This Sunday, I watched a Punch Brother’s live show. Yes watched Punch Brothers live streaming an hour-twenty or so of non-stop live music. Just five guys and a Neumann U-87 performing Oprey style like they always do on stage. Lots of tuning as keys changed. But tight and moved.
Punch Brothers engaged Mandolin.com a start up streaming production company to produce the show. Mandolin handled the lighting, video production, stream production, and content distribution and ticketing. The band prepared and practiced like they would for any live gig. Mandolin boffins and roadies handled all the tech for the show.
Publicity for the show. A Punch Brothers tweet, a Chris Thile retweet. Don’t know how big the crowd was. Dismal Manor was a sudden sailor for $25. Calvin needs shoes, what can I say?
Featured image courtesy of Apple, Inc. for use in this commentary.
In the summer of 2019, Apple launched the Apple Card in partnership with Wall Street bank Goldman Sachs and transaction interchange network MasterCharge. Apple made a fuss over its titanium substrate and elegant looks. Others give their attention to its interest rates, limits, fees, and cash back features. Truth be known, the Apple Card is a better than median deal for most but not a fee leader or interest rate leader. But it is the first 21st century credit card. After the break, I’ll explain why.
15 August 2020, correct inaccuracy regarding magnetic stripe.
15 August 2020, how do I pay my Apple Card bill?
15 August 2020, Added shimming reference
15 August 2020, Added glossary and cleaned up terminology to make it consistent with the world.
15 August 2020, Added compromised card procedures
18 August 2020, Apple Card does not work with Quicken, Banktivity, etc.
EMV Europay, MasterCard, Visa consortium specifying the chip and pin interchange network protocol and chip to reader protocol
NFC Near field contactless protocol used on air between a payment terminal and a account holder token or mobile device.
EMV and NFC transaction use the physical card number. The physical card number takes its name from the fact that it is baked into the chip embedded in the card.
Card Not PresentNumber my shorthand for the full card number you can read in Apple Wallet. An easily replaced virtual card number.
Physical Card Number Apple Wallet name for the card number used for NFC and EMV transactions. Last 4 shown. It is encoded in your titanium card hence physical card number.
Device Account Number Apple Wallet name for the card number used by Apple Pay transactions. Last 4 shown.
21st Century ???
So why is the Apple Card the first 21st century credit card? Because it is the first designed exclusively for use with modern payment interchange infrastructure. The minimal design is striking. Nowhere on the card is there a card number, an expiration date, or a magic number for use in manual transactions.
The card itself can be used in chip-and-pin readers that support the EMV protocol described in reference . It also has a magnetic stripe allowing it to be used with the deprecated stripe reading terminals.
Second, it is designed for near field radio contactless payment devices in partnership with Apple iPhone and Apple Watch.
Apple iPhone is designed for use with near field contactless readers like the one shown above conducting a transaction with Google Wallet on an early Android device. Any transaction point showing the radio waves and card symbol is able to conduct near field contact-less transactions. In the Apple ecosystem, Apple Wallet lets you select a card and carry out the transaction. Note that Apple Card itself does not have the radio parts imbedded, just the EMV card present parts.
Apple Pay and Apple Card are integrated. Any transaction point supporting Apple Pay works with iPhone Apple Wallet and with Apple Card EMV transactions. NFC transactions require that the transaction point have the proper radio parts included.
Note that Apple Pay is an optional protocol with most merchant services providers. Some include it as a free configuration option. Others bleed the merchant for a bit more vigorish to support Apple Pay. Apple Pay is offered to merchant services folk and the interchange carriers without cost. As merchants replace readers, they are adopting EMV/NFC protocols and Apple Pay as checkout is quicker and more secure.
Apple Card is about Security
Goldman, MasterCard, and Apple designed Apple Card to be identity theft resistant. It can only be used for EMV transactions. No numbers on the card to be photographed. Yes, servers photo cards for later exploitation.
The card has multiple card numbers, one for each payment channel. There is a virtual account number card not present transactions. There is a physical card number for EMV and NFC transactions initiated by the card. There is a device card number for Apple Pay transactions. You can change the virtual account number after each use if you wish.
The Apple Wallet App shows all “completed” transactions, here completed means that the EMV, NFC or Apple pAy protocol has run from start to finish without error and an accepted status was received. You’ll also see failed transactions.
Fraudulent transactions become a lot more difficult as the card must be present for most transactions. The card may be present directly, or the transaction can be Apple Pay or Apple Cash Pay if you have set it up. The EMV protocol works via hashes and transaction IDs. There is no point in the transaction where your card number is exposed to be stolen. There is no strip to copy during the swipe. There is a name on the card so you can retrieve it from your server but no other PII on the outside of the card. What there is on the card is encrypted in the EMV secure enclave on the card.
Use the last 4 of the account number to identify which of the three numbers was compromised. Report the compromise to Goldman. Goldman will carry out its fraudulent transaction procedures to reimburse you.
Activating Apple Card
Order Apple Card using Apple Wallet on your iPhone. Apple creates a card matched to that iPhone and Apple ID. Only the ordering iPhone is able to activate and use the card. Its a cryptography thing (public key and private key). To activate the card, open Apple Wallet and place the NFC antenna over the marked spot on the card’s shipping wallet. The two talk to deliver the phone’s half of the cryptographic key pair. Apple has the other half. The phone saves off its key in the secure enclave (that pesky trusted computing stuff). This cryptographic trickery complies with the EMV protocol allowing any EMV NFC reader to conduct an Apple Card transaction.
Apple Card is a Credit Card
It does not have a PIN. Some European points of sale may require a PIN for all cards. If so, you’ll need to use another card at these.
It is not a debit card. You accumulate a bill that closes at the end of the month (28th?) and is carried interest free until the end of the following month. I opened my card in mid-August. It will generate a statement on 30 August. I must pay by 30 September to avoid interest charges.
Credit Line Sizing
Apple set my credit limit at about 10% of my yearly income based on the number I gave them (about twice my Social Security). It appears to be all about Goldman’s opinion about your income statement accuracy and what they can learn about you from the credit bureaus. Spousal income is not considered.
Apple Touch or Face ID controls access
To use Apple Wallet and Apple Card, you must have an unlocked iPhone with you. Apple Touch, Face ID, and iCloud credentials control access to the Apple Card credentials used for transactions. The secure enclave in the T2 chip stores the Apple Card credentials.
Old School Transactions
On Friday, I ordered some music from Qobuz. I payed for it with my Apple Card by using the card number, expiration date, and CCV obtained from Apple Wallet. These are generated uniquely for each card. At any time, you can request a replacement trio, well just because. Or if you don’t trust the Russian Internet merchant. Those numbers are good until you say they are not and replace them.
Wallet is Really Useful
Apple Wallet App gives you access to your transaction history as it is built up, your balance, payment date, and payment process. Click the Pay thing and run through the dialog. You will also receive transaction alerts.
Paying your Apple Card Bill
You pay your Apple Card bill using Apple Wallet to manually initiate an ACH transaction to transfer money from your bank account to your Apple Card account. This requires having your ACH credentials stored in Wallet which keeps them in the secure enclave on the T2 chip.
Apple Card Doesn’t Play Nicely with Personal Finance Programs
Apple Card is not designed to be used with personal finance programs such as Quicken, Mint, and Banktivity. Basically, Goldman Sachs does not offer a net portal for the purpose. Also, the card has multiple account numbers, one for each transaction environment. Only the least used card not present number is exposed for your use. The physical card number and device card number are hidden.
Apple Wallet provides a mechanism for exporting the transactions listed n a statement (they’re in your wallet) to an external computer for transfer to a personal finance manager. Reference  gives the export procedures. The import procedure is destination specific.
Apple Card is still vulnerable to fraudulent transactions. So far, most have happened when the online card not present numbers were used and leaked by a compromised website.
Other fraudulent transactions have occurred when the EMV chip and pin interface was shimmed in a terminal and the transaction copied and used to construct a fraudulent magnetic stripe card.
Apple Card wisely uses three credit card numbers, one for card not present transactions, one for EMV transactions, and one for NFC transactions. Apple Wallet allows you to lock the apple card physical card disabling EMV and stripe transactions. You can continue to make NFC transactions using Apple Wallet and Apple Watch.
Card Not Present Number Compromised
If your card not present virtual card number has been compromised, you can kill it immediately from within Wallet by requesting a new one.
Physical Card Number Compromised
If the physical card number has been compromised, immediately lock the physical card using the lock procedure in Apple Wallet. Order a replacement card by card by running the lost or stolen procedure within Apple Wallet. You will still be able to use Apple Pay which uses the device card number.
Device Card Number Compromised
This should never happen. Apple Pay uses transaction tokenization and stores transactions locally on the secure element (T2 Chip). Report this to Apple Support! Yell really loudly. I can find no mention of a compromised Apple Pay device number.
In the US, most merchants absorb the merchant services costs. Vending machines selling candy and soda are the notable exception. Each transaction has three components, the fixed transaction charge, typically $0.25 for US providers, an interchange fee of 2% to 3% of ticket that has an interchange component and a merchant service component.
Some merchant services providers use tranches for transaction pricing with A, B, and C originators. The pricing bins are for card present, card not present, and risky business transactions. For some reason, lodging charges are risky (reservation deposits and cancellations gum up the works). Restaurants are also risky. Risky is risky in regard to the merchant services provider getting paid. Restaurants are risky because they have a short half-life. Non-profits are typically given preferred rates as little goes wrong for their merchant services provider.
More enlightened merchant services providers offer interchange plus pricing. They pass through the Authorize.net or other interchange network charge adding a surcharge proportional to the ticket face value. For a small non-profit, many merchant services providers will offer interchange plus pricing that averages out about 2.9% of ticket. If interchange plus pricing is available, that is the preferred pricing.
Shimming is the new skimming. You can protect yourself from shimming attacks by using the terminals NFC payment interface where ever possible. Shimming has the ability to compromise your Apple Card physical card number.
Crooks sandwich a shim between the card and the terminal. The terminal and card chat for the EMV transaction. The shim snoops on the exchange and stores the messages in flash. The shim can be inserted in the terminal and concealed. If you feel any unusual resistance inserting your card into the reader there may be a shim present.
From what the shim overhears, an unscrupulous person can recreate the contents of an old-fashioned card stripe and make a fraudulent card. This is a risk when your card disappears during the transaction and is then returned. A reputable establishment will perform the card transaction in your presence using a regular chip and pin reader.
It is possible to tamer with chip and pin readers but this is becoming increasingly hard as equipment becomes more tamper resistant to fraudulent setup alteration.
Ring’s prominence in the news prompted me to look for an alternative to replace the Ring doorbell with its security issues, limited battery life, and less than satisfactory image quality. While I was at it, I also wanted a couple of cameras to look in on the area where the dogs hang out. Because of the added porch roof, it is difficult to run Ethernet cable to this area for wired cameras. Camera things are in flux with many entrants into the market place. After a market search, I settled on an Anker EuFy doorbell and cameras. Find out more after the jump.
The Moocher finally decided to replace his iPhone 6 while keeping its little buddy. That turned out to be a frustrating evolution because Apple does not cue you to look at the checklist for this evolution. The watch has to be unpaired from the old phone before it is retired and paired to the new phone. If you do everything in order, it goes smoothly. If you try to wing it without the check list, you may end up with a useless wrist ornament as I did.
This short note guides you around the common pitfalls for swapping iPhones while retaining a current Watch. Well, it started that way until my USAA 2FA token went crazy.
For the longest time, Apple Airport Extreme secured the Dismal Manor networks. This began back in 2002 when, out of curiosity, the Head Moocher bought an Air Port Express to add WiFi in the early days. The Moocher had noticed that firmware updates kept showing up for the Airport products so concluded, rightly, that Apple was making an effort to keep these products up to date and secure. When Apple discontinued the Airport product line, it was time to move on. But to what?
Are streaming services evil? For some. For others, they are the gateway to new artists, concerts, and record purchases. Audiophiles that have made the leap are in this latter camp. There’s more to life than the next Beatles reissue. Read on to learn how Roon, Qobuz, and Tidal combine synergisticly to promote artists and music. Roon 1.6 Radio is the secret.
A new switch, cloud key, and updated network video recorder joined the Dismal Manor UniFi stable this October. The Moocher checked firmware to discover that updating the core POE switch to the latest firmware required updating UniFi Controller. At that time, UniFi controller ran in a FreeNAS jail. So, the cheap intrepid Moocher tried to update UniFi controller in the jail. He quickly discovered he was in dependency hell. Find out how he got out after the jump.
Although the house has full-house surge protection in the panel, I elect to use a second line of defense for the computers, network electronics, and audio and video systems. In the past, I had used APC power conditioners for this task but another 5 years had passed and it was time for battery replacement. Being tired of messing with lead acid gel cell batteries, I looked around and settled on Furman Power conditioners. After all, something robust enough to protect a $40,000 church PA should be good enough for home, right? Turns out, it was more than good enough. Product impressions and listening impressions follow plus a bit of EE tech.
This is the 4th post in a series chronicling a small church’s experience with the Grandstream GDS3710 Door System. We like the product but the deployment has been like solving Rubik’s Cube. We found we had to do a lot of tinkering to get things working, something that shouldn’t happen with such a sophisticated product.
This article summarizes some of our lessons learned, particularly with regard to use of the keypad to enter PINS, the interpretation of the virtual number field and the various way the doors can be opened using the GDS3710.
The Grandstream 3710 Door System provides a video intercom, security camera (its recordable using compatible NVRS), RFID reader, and door unlock control relay. The device has a contact input that can be used for an inside exit demand input and a second that can be used as a door status sensor input. And all of this for the price of a door controller from HID or AXIS.
This is a new device so it has a few rough edges. This post talks about the rough edges.