Re: MiM attack
Well Apple instructs vendors not to re-use cryptograms, but if some are then Apple should alter the software to check for that and refuse to process a transaction that re-uses a cryptogram. Also warn vendors that they'll do internal checks to see if they re-use cryptograms and disable any who aren't compliant after date X, just to be sure.
It should be on the vendor, but to the extent Apple can protect stupid vendors from themselves, they should. If for no other reason to avoid headlines like this article's.
Biting the hand that feeds IT
