Skip to main content

Apple Watch uses constant skin contact to validate Apple Pay purchases

apple-watch-edition

A couple of reports yesterday and today have highlighted a little tidbit of information many have been wondering about the upcoming Apple Watch: How will the device make sure payments via Apple Pay are secure? Both the iPhone 6 and iPhone 6 Plus have the convenient Touch ID sensor to validate that your purchases are indeed being done by you, but new information suggests that the Apple Watch is going to accomplish this security in a slightly different way…

Apparently, the Apple Watch is going to use a PIN code to authorize Apple Pay, after which the device will remain authorized as long as it remains on your wrist. It accomplishes this using one or more of the sensors on the back of the watch, which can intelligently determine if you’ve taken it off. After you’ve taken it off, the watch is locked out from being to work with Apple Pay until you enter your PIN again.

Apple officially unveiled the Apple Watch wearable at its September event yesterday in three different models, touting the device as having a retina display, a”Digital Crown” for controlling the device in innovative ways, a “Taptic Engine” that can simulate a tap on the wrist, and much more. The device will require an iPhone 5 or later, and is going to launch in 2015 starting at $349.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. al0963 - 10 years ago

    Smart, thats is just in case someone steals it from you!

  2. yes so basically every night when I remove my watch to recharge it I will have to enter my pin the next day. Or shower, or swim, or … I would hope that if the watch is never more than 30 feet from the phone it still is authorized. That would make a bit more sense.

    • varera (@real_varera) - 10 years ago

      No would not make more sense. Someone relieves you of the watch while you are in the mall and then make purchases in the all possible places that are less than 30 feet from you when you walk down the mall…

      • Bruno Fernandes (@Linkb8) - 10 years ago

        You wouldn’t notice someone removing the watch from your wrist? And then take some kind of action? This isn’t a magic show.

    • Overlord - 10 years ago

      Just wait for Apple Watch 2 with TouchID on touchscreen. ;)

  3. taoprophet420 - 10 years ago

    So basically you have to renter the pin everyday after you charge it. They are biometric sensors that use heart rate to unlock..not sure why Apple didn’t go that route.

    • reese728 - 10 years ago

      samething i was thinking, might be tricky though since heart rate vary throughout day

    • o0smoothies0o - 10 years ago

      No there is nothing like that. There are ECG unlocks which require you to place another finger on a metal part of the device with the other hand so it completes a circuit through the heart to get the ECG. That also requires you doing that every time you put it on. The best thing would be Touch ID followed by constant authenticated state through other sensors knowing it is remaining on the wrist.

  4. Nick Santos - 10 years ago

    This would be awesome! But there are two points that aren’t so good:

    1) If it’s waterproof, but not water-resistant. That means every time you are swimming, taking a shower or other activities, you have to take it off.
    2) if the battery life is just for one day, you have to take it off everyday.

    These 2 points are going to make you put the pin code almost every time you are buying something.

    • johns2345 - 10 years ago

      But… (Just for conversation) PIN codes don’t take that long to put in, do they? Also, someone could steal it while it is not on your arm.

      John

      • Nick Santos - 10 years ago

        I agree with you, buddy. We can put a pin in some seconds (even though it may be a bad experience in a watch). But you know… everyone who loves Apple’s products, as I do, knows they can do “perfect” stuffs ;)

        Some people are talking about use some heartbeats information to identify a person… if that’s really possible, apparently it would be perfect, right?

    • zeromeus - 10 years ago

      You got it backwards. It’s water resistant, not water proof. Water proof means that water cannot enter it in any way. Water resistant means water cannot enter it under certain conditions such as hand-washing, splash, etc. With a water-proof watch, you can go diving with it!

      • Nick Santos - 10 years ago

        Thanks buddy ;)

      • Billy Devine - 10 years ago

        You’re wrong..There is no watch that is water proof. Watches are measured by “Water resistance” and that works by how much pressure at what depth can the watch take before leaky time. Breitling Navitimer is rated at 30m, You can’t get it wet or water will leak in. Most dress Rolexs which are very tough watches are 100m,You can shower and swim with it safely. most dive watches are 300m which means you can snorkel with it on. Some watches are crazy with 3,000m. http://www.prestigetime.com/page.php?water-resistance

      • Sorry, but he doesn’t have it backwards, you do. I know it seems counter-intuitive, but a water-proof watch has been somewhat protected from minor splashes. A water-resistant watch on the other hand can handle more than a light splash, all the way to some pretty serious scuba diving, depending on what level of water-resistance it has. Seems backwards? Yes, I agree, but this is the way it is, and I learned this when I was about 9 years old, so you don’t have much of an excuse. This really is the way it is. And you ought to know this, and apologize.

      • Jesse Supaman Nichols - 10 years ago

        @Israel Anderson, Sorry buddy. You are the one in the wrong here. The reason that what you said seems counter-intuitive is because it IS. And it’s also wrong. Perhaps as you get older, you should update your 9-year-old level education. I hate to tell you this… But the Tooth Fairy isn’t real either.

        Water proof means that it is 100% protected against water. Water resistant means that the material/product will RESIST the water. For example, the FDA will no longer allow the sun screen industry to label sunscreens as “water-proof”, because there is no such thing as a “water-proof” sunscreen… or it would never come off! Technically, there is no such thing as a “water proof” watch (as Billy said), but rather watches are ranked on an ingress protection scale that denotes the level of protection of an object from both solid and liquid objects. Products are typically considered “water proof” when they have a liquid ingress protection level of 8 or 9. However, even those products will have their practical limits. Any products that are listed below that LIP level are considered to be water resistant. This really is the way it is. And you ought to know this before you smugly criticize someone… and apologize. Cheers! =)

    • Billy Devine - 10 years ago

      There is no watch that is water proof. Watches are measured by “Water resistance” and that works by how much pressure at what depth can the watch take before leaky time. Breitling Navitimer is rated at 30m, You can’t get it wet or water will leak in. Most dress Rolexs which are very tough watches are 100m,You can shower and swim with it safely. most dive watches are 300m which means you can snorkel with it on. Some watches are crazy with 3,000m. http://www.prestigetime.com/page.php?water-resistance

    • Your iWatch needs to be with your phone, you unlock your phone with a pin or Touch ID, the watch is valid. So if you unlock your phone at any point between the time you take it off and need to pay for something, you’re all good

    • tuvatech - 10 years ago

      It would still be less than what you are doing now with your credit or debit card, isn’t it?

  5. o0smoothies0o - 10 years ago

    This is obvious to do, but it’s just sad that this is all Apple is doing with it. It should act as an invisible aura of security around the wearer so it could unlock any devices you approach and lock them as you move away, and it should do the same with doorknobs etc. I Have to believe they just couldn’t do a tenth of what they wanted to do to battery life reality.

    • Daniel L. Lau - 10 years ago

      Good one; however, auto manufacturers tried that many times with keyless entry. Customers hated it because they never could handle the nagging feeling that maybe their car doors weren’t really locked as they walked away from the car. So they added a push button to the car door handle that would lock and unlock the car as long as the key fob was in close proximity to the button that was actually pressed. I’m sure you know this because you probably drive an Infiniti Q50 or perhaps the Mercedes Benz E class. Now another issue that is clearly being forgotten in all this is that Apple found a novel (i.e. patentable) solution and that they hope will not infringe on previous attempts at smart watches.

    • Israel Molina - 10 years ago

      The phone is open to 3rd party app developers who can implement that in their own devices.

      • o0smoothies0o - 10 years ago

        Third party is no the answer. I’m talking about Apple security level. I’m talking about the device having sensors and secure unlocking ability. I’m talking about Apple devices unlocking and locking based on you coming close or leaving.

  6. Jeff Johnson - 10 years ago

    I would bet that when it looses the heart beat, it disconnects. So if lost or stolen or the owner is killed it stops the ability to purchase.

  7. Everyone has a unique heart beat. Thats the simple way to handle this.

    • prolango - 10 years ago

      Israel, are you getting one of waiting for v2?

      • prolango - 10 years ago

        or* (love auto complete)

  8. kelvynw - 10 years ago

    Maybe to make it simpler they could make an authentication method for everytime you wear the watch. Something like a notification o the iPhone asking you to authenticate the watch by touching the TouchID.

  9. Dmitry Samarkin - 10 years ago

    what if someone cuts you hand off?

    • mdmeridius - 10 years ago

      Why would someone cut your hand off if it means that when they pay for something they have to wave a cut off hand about to pay for it, like the store clerk isn’t going to say anything.

  10. tidersisbeter - 10 years ago

    what about using the NFC in both the devices the unlock the apple pay. like you pull out your phone hold it near your watch and just use the touchID to authenticate it. Then it just keeps working until the watch is removed. That way you don’t have to tediously enter a pin.

  11. I just want to know how payment informations (i.e. the cards and info stored on the phone) are securely transferred/sync’d with the watch.

Author

Avatar for Stephen Hall Stephen Hall

Stephen is Growth Director at 9to5. If you want to get in touch, follow me on Twitter. Or, email at stephen (at) 9to5mac (dot) com, or an encrypted email at hallstephenj (at) protonmail (dot) com.