.
Post by nospam
validation *must* still be done,
But doesn't do a damned thing about a thief who
creates a new Apple ID with the card owner's name
and address, even if Apple did have some way of
working out what the bank has for the address.
Post by nospam
and it may need to request additional information to do so.
How odd that no one else does it that way.

They don't because it isnt even possible.

That's why PayPal etc validate cards completely differently.
nospam
2014-09-11 17:20:12 UTC
Permalink
Post by Rod Speed
Post by nospam
Post by Rod Speed
He should have said that better if he meant
it is done electronically by Apple. I just don't
believe that it is actually possible to do that
electronically by Apple with the bank, to check
that the address they have for you is the same
as the address you have put on your Apple ID.
it was in a keynote as opposed to a
technical description of the protocol,
Still would have been better to have said it better.
Post by nospam
and it was clearly obvious what he meant.
You don't know that he did mean that the address
the bank has is compared with that Apple has and
even if that was possible, that doesn't stop a thief
adding that stolen card to a new Apple ID that has
the correct name and address.
if a thief has all the needed info then there's not much anyone can do.

that's why they validate the cards, sometimes with more than just
name/address match.
Post by Rod Speed
Post by nospam
nobody expects the user to go to the bank for every card
they want to add, especially when there is no bank to go to.
Then he shouldn't have said 'go to the bank'
you're taking it out of context.

it's obvious what was meant.
Post by Rod Speed
Post by nospam
otherwise, why bother taking a picture?
That avoids having to tap in the details off the card
and is obviously a much more elegant way of getting
the details off the card when it isnt possible to swipe the
card or shove it into the iphone so the chip can be read.
Post by nospam
just do it all at the bank.
thus, it can't mean what you claim it means.
I didn't claim anything of the sort. I JUST said that that is what he SAID.
you misinterpreted what he said.

he didn't say the user goes to the bank.
Post by Rod Speed
Post by nospam
all the photo does is skip needing to type
in the name and numbers on the card.
Duh.
Post by nospam
validation *must* still be done,
But doesn't do a damned thing about a thief who
creates a new Apple ID with the card owner's name
and address, even if Apple did have some way of
working out what the bank has for the address.
Post by nospam
and it may need to request additional information to do so.
How odd that no one else does it that way.
some do.

i've had transactions automatically made (like 15-20cent range) and had
to verify it.
Post by Rod Speed
They don't because it isnt even possible.
That's why PayPal etc validate cards completely differently.
there are a number of ways to verify something.
Rod Speed
2014-09-11 20:00:03 UTC
Permalink
Post by nospam
Post by Rod Speed
Post by nospam
Post by Rod Speed
He should have said that better if he meant
it is done electronically by Apple. I just don't
believe that it is actually possible to do that
electronically by Apple with the bank, to check
that the address they have for you is the same
as the address you have put on your Apple ID.
it was in a keynote as opposed to a
technical description of the protocol,
Still would have been better to have said it better.
Post by nospam
and it was clearly obvious what he meant.
You don't know that he did mean that the address
the bank has is compared with that Apple has and
even if that was possible, that doesn't stop a thief
adding that stolen card to a new Apple ID that has
the correct name and address.
if a thief has all the needed info then there's not much anyone can do.
So checking if the addresses do match achieves
nothing given that a thief who has the physical
card doesn't need the address to loot the card.
Post by nospam
that's why they validate the cards,
All they ever do is check that it's a
card that hasn't been cancelled.
Post by nospam
sometimes with more than just name/address match.
All it can ever be is a check that it hasn't been cancelled.
Post by nospam
Post by Rod Speed
Post by nospam
nobody expects the user to go to the bank for every card
they want to add, especially when there is no bank to go to.
Then he shouldn't have said 'go to the bank'
you're taking it out of context.
Bullshit. He should have said 'check with'
the bank if that's what he meant.
Post by nospam
it's obvious what was meant.
It clearly isnt.
Post by nospam
Post by Rod Speed
Post by nospam
otherwise, why bother taking a picture?
That avoids having to tap in the details off the card
and is obviously a much more elegant way of getting
the details off the card when it isnt possible to swipe the
card or shove it into the iphone so the chip can be read.
Post by nospam
just do it all at the bank.
thus, it can't mean what you claim it means.
I didn't claim anything of the sort. I JUST said that that is what he SAID.
you misinterpreted what he said.
Nope, I JUST said that that is what he said.

I didn't say that it was certain that you had to
personally visit a bank branch, in fact I said
that that isnt even possible at all with some banks
that don't have any physical branches at all to visit.
Post by nospam
he didn't say the user goes to the bank.
I didn't say he did.
Post by nospam
Post by Rod Speed
Post by nospam
all the photo does is skip needing to type
in the name and numbers on the card.
Duh.
Post by nospam
validation *must* still be done,
But doesn't do a damned thing about a thief who
creates a new Apple ID with the card owner's name
and address, even if Apple did have some way of
working out what the bank has for the address.
Post by nospam
and it may need to request additional information to do so.
How odd that no one else does it that way.
some do.
Bullshit. There isnt any way to see what
address the bank has for the card holder.
Post by nospam
i've had transactions automatically made
(like 15-20cent range) and had to verify it.
That doesn't prove that the card holder is
doing that verification, JUST that whoever
is doing that verification has access to the
account so they can see the transactions.
Post by nospam
Post by Rod Speed
They don't because it isnt even possible.
That's why PayPal etc validate cards completely differently.
there are a number of ways to verify something.
But none of them ensure that its not someone
other than the card holder using the card.
nospam
2014-09-12 16:21:39 UTC
Permalink
Post by Rod Speed
Post by nospam
Post by Rod Speed
Still would have been better to have said it better.
Post by nospam
and it was clearly obvious what he meant.
You don't know that he did mean that the address
the bank has is compared with that Apple has and
even if that was possible, that doesn't stop a thief
adding that stolen card to a new Apple ID that has
the correct name and address.
if a thief has all the needed info then there's not much anyone can do.
So checking if the addresses do match achieves
nothing given that a thief who has the physical
card doesn't need the address to loot the card.
nothing is perfect, but address verification greatly reduces fraud.
Post by Rod Speed
Post by nospam
that's why they validate the cards,
All they ever do is check that it's a
card that hasn't been cancelled.
they check a lot more than that.
Post by Rod Speed
Post by nospam
sometimes with more than just name/address match.
All it can ever be is a check that it hasn't been cancelled.
wrong.
Post by Rod Speed
Post by nospam
Post by Rod Speed
Post by nospam
nobody expects the user to go to the bank for every card
they want to add, especially when there is no bank to go to.
Then he shouldn't have said 'go to the bank'
you're taking it out of context.
Bullshit. He should have said 'check with'
the bank if that's what he meant.
it was clear what was meant.
Post by Rod Speed
Post by nospam
it's obvious what was meant.
It clearly isnt.
it is to everyone other than you.
Post by Rod Speed
Post by nospam
Post by Rod Speed
Post by nospam
otherwise, why bother taking a picture?
That avoids having to tap in the details off the card
and is obviously a much more elegant way of getting
the details off the card when it isnt possible to swipe the
card or shove it into the iphone so the chip can be read.
Post by nospam
just do it all at the bank.
thus, it can't mean what you claim it means.
I didn't claim anything of the sort. I JUST said that that is what he SAID.
you misinterpreted what he said.
Nope, I JUST said that that is what he said.
I didn't say that it was certain that you had to
personally visit a bank branch, in fact I said
that that isnt even possible at all with some banks
that don't have any physical branches at all to visit.
then it can't mean what you say it does.

therefore it must mean *apple* 'goes to the bank' (electronically,
obviously) to verify.
Post by Rod Speed
Post by nospam
he didn't say the user goes to the bank.
I didn't say he did.
yes you did.

if it's not apple that 'goes to the bank', it must be the user.
Post by Rod Speed
Post by nospam
Post by Rod Speed
Post by nospam
all the photo does is skip needing to type
in the name and numbers on the card.
Duh.
Post by nospam
validation *must* still be done,
But doesn't do a damned thing about a thief who
creates a new Apple ID with the card owner's name
and address, even if Apple did have some way of
working out what the bank has for the address.
Post by nospam
and it may need to request additional information to do so.
How odd that no one else does it that way.
some do.
Bullshit. There isnt any way to see what
address the bank has for the card holder.
you have it backwards.

the merchant sends the name/address to the bank who then returns one of
various validation codes, depending on what matched and what didn't.
Post by Rod Speed
Post by nospam
i've had transactions automatically made
(like 15-20cent range) and had to verify it.
That doesn't prove that the card holder is
doing that verification, JUST that whoever
is doing that verification has access to the
account so they can see the transactions.
which is a very strong indicator that the person using the card is the
person on record.

obviously nothing is perfect.

the various verification methods reduce fraud (sometimes significantly
so) but can never eliminate it entirely.
Post by Rod Speed
Post by nospam
Post by Rod Speed
They don't because it isnt even possible.
That's why PayPal etc validate cards completely differently.
there are a number of ways to verify something.
But none of them ensure that its not someone
other than the card holder using the card.
it *significantly* increases the likelihood that it's a valid
transaction.
Rod Speed
2014-09-12 23:46:55 UTC
Permalink
Post by nospam
Post by Rod Speed
Post by nospam
Post by Rod Speed
Still would have been better to have said it better.
Post by nospam
and it was clearly obvious what he meant.
You don't know that he did mean that the address
the bank has is compared with that Apple has and
even if that was possible, that doesn't stop a thief
adding that stolen card to a new Apple ID that has
the correct name and address.
if a thief has all the needed info then
there's not much anyone can do.
So checking if the addresses do match achieves
nothing given that a thief who has the physical
card doesn't need the address to loot the card.
nothing is perfect, but address
verification greatly reduces fraud.
Bullshit, it only does that marginally
since the absolute vast bulk of fraud
is done with a physical or cloned card.
Post by nospam
Post by Rod Speed
Post by nospam
that's why they validate the cards,
All they ever do is check that it's a
card that hasn't been cancelled.
they check a lot more than that.
Fuck all do.
Post by nospam
Post by Rod Speed
Post by nospam
sometimes with more than just name/address match.
All it can ever be is a check that it hasn't been cancelled.
wrong.
Right. It isnt even possible to check that the address
matches with the absolute vast bulk of the uses of a card.
Post by nospam
Post by Rod Speed
Post by nospam
Post by Rod Speed
Post by nospam
nobody expects the user to go to the bank for every card
they want to add, especially when there is no bank to go to.
Then he shouldn't have said 'go to the bank'
you're taking it out of context.
Bullshit. He should have said 'check with'
the bank if that's what he meant.
it was clear what was meant.
Wrong, as always.
Post by nospam
Post by Rod Speed
Post by nospam
it's obvious what was meant.
It clearly isnt.
it is to everyone other than you.
Wrong, as always.
Post by nospam
Post by Rod Speed
Post by nospam
Post by Rod Speed
Post by nospam
otherwise, why bother taking a picture?
That avoids having to tap in the details off the card
and is obviously a much more elegant way of getting
the details off the card when it isnt possible to swipe the
card or shove it into the iphone so the chip can be read.
Post by nospam
just do it all at the bank.
thus, it can't mean what you claim it means.
I didn't claim anything of the sort.
I JUST said that that is what he SAID.
you misinterpreted what he said.
Nope, I JUST said that that is what he said.
I didn't say that it was certain that you had
to personally visit a bank branch, in fact I said
that that isnt even possible at all with some banks
that don't have any physical branches at all to visit.
then it can't mean what you say it does.
I never said it did mean that.
Post by nospam
therefore it must mean *apple* 'goes to the
bank' (electronically, obviously) to verify.
It would have been much better to say 'check with the bank'
Post by nospam
Post by Rod Speed
Post by nospam
he didn't say the user goes to the bank.
I didn't say he did.
yes you did.
No I didn't.
Post by nospam
if it's not apple that 'goes to
the bank', it must be the user.
I didn't even say that anyone goes to the bank in person.

I said that isnt even possible with the banks
that have no place to go to in person at all.
Post by nospam
Post by Rod Speed
Post by nospam
Post by Rod Speed
Post by nospam
all the photo does is skip needing to type
in the name and numbers on the card.
Duh.
Post by nospam
validation *must* still be done,
But doesn't do a damned thing about a thief who
creates a new Apple ID with the card owner's name
and address, even if Apple did have some way of
working out what the bank has for the address.
Post by nospam
and it may need to request additional information to do so.
How odd that no one else does it that way.
some do.
Bullshit. There isnt any way to see what
address the bank has for the card holder.
you have it backwards.
the merchant sends the name/address to the bank
Fuck all merchants have an address to send to anyone.
Post by nospam
who then returns one of various validation codes,
depending on what matched and what didn't.
That isnt universal either.

And there isnt any way to do that at all
with the standard retail transaction device.
Post by nospam
Post by Rod Speed
Post by nospam
i've had transactions automatically made
(like 15-20cent range) and had to verify it.
That doesn't prove that the card holder is
doing that verification, JUST that whoever
is doing that verification has access to the
account so they can see the transactions.
which is a very strong indicator that the
person using the card is the person on record.
Bullshit.
Post by nospam
obviously nothing is perfect.
the various verification methods reduce
fraud (sometimes significantly so)
Not with the absolute vast bulk of transactions
that are done with a physical card or with the
details manually entered off the card.
Post by nospam
but can never eliminate it entirely.
Post by Rod Speed
Post by nospam
Post by Rod Speed
They don't because it isnt even possible.
That's why PayPal etc validate cards completely differently.
there are a number of ways to verify something.
But none of them ensure that its not someone
other than the card holder using the card.
it *significantly* increases the likelihood
that it's a valid transaction.
Bullshit.
JF Mezei
2014-09-12 01:28:01 UTC
Permalink
Post by Rod Speed
Then he shouldn't have said 'go to the bank'
No, it is Apple which goes to the bank on your behalf. Expect Apple to
lobby for immigration reform ASAP. They will want to import 2 million
chinese workers who will receive card requests and then physically
travel to your bank branch to have it approved and return to Apple
offices to process the signed approval whcih will then be scanned and
attached to your iTunes account :-)
JF Mezei
2014-09-18 01:03:28 UTC
Permalink
Post by Rod Speed
I just don't
believe that it is actually possible to do that
electronically by Apple with the bank, to check
that the address they have for you is the same
as the address you have put on your Apple ID.
Address verification has been a part of credit card authoriations for
quite some time. (consider all those internet purchases).

So Apple tries to for an authorization for $1.99 , specifies credit
card, name and address and if bank authorizes then the address provided
by Apple is close enough to the address the bank has. This does not mean
that Apple gets to see what address the bank has on file.
Rod Speed
2014-09-18 01:51:42 UTC
Permalink
Post by JF Mezei
I just don't believe that it is actually possible to
do that electronically by Apple with the bank, to
check that the address they have for you is the same
as the address you have put on your Apple ID.
Address verification has been a part of credit card authoriations
for quite some time. (consider all those internet purchases).
They don't only deliver to your billing address the card has.
Post by JF Mezei
So Apple tries to for an authorization for $1.99 , specifies credit
card, name and address and if bank authorizes then the address
provided by Apple is close enough to the address the bank has.
But we don't in fact see the card refused for your apple
ID when it doesn't match the one you use for your bank.
Post by JF Mezei
This does not mean that Apple gets to
see what address the bank has on file.
Sure.
Rod Speed
2014-09-18 03:35:55 UTC
Permalink
Post by Rod Speed
Post by JF Mezei
I just don't believe that it is actually possible to
do that electronically by Apple with the bank, to
check that the address they have for you is the same
as the address you have put on your Apple ID.
Address verification has been a part of credit card authoriations
for quite some time. (consider all those internet purchases).
They don't only deliver to your billing address the card has.
they still verify it first based on billing address
and will only deliver to an alternate address if
it's on file with the credit card company.
Bullshit.

I've used my own card to pay for stuff for other
people who don't have a card and who pay me
for the item in cash.
Kurt Ullman
2014-09-18 19:57:36 UTC
Permalink
Post by Rod Speed
Post by JF Mezei
I just don't believe that it is actually possible to
do that electronically by Apple with the bank, to
check that the address they have for you is the same
as the address you have put on your Apple ID.
Address verification has been a part of credit card authoriations
for quite some time. (consider all those internet purchases).
They don't only deliver to your billing address the card has.
Which is why they universally have a place to check send it to different
address. They look at the bill to number. Heck even filling stations
require at least a zip code.
--
³Statistics are like bikinis. What they reveal is suggestive,
but what they conceal is vital.²
‹ Aaron Levenstein
Rod Speed
2014-09-18 20:40:58 UTC
Permalink
Post by Kurt Ullman
Post by Rod Speed
Post by JF Mezei
I just don't believe that it is actually possible to
do that electronically by Apple with the bank, to
check that the address they have for you is the same
as the address you have put on your Apple ID.
Address verification has been a part of credit card authoriations
for quite some time. (consider all those internet purchases).
They don't only deliver to your billing address the card has.
Which is why they universally have a place to check send it to different
address. They look at the bill to number. Heck even filling stations
require at least a zip code.
Ours don’t.
Kurt Ullman
2014-09-19 22:13:41 UTC
Permalink
Post by Kurt Ullman
Which is why they universally have a place to check send it to different
address. They look at the bill to number. Heck even filling stations
require at least a zip code.
Ours don¹t.
Okay many. All of them I have patronized in FL and a couple other
fraud hotspots have. Even some of the ones off the Interstates in
Indiana have started to.
--
³Statistics are like bikinis. What they reveal is suggestive,
but what they conceal is vital.²
‹ Aaron Levenstein
Jolly Roger
2014-09-10 06:13:11 UTC
Permalink
Post by jackson
Post by Your Name
Looks like people who steal credit cards are going to have an even
easier job - they won't even need to take the card itself, just a quick
photo of it will do ...
Users can add credit cards to Apple Pay by taking a photo
of their card.
"Setup involves either granting Apple Pay access
to whatever existing credit card you have on
file with iTunes or adding a second card: you
can do that by taking a photo of the card
itself. We've seen the same system used in
Uber's app, among others, and generally it does
a solid job of recognizing characters."
The presentation says that you have to take it to your
bank to prove that its your card before it can be added.
No, they said that *they* contact your back and verify it's your card.
--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
JF Mezei
2014-09-10 02:14:49 UTC
Permalink
Post by Your Name
Looks like people who steal credit cards are going to have an even
easier job - they won't even need to take the card itself, just a quick
photo of it will do ...
The NFC payment system in Canada is quite different.


bank issues "credit card" in form of an encrypted blob. Instead of
paying Canada Post to deliver the blob, it pays the wireless carrier.
The carrier uses its SIM card provisioning system to deliver the
encrypted blob TO THE SIM CARD where it is stored and the bank pay
modest rent for the space ised on the carrier's SIM Card. No credit
card info resides on the phone's file system. None Nada.

When a transaction is done, the payment app is given the "blob" and
sends a portion over the NFC chip. So your credit card number is sent
encripted over the NFC to the paypass and the receiving bank is then
equipped to process this as if it had been a standard credit card being
waived at the reader.

For a transaction, the carrier is not involved in any way, nor does he
transaction make use of cellular/wi-fi links to access some remote
server. So from a "profit" point of view, the transaction is processed
exactly as a credit card, with merchant losing a certain percentage liek
for a credit card etc.


The way Apple has explained it, credit card information will be stored
in "Passbook" (insecure) and likely only for convenience of customer.

When you make a transaction, the phone will have to use a data link to
talek to some Apple servers and obtain a temporary credit card number
which will be received by phone and then sent over NFC to the merchant's
terminal at which point it gets processed normally, except the
transaction lands at the "Bank of the Apple" for authorization and
processing (at which point it is associated to your real credit card).

So Apple will also likely do an authorization against your real credit
card before sending the OK to the merchant who is processing your fake
credit card,

Refunds will be most interesting since the merchant likely won't be able
to refund to the same credit card number as the purchase was made.
(and one wonders how long the temporary credit card numbers will be if
they change all the time).

In Canada, "paypass" transactions are limited to small purchases
(between $50 and $100 depending on cardholder and bank), so the same
applied to handset purchases (Blackberry and Samsungs have approved
models in Canada).
Your Name
2014-09-10 02:23:37 UTC
Permalink
In article <540fb41a$0$41767$c3e8da3$***@news.astraweb.com>, JF
Mezei <***@vaxination.ca> wrote:
<snip>
Post by JF Mezei
In Canada, "paypass" transactions are limited to small purchases
(between $50 and $100 depending on cardholder and bank), so the same
applied to handset purchases (Blackberry and Samsungs have approved
models in Canada).
I think the limit here is around NZ$80 for PayWave / Tap-n-Go cards ...
BUT a thief can still make an awful lot of $80 transacations before the
card is shutdown.

Of course, if they've stolen the card, they can simply do online /
telephones orders for much bigger amounts. Some of the shops here have
started doing "Click and Collect" systems where you can buy online and
then turn up to the store to collect it already paid for.
Michelle Steiner
2014-09-10 03:16:14 UTC
Permalink
Post by Your Name
Looks like people who steal credit cards are going to have an even
easier job - they won't even need to take the card itself, just a quick
photo of it will do ...
Users can add credit cards to Apple Pay by taking a photo
of their card.
"Setup involves either granting Apple Pay access
to whatever existing credit card you have on
file with iTunes or adding a second card: you
can do that by taking a photo of the card
itself. We've seen the same system used in
Uber's app, among others, and generally it does
a solid job of recognizing characters."
If you do that, you have to validate it with the bank that issued the
card.
Alan Browne
2014-09-11 11:47:28 UTC
Permalink
Post by Your Name
Looks like people who steal credit cards are going to have an even
easier job - they won't even need to take the card itself, just a quick
photo of it will do ...
Users can add credit cards to Apple Pay by taking a photo
of their card.
"Setup involves either granting Apple Pay access
to whatever existing credit card you have on
file with iTunes or adding a second card: you
can do that by taking a photo of the card
itself. We've seen the same system used in
Uber's app, among others, and generally it does
a solid job of recognizing characters."
You missed the validation step.

The thing I found disingenuous about the presentation was Cook talking
about the primitive magnetic stripe and not mentioning chip'd and NFC
cards that are prevalent in the rest of the world and eschewed by US
banks for so long (though now reluctantly turning to it due to date
breaches)
--
I was born a 1%er - I'm just more equal than the rest.
Continue reading on narkive:
Loading...