Hacker News new | ask | show | jobs
by Darthy 3302 days ago
That's actually not how ApplePay works. You get a new randomized credit card number, but only once. Shops can still track you by checking for the number. You can check that yourself by looking at receipts when you pay with ApplePay - each receipt features the same numbers (most receipt only show the last 4 digits, but they are always the same when you pay with ApplePay).
3 comments
jarcoal 3302 days ago
Indeed, I observed this because our local grocer asks for your email address when checking out so it can send receipts there. After providing mine it never asked again.

It would be really cool if it generated new numbers each time and had an amount coded to that number. So when I wave my Apple Pay device over the reader it would display the amount on the device, I would approve, and then a number would be handed back that's only good for that amount.

link
ljoshua 3302 days ago
Is it a randomized number per card per merchant, or just a randomized number per card?
link
Darthy 3302 days ago
It's a randomized number per original card. Every merchant sees the same number. According to some other poster, if you have several devices (like an iPhone and an Apple Watch), then you get a new number for each device.

So, not only can a single merchant track you, but all merchants can cross-reference the data they have about you and track your whereabouts, purchasing habits etc. They just don't know who you are anymore, because that information is not transmitted. Unless one merchant asks for your email or home address, and this merchant then adds that email to a shared database, at which point we're back to step 1 and the merchants know everything about you.

link
stirlo 3302 days ago
Or you just use any kind of loyalty card/ account when making a payment using apple pay even once. :( I didn't realize it only randomized once and am now disappointed in the way apple marketed it.
link
djrogers 3302 days ago
It's per-device/per card, so your Amex gets a different number on your iPhone, watch, and MacBook, as will your visa.
link
needusername 3301 days ago
Nothing about the new PAN is randomized. It's valid PAN pointing to a dedicated, valid BIN range and has a valid Luhn checksum.
link