2025-07-31 21:10:18
I very rarely talk about payments on this blog, but every once in a while I get to talk about something I think might be interesting: network tokens!
Many years ago, merchants selling products online and in person were handling your card details directly. That meant that if they didn't know what they were doing, they could leak your raw 16-digit card number, expiration date, and cvv. If you've got all three of those, you can run a transaction on that card basically anywhere in the world.
However, over the past decade or more, e-commerce payment collection has changed to a system where the merchant never sees the card data at all. The next time you're on a website entering your card number, right-click and inspect the text fields for the card data and you're almost certainly going to see that is actually a text field served inside an iframe hosted by a big name in payments that you've heard of. In the modern world, merchants don't want your card number, they never want to see it, it's just a liability for them. Even in a "save my card for later" situation, the payment provider holds onto the card data and gives the merchant a token that they can use to charge that card again. When the merchant wants to charge that customer again, they make an authenticated payment request with that unique token and the payment provider sends the raw card to the payment processor in the background.
Digital wallets like Apple Pay and Google Pay have added even more security in the flow by never transmitting the raw card data at all. Instead, they transfer an encrypted blob of data, that data is decrypted by the payment provider, and then a DPAN is sent to the processor. We're into the weeds here, but a DPAN is different from the FPAN that you see on your physical card, so you can read more about the differences between the two in this post I wrote last year. The super short version is that if someone steals your FPAN data (aka the numbers and expiration date on your physical card) they can attempt real transactions on basically any checkout page on the internet. If they steal your DPAN or the encrypted data straight from the digital wallet, it's effectively useless since they don't have the proper keys to do anything with that data. I'm omitting a lot of details here, but you'll forgive me for not wanting this post to be 10,000 words long, so just now that's the gist. In recent years, the major card brands have teamed up to make a Click to Pay button that works similarly to Apple and Google Pay, but that is cross-platform and is not tied to a third party like Apple or Google, it's managed directly by your card issuer.
But anyway, unless you're using a digital wallet today, all the card data is stored with the payment provider. If the merchant has a data leak, there should be no issue since they never had your card number in the first place, but if the payment provider has a data leak, the attackers will have raw card data (number and expiration, but not CVV since the CVV is only stored long enough to send it to the processor before being deleted). Thankfully this very rarely happens, but it can theoretically happen (it's also why payment companies pay so much for security to make sure it never does).
Network tokens aim to make the sort of security that you get from Apple/Google Pay buttons and make that standard across the industry. We're in the middle of a transition period as we move to this system across the board, but it's quickly becoming widely adopted and the major card brands like Visa and Mastercard have signaled that they intend to remove the raw FPAN data entirely from the transaction flow by 2030, with earlier dates set across the world. As always, the US will likely be slower to adopt this, and places like Europe, Asia, and Latin America are ramping up quicker.
The ideal network token flow is very similar to what I described in the Apple and Google Pay section, but the gist is that while the customer will still key in/autofill their FPAN into a form on the web, ideally that form will keep the number in memory just long enough to see if they have a network token already on file for that card, and if not requesting one from the card brand, and then deleting the FPAN once they have the network token. When the transaction is submitted, a one-time-use cryptogram is generated that is unique to that merchant and that transaction, and is submitted to the processor with the token and all other payment data (amount, name, products, address, etc.). In the event a customer uses Click to Pay or Apple/Google Pay, they never even key in the FPAN, meaning a token is the only thing passed back and forth, which is even better.
To put this very simply, let's say your physical card has "4111111111111111" printed on it, and that's what you key into the checkout page. The network token for that will be something like "4482966703373579". That network token means nothing to you the customer, but your bank knows that number is associated with your "4111111111111111" account. However, it won't just accept any old payment request to the token value, it requires a highly secure cryptogram to be generated using a secret key associated with that merchant to actually run a payment.
The effect here on security is pretty clear and pretty good for everyone involved. The customer keys in or autofills their card number that they're familiar with and is what is shown on their physical card, the merchant never sees that number at all due to modern card collection technology, and the payment provider (gateway) tosses the FPAN as soon as it has a network token, meaning the only participants in the payment flow who retain the actual account number are the customer and the card issuer. This reduces the risk for everyone by making it so as few people as possible have actual account data.
The great thing here is that network tokens don't remove any of the other highly secure payment methods that already exist. Apple and Google Pay will continue to work just as they always have and card present EMV (tap and dip) keep using their existing security systems.
My job has me regularly talking with the card brands, and it's clear from our discussions that they are intent on getting the raw card data out of the transaction flow entirely. In fact, they're really pushing for people to use their Click to Pay button or Apple/Google/Shop/Samsung Pay buttons, and make customers keying in their actual card number into a website a thing of the past.
So there you go, 1,000 words on a detail of how payments are handled and how things are changing in the background in a way you likely would never have even noticed. I'm writing about this largely for my Apple-centric audience and in my ongoing fight against the "only Apple does this" mythology that I think has a tendency to build up as we tend to only pay attention to what Apple is doing in payments, assuming the rest of the industry is standing still. As I always say, Apple does amazing work in payments and they're worthy of praise for numerous innovations along the way, but they're not the only ones doing good work.
2025-07-31 08:08:13
I'm happy to announce Quick Reviews 2.0 is out now for the iPhone and iPad. Here's the highlights:
And yeah, that's it…I feel like there should be more, but this was a lot of effort on its own, and it makes the app better to use day-to-day, so I'd rather get this out now than wait for some arbitrary day when I have more. That's what the subscription model is for, right?
But yeah, the app largely does the same things as before and the business model stays the same as well. In case you didn't know, the app is completely free, but you pay to get Letterboxd sync and Magic Mode. Letterboxd sync lets you enter your Letterboxd username and the app will pull in your reviews automatically. Magic Mode pulls in metadata and posters for movies, TV shows, and video games so you don't have to find them yourself.
The new design starts with the review history view, which looks nicer than before, and has a grid view that I think looks really nice, especially on the iPad.
I've also added the ability to copy a review's text to the clipboard from the list without having to go into the review itself.
I already mentioned it, but I also added a simple system for customizing the text that copies to your clipboard. I've found some people like just the review text, others want the score or media title in there. It was impossible to make a one-size-fits-all solution, so now there's a page in settings where you can set it to be whatever you want.
The review styling has remained mostly the same, but is a bit streamlined and (in my opinion) easier to use.
Finally, and I know this doesn't matter to anyone besides me, but I've gotten better at developing iOS apps since January, and the app is definitely in a better state than it was before. I've broken my code apart better and it's much easier to work with now, which should pay dividends as I try to improve the app further in the future.
Download Quick Reviews from the App Store and I hope you enjoy it!
2025-07-31 00:45:22
If you're online at all, you've probably at least heard of the American Eagle controversy around Sydney Sweeney's ad campaign in which she talks about her "good jeans". It's an intentionally provocative campaign, but I don't know if American Eagle expected the "it’s literally giving Nazi propaganda" or "American Eagle supports eugenics" reactions. My opinion is that it's inadvertently "giving Nazi" but ignorance of Nazi propaganda does not give immunity from serious criticism for accidentally using that same message.
I wouldn't have talked about this since it's not really my typical arena on this blog, but I read Charlie Warzel's piece about it, and this bit landed with me:
The trajectory of all this is well rehearsed at this point. Progressive posters register their genuine outrage. Reactionaries respond in kind by cataloging that outrage and using it to portray their ideological opponents as hysterical, overreactive, and out of touch. Then savvy content creators glom on to the trending discourse and surf the algorithmic waves on TikTok, X, and every other platform. Yet another faction emerges: People who agree politically with those who are outraged about Sydney Sweeney but wish they would instead channel their anger toward actual Nazis. All the while, media outlets survey the landscape and attempt to round up these conversations into clickable content—search Google’s “News” tab for Sydney Sweeney, and you’ll get the gist.
And:
What can start out as a legitimate grievance becomes something else altogether—an internet event, an attention spectacle. This is not a process for sense-making; it is a process for making people feel upset at scale.
Once you notice this playbook, you start seeing it everywhere. For me, this really hit home in 2022's trial between Johnny Depp and Amber Heard…which for the record was a serious and depressing domestic violence trial…and the internet broke into factions, with content creators jumping on board because outrage at either party in that trial got views.
I don't have a good solution here, but I continue to think that staring at our phones for hours a day at "the attention economy" that is social media is not a net good for most of us. It's why I've taken a step back and severely limit my time there.
2025-07-30 19:31:37
Listen, I know there's a loud group of people who think the Avatar movies are dumb spectacles, but I think they're genuinely great films that tell touching, human stories that just hit different than most other films you'll see. I can't wait to see this new one and hope it lives up to the joy I felt from 2022's The Way of Water.
2025-07-28 21:30:00
Harry McCracken writing for Fast Company: iPadOS 26 Is Way More Mac-Like. Where Does That Lead?
However, as someone who’s used an iPad as my main computer for almost 14 years, I can’t join the chorus of unbridled enthusiasm for iPadOS 26’s embrace of Mac conventions such as floating, overlapping windows and a menu bar at the top of the screen. Apple may well be making the right decision to please the largest pool of people who want to get work done on its tablet. But it’s also moving decisively away from some of the philosophies that attracted me to the platform in the first place, and I’m trepidatious about where that might lead. (My Fast Company colleague Jesus Diaz expressed similar qualms right after the WWDC keynote.)
I linked to Diaz's article last month, and McCracken has similar anxieties about the iPad losing what made it distinct from the Mac. In that piece, I went through almost every new feature listed on the iPadOS 26 preview page on Apple's website and appended "just like the Mac" to each feature, because that's what this release is going to be. These features all undeniably make the iPad a more capable device, but I also feel like they're stripping away the things that justified it being a separate platform from macOS.
Take window management, for example. The iPad started by supporting one window at a time in full screen. 5 years into it's life, it got split screen, which was implemented in a limited, but very iPad-feeling way that embraced the touch UI and let you physically move apps next to each other to split the screen. macOS would get the same type of split screen shortly after, but that was all managed with the mouse and keyboard shortcuts, which was more aligned with the supported input methods of a Mac. With iPadOS 26, users are forced to make a strange choice: revert back to one window at all times or adopt the Mac-like windowing system, the iPad-native split screen is dead. By my count, this is how you open 2 apps side by side in iPadOS 26 using the standard UI:
The flow on iPadOS 18 was:
On the one hand, the old flow was a little tricky to discover if you didn't know it was possible, whereas the new flow might be more discoverable since window management all happens through these traffic light buttons, but man, it feels more mouse-centric than touch-native to me.
UPDATE: Thanks to reader Harry for pointing out that there is a gesture for doing this, although it's a different "flick" gesture where you toss windows left and right to make them fill half the space. Pretty undiscoverable and fiddly compared to what I'm used to on the iPad and other platforms, though. Good to know there's something there, at least.
What makes this all the more frustrating to me is that amazing, now the Mac has a more physical, intuitive way to make two apps split the screen: just drag them.
Anyway, the longer this beta goes on, the more I'm seeing a split in the iPad fan base around this release. People like my friend Christopher Lawley love the update and find it makes them look less lustfully after the Mac, which people like McCracken and Diaz are frustrated that it's a big step towards taking away what they loved about the iPad to begin with.
I'll say it again because I can't say it enough: I think there is a large contingent of iPad power users who really want a Mac with touch and more iPad-style hardware. I know that's what I want.
2025-07-27 21:00:10