MCX Breach Shows Stores Can't Be Trusted With Customer Data

Status
Not open for further replies.

glasssplinter

Distinguished
Feb 22, 2006
111
0
18,680
We get, you're all over crapple pay and think it's the best system ever. No matter how secure you think it is because crapple told you the banks still have your credit card number. So instead of going after the merchant the hackers will now just hack the banks. Nothing is secure so get used to it. Suck it up and start using cash.
 

ammaross

Distinguished
Jan 12, 2011
269
0
18,790
If you add your card via "take a photo", that photo gets transmitted to Apple for OCR. Is it kept? Likely not, but would be nice to stick some middleware in that stream....

Also, in order to correctly bill you for a transaction, someone somewhere needs to know your account information. You generate a token for your card, someone has to be able to map that token to an account. Apple certainly isn't going to query your Secure Element to ask what credit card a token is associated with. Therefore, either your token is kept in an Apple database along side a "token" or account number identifying you with your card carrier (remember, they have access to credit card processors to process your transaction), or they simply have your account info (similar to adding a card to your iTunes account). As anonymous as their marketing wants to sound, you can't be anonymous from the company that does the associating of you and your money.
 

striptaway

Reputable
Oct 29, 2014
3
0
4,510
More Apple trash talk and in this case it's about CurrentC preliminary trail run of software that is far from it being in its final form.
Apple had numerous problems with its recent wide release version of iOS 8 and OS X Yosemite.
 

scolaner

Reputable
Jul 30, 2014
1,282
0
5,290
Tomshardware is so bought off by Apple it isn't even funny anymore. The reputation of this site is going down hard!

It's hard to respond constructively to such an ignorant comment.

I don't think you understand what you're alleging; if we took money from Apple (or any other company), we'd be in serious trouble. We'd all be fired and would probably never be able to work in the industry again.

If I, as the News Director, thought any of my guys were being paid off, they'd be on the street in a heartbeat. But they're not.

No one on Tom's Hardwarre has ever, or will ever, take money from a company for our opinion on anything, ever.

As to your suggestion that our reputation has "gone down hard", you're entitled to your opinion, but I strongly disagree.
 

hitman40

Distinguished
Sep 13, 2010
95
0
18,630
Wow so many Apple haters in here for the wrong reasons. This isn't even about Apple dumbasses. It's about MCX going against NFC form of payment, including Google wallet. Retailers did this because THEY don't want to pay a fee using CurrenC, and NFC involves paying a fee. This clearly shows they only care about themselves and not the customer.

You anti-Apple fanboys are really starting to be a joke when something you think about Apple isn't.....
 

everygamer

Distinguished
Aug 1, 2006
282
0
18,780
This is not correct, apple does have your email address on record, it is what ties your device to your account with them. As such, they could just as easily loose the same information that MCX did. Additionally, Apple does have your Name, Address along with that Email address so that they can contact you or bill you if they ever need too.
 

everygamer

Distinguished
Aug 1, 2006
282
0
18,780
Wow so many Apple haters in here for the wrong reasons. This isn't even about Apple dumbasses. It's about MCX going against NFC form of payment, including Google wallet. Retailers did this because THEY don't want to pay a fee using CurrenC, and NFC involves paying a fee. This clearly shows they only care about themselves and not the customer.

You anti-Apple fanboys are really starting to be a joke when something you think about Apple isn't.....

Just so you understand, retailers already pay a 3% or 4% fee each time you swipe your credit card. NFC services like Google Wallet include those fee's but pass them to the consumer and discount the retailer, so a retailer would want to have customer use NFC, it would save them money. The reason why retailers are turning off NFC is that a number of them have a contract with MCX that up until now didn't have any major competition, or at least competition that was getting front page news about it. Google having NFC was not as disruptive as both Google and Apple having it, plus, as much as I don't like how Apple does business (one company to rule them all), they are amazing at marketing and bringing a large following into the market with new technology quickly because of the large number of people that replace their existing apple products annually or bi-annually (brand loyalty is worth its weight in gold).

MCX lost email addresses, Apple lost nude photo's, there is no such thing as a perfectly secure network. Apple has your email address (registered to your device and apple account), name and address all from when you bought your phone and swiped your credit card to walk out of the store with it.

It will be interesting to see how things play out with the payment systems over the next few years. The thing that I think is funny is how crazy everyone is about NFC, and how they act like Apple created the technology and got all the retailers to put NFC readers in the stores. The reality is the retailers were already doing it over the last 5 or 6 years and Android has been using it for about 2-3 fairly effectively. The smart thing that Apple did was wait until there was enough hardware to support NFC payments at the retail chains before adding it to their phone, they just didn't plan for MCX to have contracts in place to force retailers to turn it off.
 

NotProfit

Reputable
Oct 23, 2014
11
0
4,520
Regardless of if anyone is getting paid for anything, I'll have to agree that the amount of biased information is starting to disturb me... I've been a long time Toms Hardware reader / lurker regardless of the age of my account. The article on "Windows finally getting two factor authentication" the other day BLEW ME AWAY. The most uninformed hipster Microsoft hating I've ever seen on this website. It's a shame... but more importantly, it doesn't make sense for a website that, and I may be wrong on this, caters to mostly PC builders. I don't believe the bias should be directed the other way by any means, but I'd like to see some more research go into these articles, maybe people would be less accusing about your Apple paychecks... jk lol
 

NotProfit

Reputable
Oct 23, 2014
11
0
4,520
I wish I had read evergamer's post before I posted what I said. There is faith in Tomshardware yet! Even if it's just from the fanbase...

Gotta agree with that line about Apple "inventing" stuff. Too many people turn a blind eye to any technology that doesn't come with a "Steve jobs used to decide whether or not stuff looked good here so Apple products are genius!" sticker.
 

stuart lynne

Reputable
Oct 29, 2014
2
0
4,510
This is less than CurrentC vs. Apple Pay than MCX vs the credit card companies.

Apple Pay is indistinguishable from an NFC credit card when in use with an NFC enabled credit card terminal. They cannot disable Apple Pay directly. They can only disable NFC for credit cards (and Apple Pay.)

If the US is like Europe and Canada, once the public gets NFC cards and starts using them and liking them and demanding that they can use them, they will be a larger market (as compared to users with Apple Pay.)

At that point keeping NFC disabled is just bad customer pr.
 

ssd_pro

Honorable
Oct 15, 2012
30
0
10,530
Ummmm BETA testers? Are we really reporting about issues/bugs/security holes in a BETA test? Wouldn't that be expected? This is the best Apple could buy in the days following their temper tantrum?
 

claate

Reputable
Oct 29, 2014
1
0
4,510
This demonstrates the extreme short-sightedness and blind self-interest of the named retailers with respect to its customer base. A hungry retailer would want to attract as many customers as possible and if something is important to the customer, for example, the ability to use a specific credit card to earn rewards, or use their new cool ApplyPay gadget, a hungry retailer would capitalize on the opportunity to offer those choices of payment at their stores. Especially when ApplePay doesn't cost any more than using a credit card. I for one will boycott Walmart, CVS, and Rite Aid until these big boys treat their customers right since I almost have enough points to take a sweet vacation - but not if these big retailers restrict my ability to earn my rewards. There ARE other retailers.
 

striptaway

Reputable
Oct 29, 2014
3
0
4,510


The greatest con on the consumer is the over-embellishment of Apple and everything they do.
It has nothing to do with playing favorites that you are the best example of.
Retailers are tired of being shackled by CC rules and it does not mean that anybodies NFC is different than anybody elses.
Huge numbers of retailers both big and small use their own in house cards they database their customers and use that info for specials and promos and general information.
It also allows them to have a more distinct view of customers likes and interest, that's called marketing.

 

dark_knight33

Distinguished
Aug 16, 2006
391
0
18,780
Man... the FUD in this comment thread is ridiculous.

First, no image is transmitted to apple for OCR. You don't even 'take a picture'. You have a live camera shot and the app lifts the data off the card via OCR while the picture is still moving, and it's not 100%. What it does get is accurate, but it misses half the data more than half the time.

Second, doesn't anyone here at all realize that by using MCX, you will be shifting fraud liability from CC companies to the buyer? Yes, it's true. Those CC fees cover a lot of fraud liability, but debit swipes don't have near the same legal protections.

Third, and this one is really goddamned important -- ACH transactions (unlike CC tx) are subject to overdraft fees. Yes, that's right. The return of those absurd $32+ fees and transaction structuring that banks use to rape people living paycheck to paycheck. Most banks no longer have limits, and will charge you upwards of 7 fees a day! BoA did this crap with me for years when I was a struggling young adult. Structuring my transactions to maximize fees, then raking me over the coals, time and again. MCX would set back overdraft legislation by a decade.

Lastly, MCX freely admits to collecting as much data (including health data) about you as possible, and transmitting it to the retailer. Does freaking walmart really need to know if you've gained weight this month so they can push weight loss pills on you?

Apple pulls a lot of marketing bullshit, but at least they aren't farming my sleep habits out to retailers. The data grabs are sick, and need to stop. It's why I switched from and android that I loved to an iPhone I like. I will never install CurrentC, I will never go back to Google. Time to wake up, and make your choice between evil corporations.
 

MustSee4KTV

Reputable
Oct 30, 2014
5
0
4,510
ammaross,

I believe the CC company has device ID authorization, so Apple does not have the CC number. When you add your card, you have to get a code from your CC company to authorize the device to your card (device ID is unique for each card). So when you use Apple Pay, it is saying to the terminal check with the CC company about this device and should it be approved, so Apple is pretty much out of the loop.
 

striptaway

Reputable
Oct 29, 2014
3
0
4,510


You seem lost in a mix of facts and fantasy.
As a matter of fact by next October all CC purchases are required to be chip & pin or chip & signature and the liability rests with the party that is using the oldest technology, which is a benefit to the banks and a liability for the retailer.
If you don't think that the bank is collecting data from all NFC payments including AP you are pipe dreaming.
The banks are the worst offenders of data mining and they sell that data to large data collection companies.
Dealing with financial institutions that rake you over the coals is a decision that rests with the consumer and naivety or ignorance of your choices does not exempt them foolish decisions.
Lastly, if you don't think that the kickback % that Apple gets from the banks will be passed on to the customer you need a refresher in finance 101


 

a1r

Reputable
Aug 6, 2014
41
0
4,540
We get, you're all over crapple pay and think it's the best system ever. No matter how secure you think it is because crapple told you the banks still have your credit card number. So instead of going after the merchant the hackers will now just hack the banks. Nothing is secure so get used to it. Suck it up and start using cash.


Actually, that's not really true. What hackers will be after is your phone. Which they are already after, they just have a bigger excuse for it now.
 

a1r

Reputable
Aug 6, 2014
41
0
4,540


Actually, it doesn't. NFC is a radio frequency exchange and subject to interception even at very low power. What actually helps is all that's passed between the customer and the POS terminal is a one time payment token. Without that Apple Pay would be no more secure, and possibly less, than someone transmitting their CC number in the clear over wifi (happens more often than you'd imagine).

What bugs me is that it's another reason crooks are going to be gunning for any Apple items they can find that have that capability and exploit any active accounts they find.
 

dark_knight33

Distinguished
Aug 16, 2006
391
0
18,780


@striptaway: You say I'm lost in a mix of facts and fantasy while never actually addressing any of the points I make and confusing others entirely. You are completely misinformed, or just ignorant.

Of course the banks track your purchase history, but that's it. The only thing transmitted via NFC is a purchase token. You are deluded if you think that that AP NFC payments are pushing your private data along with that. MCX specifically says it collects your health data and forwards that to the retailer. How can you possibly ignore that?

Further, the liability only rests with the retailers that refuse to upgrade to equipment that can read chip and pin cards. The retailer doesn't have any liability if they have the new reader, and customers are using old cards. It's a completely irrelevant issue. Fraud liability for credit swipes is separate from the fraud liability for ACH debits. That's where you are completely confused. ACH fraud liability is between you and you bank, so MCX shifts that completely away from the retailers regardless of the card reader. Currently, MC & Visa ultimately pay out the liability claims to the banks, that pay it out to you when you make your claims.

The kickback percentage isn't on the retailer end, it's on the processor end (i.e. Banks). There is no way to pass that to the consumer. The fee the retailer pays for each transaction is the same between swipes and NFC payments. Apple takes it's cut out of that fee that the retailer already pays to the bank. Get it, or do you need a diagram?

Lastly, your laissez faire attitude towards overdraft fees is what has allowed banks to continually take advantage of people that can least afford to be squeezed. Good for you if you don't OD once in a while. Meanwhile the average account gets 7 OD fees. That's a $224 annual tax for overspending by as little as a dime. There are so many reasons why that's wrong and should be stopped. I could go on about the issue, but you obviously don't give a shit about anyone other than yourself, so I won't bother.
 

f-14

Distinguished
"MCX Breach Shows Stores Can't Be Trusted With Customer Data" it figures an applefanboi is the last to figure out what windows users knew in the 80's
 

NotProfit

Reputable
Oct 23, 2014
11
0
4,520
I won't quote anyone because no one needs to read that wall of text again... but as far as overdraft fees...

I too was once barely making it and incurring overdraft fees. Do you know how I stopped? I started tracking my spending responsibly. I don't think it's crazy for a bank to hit you with that fee every time for the simple reason that THEY HAVE JUST LOANED YOU MONEY. Unexpectedly... because you're too young and cool to balance your own accounts, and decide instead to rely on the very same banks that are "cheating" you to keep track of it FOR you with an app / website / ATM printout.

I wouldn't call that a "laissez faire" or laissez-faire attitude. Yeah... I DID just correct that tiny mistake.

Source: 24 year old who finally figured out the bank isn't responsible for my spending...
 
Status
Not open for further replies.