Apple Pay – How Printed Store Receipts are Handled

Diane and I had an interesting couple of transactions. Around the holidays, Diane and I went to one of the big box retail stores and bought her Mom a couple of boxes of disposable heating pads for a sore shoulder. I used the Apple Pay app on my watch to pay for the pads. Last week her Mom let us know she did not need the second box so Diane brought that box back today with the original receipt.

There was some confusion at the store about the credit card number on the original receipt because it did not match either of the two cards Diane and I have. We were concerned the original transaction may have gone on someone else’s card and, with us returning the heating pads and getting credit on one of our cards, we may have gotten ourselves in some kind of trouble.

When Diane got home we looked at our credit card detail and sure enough – the $77.85 we spent on December 27 was listed. So, why was the last four unknown (to us) digits wrong on the original receipt? A little more digging found similar receipts with the same unknown four digit number for Apple Pay purchases.

With a little investigating, we were able to figure out what happened.  When you use Apple pay the card number on the receipt reflects your device ID, not the last 4 digits of your credit card. There is also no name on the receipt – it will be listed as “Contactless”. This way if you drop a receipt and someone picks it up there is no way you can be identified. It has no personal information on it. If you use Apple Pay check it out the next time you buy something using it.

Not having to take may card out of my wallet, no Personally Identifiable Information (PII) on the receipt...... added privacy and security – good stuff!

Carrier IQ - are You Being Tracked?

Last month, security researcher Trevor Eckhart published a report accusing CarrierIQ of installing malware on more than 140 million devices worldwide. Eckhart also published a video showing CIQ's software secretly running in the background and monitoring a variety of handset activity on an HTC device including key presses, browsing history, SMS logs, and location data. If you have not seen it, here's Part 2 of Trevor's video: 



Yesterday Senator Al Franken from Minnesota "reached out" to AT&T, HTC, Samsung, and Sprint Nextel after they acknowledged their use of Carrier IQ’s diagnostic software to request that they explain (within the next 12 days) what they do with the information they receive from the software.
Also yesterday, Carrier IQ released a statement saying:

We measure and summarize performance of the device to assist Operators in delivering better service. While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.

In addition, the following updates have been posted by The Huffington Post:

Grant Paul, a well-known iPhone hacker who goes by the screenname "chpwn",wrote on his blog that Apple has included Carrier IQ on the iPhone, but the software's default is disabled.  

Want to find out if your phone is secretly tracking you? Check out our comprehensive list of the devices and carriers known to use Carrier IQ.