Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung Set To Launch Mobile Payment System With Galaxy S6 At MWC

Posted by Soulskill on from the because-every-company-needs-its-own-payment-system dept.

dkatana writes: Samsung will introduce the Galaxy S6 on Sunday, March 1st, at the Barcelona Forum, one day before the Mobile World Congress officially starts. Serious rumors from different sources indicate that the Korean giant will also introduce its version of a global mobile payment system, which will likely have the moniker "Samsung Pay." Samsung can't afford to give away its position in the smartphone market, and a payments system tailored to customers is a key factor.

3 of 82 comments (clear)

  1. Re:Don't trust any of them ... by rgbscan · · Score: 4, Informative

    I don't know how the others work - but Apple doesn't get your card number. They get a device id which is used to seed and generate one-time use tokens in conjunction with the card issuing networks.

  2. Re:Don't trust any of them ... by tlhIngan · · Score: 5, Informative

    How on Earth can Apple tie your account activity to a credit card without ever having that credit card number to generate that token?

    And, if at ANY point in this chain Apple has your credit card number ... why would I trust they (or any other corporation) aren't retaining that.

    I don't see how any of this one-time token stuff can be generated without first having your credit card information.

    There's either a missing step there in which they certainly do have it ... or there is voodoo magic by which they can attach your account information to you without knowing anything.

    Well, they have your credit card number, for a few seconds during setup.

    Here's what happens:

    You get your phone, and you snap a photo of your credit card. Your phone recognizes the card and number, and forwards that information to Apple Corporate HQ. Apple then uses that information to determine which bank to talk to (because all banks have different ways to implement this step, and why Apple Pay only works with certain banks). Apple forwards that information to the bank. Apple also forwards some hardware information hash to the bank.

    Your bank then calls you (or verifies you in some way) to ensure that you're actually registering your card (the bank looks up the information - Apple doesn't have that information after all). If it's approved, the bank sends Apple a token. The token is a virtual credit card where the last 4 digits are identical to the real credit card. That token is what is stored on your device, and the credit card information promptly forgotten as it's no longer necessary.

    When you use Apple Pay, you select the card, and then use the fingerprint reader. When the iPhone talks to the payment system, it passes on the token and a hash representing your hardware ID. The payment system sees the token, and passes it onto the bank who verifies the hardware ID against their own database. If it matches, then they lookup the token against their database to find which account to charge.

    The credit card is used during initial setup only - after that you're passing around tokens which are unique identifiers for your card, phone, account by the bank. The bank issues the token and generates the mapping of tokens to cardholder accounts.

    If your number is stolen, then attempts to use it will fail because the hardware ID is invalid, and the bank sends you a NEW token to replace your old one.

    If you lose your phone, you can wipe your phone's secure element which erases keys to access your card information.

    Apple Pay is a fancy term for the EMV payment standard - there's no magic in it, and it's just implementing what the payment industry says is how they want to do it. It's why it "just works" in a lot of stores because the standard was done a while ago and implemented.

    http://www.macrumors.com/round...

    A more detailed analysis is
    http://www.tuaw.com/2014/10/02...

    (Read it quick because AOL is killing TUAW)

  3. Your rant is 30 years late by rsborg · · Score: 3, Informative

    The biggest problem with these contactless payments, bigger even than trust, is that it separates you mentally from your money. It makes it easy for people to fail to develop and maintain responsible financial habits. It softens the blow of spending money. If that blow doesn't hurt, then you can imagine what happens to the thought of security. The closer you are to the cash, the more you pay attention to its security! Someone takes $20 out of your wallet, you get upset. Someone skims your card, you don't even notice, and if you ever find out, you hope the card company will just reverse the charge. What incentive do you have to care anymore?

    You don't think the same issues happen with cards vs. cash? Yeah, I go through stores already today just putting stuff in the cart, swiping at the checkout, collecting the receipt and never even looking at the bill until well after the fact (and sometimes never even then).

    I manage my budget after the fact - hey that spongecake we bought was completely uneaten - never buy again. That TJs cold-brewed coffee habit is expensive but more cost-effective than buying beans and cleaning out the coffee machine... etc, etc.

    Fact is, cards have already altered our spending habits and contactless does very little to modify that - it's just a nice shinier petina over the same rubric.

    --
    Make sure everyone's vote counts: Verified Voting