GPay token is definitely stored on Google servers as it allows you to pay online with a Google account, e.g. on a PC.

@aame6643

Жыл бұрын

Doesn’t Apple also have Wallet on Mac though?

@TischBacchus021

Жыл бұрын

@@aame6643 I think so, yes. So they must transmit the token to the Mac, too.

@LimitedWard

Жыл бұрын

@@aame6643 They may store the encrypted tokens on iCloud to transfer between devices.

@aame6643

Жыл бұрын

Never mind, to use it on Mac you need to verify using the PIN number, which btw is also the case when using Apple Pay on the watch. So the token definitely isn’t stored on their servers.

@prokopCerny

Жыл бұрын

Cards that you add directly on device is not added to your Google account. Just recently I've encountered this after wanting to pay online with a card added on my phone and it wasn't in the list.

I was informed by a GPay representative in Malaysia that GPay and Google Wallet is 2 separate things. Both might be offered in your country or just one of it or none at all. Google Wallet is where you store your credit card info, passes, tickets, or anything that could be sync with it. GPay is where the payment take place.

It really worked for me after I look and try some tutorials, yours is the one that worked. Owe you a lot.

Okay several followup questions: 1. What's the difference between the token used by iOS vs Android? You mentioned Apple Pay uses a DAN while Google Pay uses a DPAN, but never really clarified how they differ. 2. If this token is a secret, then why does the device provide the payment token to the PoS during checkout? Wouldn't that be vulnable to a compromised PoS or MitM attack? 3. This feels like an ideal use case for public key cryptography. Why not have the bank issue a private key to each device for payment authorization, and then the payment authorization flow would just involve signing the transaction with the private key?

@europria

Жыл бұрын

That is how I would imagine it would work. Private key would be stored in the device, tokens are generated and signed with that key with addition to expiration date and perhaps vendor id so if it stolen it is useless.

@ByteByteGo

Жыл бұрын

Thank you for the questions. For 1, we don't think the exact token specification is that interesting. The payment token is a proxy for the actual card number, and it is tied to the device. The sensitive part is the mapping from the token to the card number, and it is stored in the token service provider. For 2 and 3, if you are interested, look up the EMV contactless specification. It uses cryptography to safeguard the token between the card (in this case, the phone emulating the card) and the card issuer. It is similar to how credit card with a chip works. There's quite a bit of complexity. The general idea is roughly the same as what you suggested.

@tushargarg9163

Жыл бұрын

For one, I suspect the DAN in apple is linked to the device, thus only allowing payment requests to be made through that specific device where it is stored whereas in GPay, it's not and stored on the cloud and allows payment from a web based google account as mentioned in comment above ?

@TheCommunicationCoach

Жыл бұрын

GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

10 ай бұрын

For clarity, the token is just a normal card number, 16 digits, specific bins, just not the real card.

Google implementation make sense considering not all android manufacturers willing to add additional chip due to cost.. this way they can provide the service to any customer with a phone that have NFC chip without compromise the security due to lack of dedicated chip..

@TheMrMerudin

Жыл бұрын

Apple haters always find a way to desribe shit as a better alternative.

@MetoF50Narliev

Жыл бұрын

@@TheMrMerudin Let me guess, in the sterile isolated bubble of Apple, they probably marketed the about to be implemented USB Type-C as some sort of revolutionary technology invented by Apple.

@TheMrMerudin

Жыл бұрын

@@MetoF50Narliev Let me guess, you never had more than an Apple device at home. Everything connects instantly and easly, if you want to pass a file from your phone to your computer you can just use AirDrop and that's it, or iCloud. On android you need to instal something like whatsapp or telegram or discord, login, and then you can pass something (with limits) on your PC. AirPods work with EVERYTHING: iPhone, iMac, MacBooks and iPads. Calls and messages are synced in every devices, so you always have your stuff with you. Even HomePod is perfectly connected with Apple music and your other devices. AppleWatch transfers fitness information in everything you have so you won't miss anything, even calls or messages. Even the fucking magic mouse is beautifully connected across nearby devices so you don't have to plug and unplug (or buy more) your SAME MOUSE everytime you have to work on stuff. Sterile? Isolated? Try to do this stuff on Android.

@MetoF50Narliev

Жыл бұрын

@@TheMrMerudin at what point does one use their brain to get something done then?

@ko_fes

Жыл бұрын

@@TheMrMerudin So if I use PC under Windows/Linux than buying IPhone is a mistake 'couse many cool features (that were paid for) will work only with others Apple devices? Sheesh

Awesome....something learned today :)

Thank you for a brilliant video. If a user is using a merchant web interface to purchase on line using Apple Pay / Google Pay would the same tokenization process and DPAN / DAN creation apply?

Very interesting. Can you make another video about the registering process of both as well since they are quite different (afaik Apple uses in-app provisioning).

@TheCommunicationCoach

Жыл бұрын

GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

Wonder if you could do a piece on how hardware attestation works.

wow thankyou for such a detailed and good information

That a was a neat explanation. I didn’t know there was a chip in iPhones dedicated for payment. Considering how Android must run on several devices, it makes sense that google pay uses other methods 🧐🤔

@KyrosKohKS

Жыл бұрын

Apple develops their own hardware such as SoC chips and iOS so it is easier for them to make it even secure than Android as there's too many different phone manufacturers using the different type of hardware chips and most of them might not want to spend more times in these for development as the chips are not self-made by the phone manufacturers, rather than made by Qualcomm, MediaTek except Huawei, Google and Samsung phones using their own SoC.

@TheCommunicationCoach

Жыл бұрын

GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

Great video! Thanks for sharing the light of knowledge.

Tokens: PAN = Primary Account Number DAN = Device Account Number PAN (from device) => BANK => DAN (to device)

Thank you

Great follow up to a Reddit post I saw recently!

Very good quality explanation

Google wallet was initially released in May 2011. Apple pay was initially released in October 2014

Good info.. thanks

Thanks for informative video. One quesion as follows. 1. this payment scheme is same/almost same as e-commerce payment and, in case, Does Google pay use HCE as well? Instead of NFC Controller what would be the couterpart?

@ByteByteGo

Жыл бұрын

We cut out an entire section on how the Apple Pay and Google Pay buttons work that would have answered your question. In short, with the Google Pay button, the Google web server sends the payment token to the web browser, and from the web browser, the token is forwarded to the Payment Service Provider (PSP) for processing. The Apple Pay button only works in Safari on the Mac. As mentioned in the video, the payment token is only stored in the Secure Element on the phone. Once the phone authorizes the web payment, the payment token is sent from the phone to the apple server securely, the apple server re-encrypts the token with the developer's encryption key before sending it from the apple server to the developer (or their payment processor).

@sudiptomanna6876

Жыл бұрын

@@ByteByteGo Thats correct. Also just to bring in the ApplePay on the web flavor where you can pay using your MACBOOK(as long as you have the biometric sensor on your MAC) With Earlier version of ApplePay only your Phone would act as payment source and Apple would create DAN only for your iPhone(6 and Above), with the release of MAC with biometric you can use your MACBOOK as a payment source and now your MACBOOK will have its own DAN. One thing to notice is ApplePay is only available if you are using SAFARI and not other browser.

Very good Video, thank you. How do you make your Animations?

Interesting! Thanks

very interesting. Now I understand

I love your content you should get millions.

Nice video. Please make a similar one on Samsung Pay.

can you also compare samsung pay? i know its a little different than google pay but i want to know what exactly

@madness1931

Жыл бұрын

Do you still need that answered? If so, I might be able to give some insight. From what I've read (doing a lot of that lately), Samsung Pay is kind of a hybrid approach. It still uses Samsung servers, can sync with them (to backup that financial data), but the token is saved on the device (like Apple) by default. It uses the Knox secure enviroment, to keep your details safe. It's why only Samsung devices, have Samsung Pay.

THANKS FOR THIS INFORMATIVE VIDEO

@TheCommunicationCoach

Жыл бұрын

GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

Excellent video and very well explained! Thanks!

what tool you use for Architecture Diagram design?

Great video. What software do you use for animation?

@ByteByteGo

Жыл бұрын

Adobe After Effects and Adobe Illustrator.

Gpay works with UPI in India, should have mentioned it.

Can please make a video about how India's UPI works? How it is different from tokenization as there are no credit or debit card needed

This channel is golden! Please keep making those videos.

@TheCommunicationCoach

Жыл бұрын

GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

@DarkGT

Жыл бұрын

@@TheCommunicationCoach File a complaint to the federal trade commission. What do you expect from me dude.

@TheCommunicationCoach

Жыл бұрын

@@DarkGT From you? Nothing. My only goal was to pass on information, and that's done.

@DarkGT

Жыл бұрын

@@TheCommunicationCoach Create your own video, make a posts around the social media like Reddit exposing your findings. Hijacking comments won't get you far, I tell you I don't care about your particular problem.

@TheCommunicationCoach

Жыл бұрын

@@DarkGT Like I care any less about you or yours. You want to be spied on and info stolen? GL with that, so stop bothering me.

Does this system work for blocking a sum of money on the card (for instance a hotel/car rental pre-authorization)? Or does it support getting money back, in case of a product return or due to some error during the payment? These work with the card.

@Coonotafoo

Жыл бұрын

A pre-authorization is only valid for 3 weeks (Visa/Master Card) or 7 days (American Express/Discover) if an authorization number obtained by the bank isn't "captured"/offlined/forced by the POS/Terminal the funds are automatically refunded to the card holder after the set time limit has expired. If a payment has been captured and needs to be refunded, generally the sponsor bank will allow for a refund to be preformed as most refunds are made blindly and can be interpreted by the bank's servers. Interestingly enough, while you can close out a pre-authorization amount for a higher amount, you generally cannot recharge a contactless card number. Since a new transaction needs to obtain an authorization number generally the bank will produce a host code 05 decline response if recharged.

@FlorinArjocu

Жыл бұрын

@@Coonotafoo So there are problems also with usong the card, wirelessly. Do all these work when you use Google Pay / Samsung Pay / Apple Pay?

@Coonotafoo

Жыл бұрын

​@@FlorinArjocu It's not actually a problem, no. What's stated above just about applies to ALL credit/debit card transactions, not just contactless transactions. About the only difference is that with a regular credit card the business can call the card processor and get the full credit card number and expiration date to rerun it (for example, if one of the employees accidentally undercharges the transaction by X amount.) Otherwise it's pretty much the same process. Plastic card/Apple Pay/Google Pay/Samsung pay, it doesn't matter. About the only card type that doesn't follow these rules are cards numbers that are generated to be ran for a very specific amount. (There's a few exceptions of course, but for 98% of all card transactions this is the case.)

@FlorinArjocu

Жыл бұрын

@@Coonotafoo Thank you for the answers. I am curious as I think these phone&online systems use also some virtual cards, so the bank/visa&co. would not know how to pair the virtual card and the actual one. I have no idea how they work.

Pushing the algorithm ❤️❤️

Does the Google Pay system function the same way on Pixel devices as it does other Android devices? Doesn’t the Titan M handle tokens like this?

In INDIA Gpay is used for UPI mostly.not for card payment.

@IAmSuyogJadhav

Жыл бұрын

That's due to a limitation imposed by RBI regarding storing debit card information

@ravitejaknts

Жыл бұрын

Gpay is different in India.

What tool was used to create the animation on this video?

Plz also make a video on the following topics: 1). How does Cloud Computing work? 2). How does AI work? 3). Fundamentals of ML 4). How do Siri/ Alexa work? 5). How does Whatsapp, Messenger work?

@eglintonflats

Жыл бұрын

Ever heard of reading? You are asking for information which is for people who need to know and you don't need to know, otherwise, you would know it by now.

@sanesharma7138

Жыл бұрын

@@eglintonflats lol okay, who hurt you!

POS terminals are designed to accept credit cards, which I believe use a different tech to encrypt the credit card number and cvv. So how does these terminals directly accept the token from Apple or Google pay? Unless Apple pay converts that in the format acceptable to POS terminal.

@ByteByteGo

Жыл бұрын

The phone talks to the POS terminal over NFC. Look up EMV contactless if you would like to learn more.

@TheCommunicationCoach

Жыл бұрын

GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

does this mean that at any point of time, Google or Apple could use our token to authorize transactions on our behalf, even ones not directly authorized by us?

@zackpi7874

Жыл бұрын

yes, of course. And a bank could do that too. It's all relying on your trust in these entities to not screw you. One redeeming point is that if Apple or Google faked transactions, they would still appear in your bank statement so you could refute them (which would end up looking really bad for Apple / Google over time and the bank would drop them, crippling their business, so it's really not in their best interest to screw you over.

@TheCommunicationCoach

Жыл бұрын

YES, and here's proof!! GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

Can you volume up a bit please? It's quite lower than other youtube vids

Does this in any way obsolete Visa or Mastercard payments networks, or are they simply using Visa and Mastercard?

@carlmannhard8051

Жыл бұрын

Also, could they bypass Visa/Mastercard in the future and if so, how?

I wonder what the Titan M2 Security Chip (built-in Pixel 6 and 7 Series) is doing then, when the payment token is stored in GPay itself.

@Lidi-Rumbling

Жыл бұрын

Stores biometrics and other personal AI features. I wanna beleive it also involves in the Google Wallet App

@AbhishekKumar-fl8bw

Жыл бұрын

GPay is available for all Android phones, not just Pixel.. and at the moment there isn't a large enough userbase of Pixel phones for Google to consider device specific changes in GPay functioning.

@a_decent_user

Жыл бұрын

I've commented on it under the video already, but in short - yes, it's used to store GPay tokens. "stored in GPay itself" is a very misleading claim. Phones that have secure enclave use that to store payment tokens.

Does it work differently in European countries with IBAN? For example when Apple Pay was released in The Netherlands, terminals didn’t need to be replaced or software update, as long as it had NFC. It just worked. I was on vacation in USA, at Walmart I used Apple Pay and the employee looked surprised at me because apparently they don’t support it. But somehow it worked.

@fishmeat69

Жыл бұрын

No it doesn't work differently. I'm no expert but I believe IBANs are used specifically for routing funds tranfers to the correct bank and account number, whereas with the concepts in this video the routing is done through the Visa/Mastercard/Amex networks to connect financial institutions at POS - then those respective banks handle account routing internally.

@levitatie

Жыл бұрын

nah it s only walmart and ig a few other stores that don't accept apple pay and that's because they have walmart pay or some shit to collect data from their customers

@SupernovaDragon77

Жыл бұрын

I think Walmart is an exception. It’s the only store I ever went to which Apple Pay didn’t work with the card terminal

@fckSashka

Жыл бұрын

@@SupernovaDragon77 he clearly said it worked for him, even at walmart

@fckSashka

Жыл бұрын

Your iPhone literally just mimics your card. So as long as a place accepts NFC *card* payments, you can pay with your iPhone. I’m not sure if Walmart accepts those though as I’m not from the US. What I get from this video is that maybe European cards get handled different by the banks themselves (Walmart might be able to block Apple Pay if a card from an American bank is linked to it). Groetjes uit Luxemburg btw ;^)

I love your videos. What program are you using to create animations?

@ByteByteGo

Жыл бұрын

Adobe After Effects and Adobe Illustrator. Our editors get all the credit, though. :)

Is Samsung Pay more similar to Google's or Apple's implementation?

If Apple stores tokens in the device's secure element and does not store them in the cloud, how are my cards added on iPhone available on Mac?

Interesting. How do you know this stuff?

Not sure about Apple, but Google Pay has horrible customer service. Added an address, the payment profile was suspended and I got an email asking for addition information. Provided information, immediately received and email citing COVID as reason for delayed responses which is just ridiculous at this point. That was two weeks ago and still haven't received any update. I sure wouldn't want to rely on them.

@markIrSa

Жыл бұрын

I think thats a big difference between apple and google. Apple will NEVER email you asking for information, in this case if it were to happen, you would be prompted with an error forcing you to call them or schedule an appointment to be called back. No information is ever transferred between customer and apple through email. Also, almost everything you do in regards to Apple go through 2FA to ensure its really you using it, so changing addresses and information that be authenticated

@electricz3045

Жыл бұрын

Hmm so because you had a issue with Google, it makes their whole customer support bad? Never had issues with the Google support.

@TheCommunicationCoach

Жыл бұрын

They lie and deny all day!! GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

@markus.schiefer

Жыл бұрын

@@electricz3045 That was only one example. I have couple more, but what's the point. And, by the way, for that example I managed, they only answered 3(!) months later.

@electricz3045

Жыл бұрын

@@markus.schiefer Google is a big company with a lot of users who want support so it's obvious that it takes time to answer questions.

I think one part that was not clarified / explained was how cryptogram comes into play during payment to ensure that the card and the transaction is genuine.

@marcostttttt

Жыл бұрын

Yes I also was left in wish of this information

@TheCommunicationCoach

Жыл бұрын

GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

- Do Apple Pay and GPay work for all POS terminals that already accepted contactless card? - How can Apple Pay and GPay communicate with EMV reader? as I see from the video, they only stored the DAN (Device Account Number)?

google pay now goes by google wallet except in the us and Singapore, where they have GPay AND Google Wallet, which work together. there is then India, which only has GPay

@TheCommunicationCoach

Жыл бұрын

GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

Either its me or not but I sometimes have no internet and can pay with google wallet in flight mode? Theres no communication then with the servers?

What is the flow for Google and apple pay over web browser?

@Hi-db5cd

Жыл бұрын

You mean a web payment?

@guycaffeinated

Жыл бұрын

@@Hi-db5cd yep, my understanding is that a 3rd party payment gateway needs to be involved

Cant you pay contactless by bank app?

It seems like you can pay with ApplePay without internet? and not with Google since its dealing with cloud. Can you confirm?

Wouldn’t it be more secure if a new token was generated and sent to the phone each time a transaction is made ? This way, a malicious pos terminal won’t be able to record the info for reuse. Please correct me if I am missing something

@vasquezgamer2989

Жыл бұрын

Would it be more secure? Sure, but there’s not a lot of point. Firstly, the process is plenty encrypted and you’ll rarely see an attack of that type because of it. Second, issuing a new token every time would take a lot more time at the time of purchase. They use temporary authorizing codes that change between purchases so that covers that potential for intercepting the info for unauthorized additional purchases, like a new cvc code per purchase. That’s the equivalent to why change the entire safe when you could just change the lock. Third and probably most important, these services need to be able to work offline. If you’re deep in rural country and you need to pay at the corner store which somehow has tap to pay, you can’t be SOL because you don’t have the phone signal to receive a new token. Also if you have a limited data plan, you want to be able to make purchases even if you have your data turned off. All these companies want to get to the point where your digital wallet replaces your physical one, and that can’t happen if you have to rely on having signal to use it. It would be overkill and really inconvenient!

How is it possible then to pay via Apple Pay when your device has no connection to the Internet? Maybe I didnt understand everything, but it would be nice to know :)

What happens if the DAN or Payment token is compromised and leaked? Is it subject to replay attacks?

@fusseldieb

Жыл бұрын

I think that the token is single-use only, just like rolling codes are on garage doors.

0:57 Actually, Google Wallet started as far back as 2011.

What about Samsung Pay? What is the different between them?

Does this mean you cannot use Google Pay without an internet connection as it will have to retrieve the token from the cloud? Apple Pay is usable even without an internet connection I believe, correct me if I’m wrong.

@ByteByteGo

Жыл бұрын

Google Pay stores the payment token in the wallet app on the device and communicates over NFC with the POS terminal using Host Card Emulation. It does not require an internet connection.

@kaiser9744

Жыл бұрын

@@ByteByteGo thank you very much for the enlightenment!

Is blockchain technology used to get those tokens or is this a completely different method?

@fusseldieb

Жыл бұрын

It has nothing to do with blockchain

Google pay was named TEZ before in India

Just googled and found that G Pay came first, on May 2011, whilst Apple Pay was released on Oct 2014.

@electricz3045

Жыл бұрын

That was called Google Wallet back then.

I don’t know how it looks now but several years ago 6? Google walet required enterin pin in POS terminal. Apple Pay didnt required

Google Wallet first appearance was in September 2011.

@tamaskiss6379

2 ай бұрын

VISA token service started only 2014. So Wallet couldn't use it yet. 🤷‍♂

@real_andrii

2 ай бұрын

@@tamaskiss6379 yet, people still could use Google Wallet to pay via NFC 😉

It's my understanding that Google keeps the payment I for because you can use Google pay without your phone to checkout from participating vendors. How does Apple participate in website checkout as an option if they don't store the token as Google does?

@vasquezgamer2989

Жыл бұрын

They don’t, not in the same way. If you aren’t accessing the site on an apple device using safari, then that button won’t appear for Apple Pay at all. From there, you can only use Apple Pay on devices that have a Secure Enclave with iPhone, iPad, and Apple Watch which it’s been a while so most in the wild apple devices have one. For Macs that have Secure Enclave, it works the same way. With Macs before 2012 that don’t, it will send the payment request to your iPhone or Apple Watch which will process the transaction for the Mac once you authenticate with FaceID or whatever. If you add a card to your apple wallet, it doesn’t automatically sync to your other devices. When setting up, it’ll ask if you want to add to your Apple Watch too and if you say yes, it will run the process to add it to your Apple Watch separate from the iPhone’s wallet add. If you want to add the card to your Mac, you do that locally on the Mac. The purpose is that none of this information is stored in the cloud or communicated without your permission, it’s all local on the respective Secure Enclave.

Samsung Pay? How is their implementation in comparison to Apple’s and Google’s??

Which one you are using, apple pay or gpay?

@ByteByteGo

Жыл бұрын

We deal in cold hard cash.

can you please make a video on Samsung Pay..... i wanna know how its works

5:11 That will not happen at all times since Google Pay still works without an Internet connection by saving 10 or 20 tokens on device.

Fantabulous , what software do you use for your animations ?

@bytebytego1838

Жыл бұрын

Adobe After Effects and Adobe Illustrator.

4:00 this is actually not right. The token never leaves your phone. It works kinda like TOTP so like your authenticator app. The six digits are NOT the private key.

Google wallet definitely started years before Apple pay. I believe in 2011

It means Google Pay can't support offline transactions?

Does not works on sites there use 3D Security by visa etc.

How about phonepe? Is it same as GPay?

Sure is complicated😮😮

What about Samsung Pay?

Nobody: Me at 3 AM:

Make a vid on how upi works

Can PoS steal the payment token?

Does Google get paid by the bank for each transaction?

ngl i much prefer apple pay cuz it requires the user to authorise it rather than just popping up whenever you tap it against a terminal

Google Wallet was released before 2014 they were doing mobile payments before Apple. Also Don't forget Samsung Pay.

I prefer Apple's method. I detest Google's method. The fact that google sits b/w point of sale and phone means that they can track transactions for ads

I believe Apple and Google monetize the transaction differently. (i.e. how they are paid for each transaction). Please speak to this as data security is clearly most people's principal concern.

@TheCommunicationCoach

Жыл бұрын

GOOGLE does more than just "spy" on us. Every time I make a payment online, Google invades my privacy and steals the card information and sets it up on Google Pay when it has NOTHING TO DO with GOOGLE!! This has happened six times in the past month, and I've reported them!

Wow, all this about a thing that could be said even in one sentence.

Are you sure phone hands off “The Token” ? That would make it vulnerable to pretend POS units that harvest tokens. It probably generates a time bound token and signs it with a private key that it stores.

@ByteByteGo

Жыл бұрын

Yes, the phone hands the token off to the POS terminal over NFC. There are two contactless standards currently used. EMV contactless is newer and more advanced. It uses something called "cryptogram" to safeguard the information. MSD contactless mimics a magnetic card. It is slightly better than straight magnetic card because the CVV is dynamically generated. Look up EMV and MSD contactless if you would like to learn more.

@europria

Жыл бұрын

@@ByteByteGo thanks , the question is here is not safety of transmission of token, but trust to vendor that they would not store the token, any reasonable security system would not transmit it such security element to a third party, the general practice is generate something temporary and add a trust mechanism in this case would be by signing it with the private key provided by payment provider. Basically oauth 2 or Jsonweb token concept.

@ByteByteGo

Жыл бұрын

As we mentioned in the previous reply, we encouraged you to look up EMV contactless specification if you want to learn more about how it secures the payment token and its associated information. The idea is very similar to what you are talking about.

@mattb1293

Жыл бұрын

@@ByteByteGo The detail about EMV cryptograms is totally glossed over in the video but I feel it's important to why EMV is more secure than legacy magstripe payments. During device provisioning, the device receives in addition to the DAN some cryptographic keys that are used to encrypt the data sent over NFC to the terminal. During a transaction, the cryptogram sent from the device to the terminal includes the DAN and a unique transaction identifier provided by the terminal. In addition to protecting the confidentiality of the DAN, this prevents replay attacks if a malicious actor intercepted the NFC transmission, since the cryptogram will not be able to be used for a different transaction in the future. This is a key benefit of EMV over legacy magnetic stripe card payments which were highly susceptible to "skimmers": since the data on the magstripe was static, a copy of it could be used for future fraudulent transactions without the original card being present. The video implies that only the DAN is sent from the device to the POS terminal. If this were the case, the same sort of replay attack that's possible with magstripe cards would also be possible with EMV chip cards and digital wallets.

"and which one is better" didn't find the answer

I still think the process on both is similar .

@georgebarlowr

Жыл бұрын

The guy literally said it is similar just it differs with how they store your token.

2:24 - Secure Element? I was under the impression it was called the Secure Enclave. Please clarify. In either case, great video. I always enjoy your work.

@Kamroks455

Жыл бұрын

Ithink the secure enclave is a part of the M-series chips found in Mac and some iPad models. They may not be related necessarily, but probably some of the secure element development techniques can be found in the M-series

@robertholtz

Жыл бұрын

@@Kamroks455 No no. The Secure Enclave Processor (SEP) predates the M-series chips by at least 6 years. The SEP has been the cornerstone of the Apple Pay system architecture since day one.

@robertholtz

Жыл бұрын

@@Kamroks455 By the way, not only is the SEP its own distinct chip that long predates the M-series chips but it runs its own proprietary OS literally called sepOS. And I’ve since independently confirmed that it is definitely Secure Enclave and NOT Secure Element. Apple Patent US8832465B2.

@vasquezgamer2989

Жыл бұрын

@@robertholtz I think you have a slight misunderstanding throwing you off. Most Apple mobile device has a secure element. Apple has called it the Secure Enclave. Pixel 6 devices have a secure element. Google calls it the Tensor Security Core. It’s the vague terminology. A secure element is a chip that is by design protected against unauthorized access and is limited to storing and utilizing sensitive data, like biometrics. He’s talking about the Secure Enclave but it’s a secure element, so he’s not wrong. You’re right too though, it is the Secure Enclave.

what was if bad guy steal token? he can do payment?

если бы они еще работали...

How about samsung pay

@kendeldesir6548

Жыл бұрын

I can't find you

If they are not storing then why do they need to their server in middle? Definitely storing and giving input to their ML. Big Tech is our God now.

I'm a both user but I say google is open source absolutely 😶

Walmart Doesn’t want Apple Pay

@yourDecisi0n

Жыл бұрын

Because Walmart wants to collect data on their customers, therefore they created their own payment app and this avoids payment fees as well. Horrible company

I love iPhone I know I’m rich to have one