DYSPEPSIA GENERATION

We have seen the future, and it sucks.

Why Apple Pay Could Be the Mobile-Payment System You’ll Actually Use

9th October 2014

Read it.

Phone in hand, you next need to load it with a credit card, either by taking a picture of your credit card or by approving an existing card that’s already tied to your Apple Store account. Apple is the first vendor to support this loading system—possibly because it may be the first to get permission from the credit card brands to do so.

But this is where things get interesting. When the iPhone scans the number off your card, it doesn’t store it locally, or even on Apple servers. According to Apple sources, Apple mediates a connection to the payment network or issuing bank associated with your card, which then provides a Device Account Number.

If I understand it correctly, and I may not, this is similar to the Kerberos computer network security protocol. In operation, it is much like the way personal information, like passwords and social security numbers, are handled in secure computer systems: what is stored is not the actual information, but a hash of that information; for authentication, a hash of the submitted information is compared to the hash of the stored information — no actual information is either stored or transmitted.

Using per-device tokens means that only the bank that issued the card (or its payment network) ever has your card: You don’t have to trust Apple with it.

I would not hesitate to use such a system.

Comments are closed.