| My understanding is that this operates on basically the same principle as RSA SecureID. You have an unlimited-use token stored in a dedicated chip, that for all practical purposes is impossible to access, short of, let's say, a scanning electron microscope. That chip, with its unlimited-use token then generates one-time tokens which are sent over the payment network. In theory the chip could issue an arbitrary number of tokens if criminals got ahold of it. But in practice, it stores a little bit of the data it needs to make a token in the neighboring TouchID chip, which operates on essentially the same principle (stores fingerprint data and missing payment data in secure hardware location, only lets it out if fingerprint sensor looks good). To summarize you have to steal both the phone (or both chips anyway) plus the fingerprint information so the chips are useful. But wait, you say--I did steal the fingerprint data! The user left fingerprints on the back of the phone! Well, you've got me there. But hopefully by the time your very sophisticated gang of gloved thieves has bagged and dusted your phone for prints, you've made your way to iCloud.com and revoked the phone's forever-time token, so all future one-time tokens will be considered invalid. Keep in mind, the standard being replaced here is one where you carry all your payment information around in your pocket in plaintext. This scheme is a massive improvement on that. There's an old saying that seems relevant here: I don't have to outrun the bear, I have to outrun you. There's tremendous amount of value in being marginally safer than the next guy. |