So I use Apple product because I like their interface, but I have also been trying not to rely on Apple services, such as iCloud, in order to use more private alternatives.
Being in the EU, I haven’t found a way to make private/secure payments (can’t use privacy.com, e.g.). So far, I have resisted using Apple Pay, believing that it would share my purchases with Apple, which may not be the case.
However, I can’t seem to find a good and clear pros&cons list of using Apple Pay versus just using my debit card like I currently do (no need to mention cash; I know I can often pay cash and already do so when needed – this is just about card payments).
Ahah, thanks, that’s the video that made me start to reconsider my decision. But I didn’t really get a clear picture of pros and cons, leider.
Thank you so much for sharing this video!
TIL that Apple Wallet can be used completely offline. (I previously thought it needed an internet connection to use Apple Pay.)
It is a great video and I trust him but any sources of his claims?
Can you be more specific about which claim(s) specifically you are referring to?
Dont you have access to a local payment method that might be more private? For example, here in Portugal we have MBNET, which is basically privacy.com (gives you virtual visa/mastercard cards), and has been around since 2002. We also have Multibanco, where mechants wont get access to your name or bank details. Other countries in Europe also have some interesting payment methods available
I don’t think so, no. At least, nothing that I am aware of. I know that some banks offer masking services, but mine does not.
It’s just how Apple Pay works, there are no outrageous or new claims in there. Since 2014 when Apple introduced this, they have maintained the same system (in regards to credit and debit card payments from the big networks MC, Visa, AMEX etc. at least, some local payment methods you need to look a little bit more into how they work in detail with Apple Pay). Apple Pay security and privacy overview - Apple Support
But so it hides the card number from the merchant and does not send data to Apple, right? Any downsides at all compared to regular cards purchases? Any reason not to use it?
it hides the card number from the merchant
Kinda. They won’t get the number that is printed on your card. They instead will get what Apple calls the “Device Account Number”, generated by your card issuer and unknown to Apple. But your Device Account Number will not rotate all the time.
does not send data to Apple
There is some data sent to Apple. But not full details of specific payments. The payments still work the same as with a physical card and are between you, your bank, the merchant and the merchant’s bank and payment service provider(s). Apple Pay is not a payment method like PayPal, it’s a brand name for a set of technologies provided by Apple to use your phone as an EMV payment card. (+ in some regions other kind of payment methods) Apple will still get some info like how many cards and from which issuers are in your Wallet app. They also act as an intermediary for E2EE information passed between your card issuer and your Wallet app, ie your phone will not talk directly to your card issuer but use Apple servers as a kind of “proxy”, for example to show information about past payments. So there is some metadata that Apple could use for statistics or theoretically also to try to learn more about your payment behavior.
Personally I think there is not really a difference between using a physical card and Apple Pay when it comes to privacy. And there are some security benefits with Apple Pay. But the privacy boon you would get by not using card payments if possible. I hate handling cash myself, but there is no other widespread payment method that gives you comparable privacy. Something like the digital euro or Taler could come close, but right now that doesn’t exist yet or isn’t widespread enough.
This is a good point, although it’s probably worth noting that most card issuers don’t use this functionality. In the US American Express is the only one I know of which does proactively send transaction information to the Wallet app.
Also worth noting there are some features like this one in the UK which do not work like that at all: How to Use the New Apple Pay UK Bank Account Balance Feature - MacRumors Here if you decide to use it Apple is actually fetching your bank account data from your bank and processes it on their servers. Of course, they claim to not do anything nefarious with it and that might very well be true, but it’s a whole different can of worms.
And also what is true about Apple Pay is definitely not the case for Google Pay. With Google, your card is not in some kind of secure element in your phone, it’s inside Google cloud servers. Yes probably they’re saying that they’re using HSMs and stuff, but eh. Definitely not comparable imo.
Thanks a lot for all this! To be honest, it does not really seem like it makes a major difference compared to regular card use.