@sohmageek That’s the truth. Although, admittedly I think Apple Pay unintentionally performs the same function as the catcha, but I don’t know that it can be botted (yet).
Everyone that has Apple Pay should also have a corresponding physical piece of plastic issued by the bank which is accepted almost anywhere so I don’t see any incentive for companies to spend money changing their systems to accept Apple Pay. Simply use your actual credit card.
@cengland0 There are a number of benefits to Apple Pay for consumers and retailers. The way the system is built it reduces fraud by making it very difficult (I refuse to say impossible) to steal credit card numbers.
When buying things at a POS where normally you’d have a card present transaction (and thus the possibility of skimming) it abstracts away the actual number- your “real” information is never actually transferred. Admittedly EMV addresses some of this (although EMV can be compromised as well).
When buying things online (where EMV can’t protect you) it actually dramatically increases security. Same as above, actual number isn’t transmitted, but now there is a 2FA element introduced. Users have to approve the transaction on a second “trusted” device (phone or watch).
For retailers, there is the benefit of reducing checkout friction. Customers don’t have to enter any card details or shipping information- they click the apple pay button, approve the transaction, and off you go. This is a big deal for conversion.
For older style systems (or badly designed systems) this also alleviates potential for breeches and aids in PCI compliance.
Speaking as person who previously worked in fintech producing super fancy cards I am acutely aware of the dangers of using plastic, even EMV.
Today I work in ecommerce, which also shapes my opinions.
Personally, I will always use Apple Pay when it is available.
@cengland0@hanzov69 so basically there’s no benefit for online retailers it’s just another annoying payment method they have to add to please a minority of the population? Got it
@cengland0 the benefits are mostly in the ease of use and security. If your card is compromised at a retailer that was a plastic a new plastic card must be issued. However with tokenization you don’t need a new plastic. The token is discarded and a new one is generated.
@cengland0@hanzov69@unksol there are benefits for the retailer is in the chargebacks also. Using biometrics adds a different level of verification. The only fraud I’ve personally heard of was when someone was able to compromise the plastic then sign up for Apple Pay.
There are a number of benefits to Apple Pay for consumers and retailers. The way the system is built it reduces fraud by making it very difficult (I refuse to say impossible) to steal credit card numbers.
That is no benefit to customers. Customers are not responsible for fraud that appears on the account. And if the merchant does their due-diligence when accepting the card such as verifying the shipping address with the bank, then the merchant doesn’t lose either. The bank generally eats the fraud.
reducing checkout friction
Seems to be doing the exact opposite because some customers are very rude about a merchant not accepting it and refusing to do business. The OP did not make a purchase and could be because Apple Pay was not accepted. Imagine if you had a whole shopping cart full of food and finding it out at the store at the point of checkout. There will be a lot of friction there especially to determine who will put all the food away.
Speaking as person who previously worked in fintech producing super fancy cards I am acutely aware of the dangers of using plastic, even EMV
Me too. Started in credit card industry in 1990 and continued into banking until I retired in 2017.
I will always use Apple Pay when it is available.
And that’s fine. Good for you. But there’s no need to get angry at a merchant because they don’t accept Apple Pay and going so far as to refuse to buy from them, that’s just silly.
the benefits are mostly in the ease of use and security. If your card is compromised at a retailer that was a plastic a new plastic card must be issued. However with tokenization you don’t need a new plastic. The token is discarded and a new one is generated.
And how does that benefit the merchant again?
If the bank reduced the credit card fee merchants have to pay when they accept major credit cards, that would be a benefit and would drive more merchants to accept that form of payment. Unfortunately, there’s an increased cost to accept Apple Pay in the form of new hardware and potential training of staff.
there are benefits for the retailer is in the chargebacks also. Using biometrics adds a different level of verification. The only fraud I’ve personally heard of was when someone was able to compromise the plastic then sign up for Apple Pay.
Not so sure you need to compromise the plastic. Just need a photo of someone’s credit card and print it out because you add the card to Apple Pay by taking a photo of your card. Much easier to do fraud that way because, for Apple Pay, you do not have to decode the mag stripe, create a physical piece of plastic, or recreate the microchip that’s in the card and needed to do local transactions. Just that photograph or photoshop of the credit card number and some social engineering.
so basically there’s no benefit for online retailers it’s just another annoying payment method they have to add to please a minority of the population? Got it
YES! That’s exactly how I see it.
I personally use Samsung Pay. The merchant does not need to change their system for it to be accepted. So far it works everywhere except for gas stations where you have to insert the card into the slot and then pull it back out. Wouldn’t work for places like Redbox either because your Redbox account is tied to your credit card number and you could be using a different number for each transaction.
There is a benefit to me using Samsung Pay. I get Samsung points every time I use it and can use those points to make purchases from Samsung or enter into drawings for prizes.
Wonder what all those Apple Pay fanboys do at gas stations and Redbox. Wonder if they are boycotting them too. Do they go downtown 10 miles out of their way to pay 10 cents extra for gas because of that one station that setup to take Apple Pay?
That is no benefit to customers. Customers are not responsible for fraud that appears on the account.
It is very much a benefit. Not being liable for fraudulent transactions doesn’t make dealing with the after-effects any less inconvenient.
reducing checkout friction
Seems to be doing the exact opposite because some customers are very rude about a merchant not accepting it and refusing to do business. The OP did not make a purchase and could be because Apple Pay was not accepted.
/sigh. My comment about reducing checkout friction was very much in the context of an ecommerce scenario, so your cart of groceries hypothetical is irrelevant. Also, OP never said anything about not making a purchase.
I will always use Apple Pay when it is available.
And that’s fine. Good for you. But there’s no need to get angry at a merchant because they don’t accept Apple Pay and going so far as to refuse to buy from them, that’s just silly.
I never suggested I was angry at anyone or that I would refuse to buy from them. I simply said that when it’s available, it’s the payment method I will use.
Unfortunately, there’s an increased cost to accept Apple Pay in the form of new hardware and potential training of staff.
Meh, that’s not quite as steep as you might think. Contactless payment terminals saw a big push with the EMV Liability Shift. Adoption is slowed a bit owing more to POS system software than hardware.
Just that photograph or photoshop of the credit card number and some social engineering.
Bad news it’s even easier than that. When doing apple pay enrollment, if OCR fails, users can just key in their details, not even an image of the card is needed. BUT card issuers define their own onboarding process (which is part of why not all cards can be added to ApplePay).
Most have added a second form of authentication for enrollment, usually in the form of a text code.
Which is a step in the right direction, but as we know from recent simjacking attacks that’s relatively weak protection.
I personally use Samsung Pay. The merchant does not need to change their system for it to be accepted.
What you’re referring to is their MST system, something I know a bit about. In the absence of a contactless/NFC payment terminal, it tricks the reader in to believing a card was swiped.
Good news is this basically totally removed the adoption barrier, bad news is that this exactly as secure as swiping your credit card (as in, it’s not secure at all).
This also ends up being a corner-case. With the Liability Shift, merchants accepting swipe transactions are on the hook for fraud (excluding AFD/pay-at-pump). When EMV is present on your account, most POS systems will re-route users attempting a swipe to insert card. Fortunately, most EMV readers are also NFC enabled, so Samsung users never run in to this.
So, upshot is Samsung Pay is exponentially more flexible. Downside it’s exponentially less secure. Not knocking Samsung Pay (or it’s users), just pointing out that it’s not quite a (heh) Apples-to-Apples comparison.
Wonder what all those Apple Pay fanboys do at gas stations and Redbox. Wonder if they are boycotting them too.
Honestly, the only person who has raised this whole “boycotting” “refusing to do business” etc nonsense is you.
Personally, I would consider myself an Apple Pay “fanboy”. Simply because I understand, at a technical level, it is a more secure system; which is important to me. But I will also say that I don’t make purchasing decisions based on ApplePay acceptance any more than I make purchasing decisions based on AmEx acceptance.
OP never said anything about not making a purchase.
True but I did my research and noticed OP did not make a purchase on this site. It is reasonable to believe that’s because Meh does not accept Apple Pay, the main complain of this thread. Why else would he have gone through a whole checkout process and noticed Apple Pay was not accepted.
Contactless payment terminals saw a big push with the EMV Liability Shift.
The EMV Liability shift is regarding using the chip instead of the mag stripe. Nothing to do with Contactless payment transactions. Use the Mag stripe, merchant can be liable. Soon if you use your chip and pin and there’s fraud, customer will be liable. The bank wins in both situations. Lucky nobody requires you to use your pin yet but that’s coming soon.
Most have added a second form of authentication for enrollment, usually in the form of a text code.
And that’s where I mentioned the social engineering aspect. It’s not difficult to get a customer service agent to change the phone number if you can pass the easy phone verification questions. Easily intercepting the latest credit card statement from someone’s mailbox is a treasure trove of information to help you commit fraud regardless if that customer uses Apple Pay or not. The customer may only use Apple Pay and still be a victim of fraud due to methods outside of Apple Pay.
What you’re referring to is their MST system, something I know a bit about. In the absence of a contactless/NFC payment terminal, it tricks the reader in to believing a card was swiped. Good news is this basically totally removed the adoption barrier, bad news is that this exactly as secure as swiping your credit card (as in, it’s not secure at all).
Not true. When using MST, it doesn’t send my real credit card information, it sends a proxy number. If that number is misused by the merchant, there’s no need to send a replacement card to the customer. That proxy number would be discontinued and a new number proxy established for the next purchase. The number on the plastic can remain the same.
With the Liability Shift, merchants accepting swipe transactions are on the hook for fraud
And that’s exactly why part of their procedure is to verify the last 4 digits. It’s so easy to commit fraud so this is a very minor concern. All you need to do is steal someone’s credit card and make purchases using the chip all over town. You don’t even need their PIN to complete the transaction and no merchants ask for identification.
So, upshot is Samsung Pay is exponentially more flexible. Downside it’s exponentially less secure.
That’s your opinion and I’m not concerned about security of Samsung Pay. I know I’m not responsible for fraud and even with gross negligence such as not reporting charges I didn’t recognize or not reporting a lost or stolen card for months, your maximum liability is $50 according to the RICA.
Simply because I understand, at a technical level, it is a more secure system; which is important to me
I understand it too and security is a low priority for me. Convenience and acceptance everywhere is more important.
based on ApplePay acceptance any more than I make purchasing decisions based on AmEx acceptance.
Oh dear lord, don’t get me started on Amex. If I were a large merchant, I would accept Amex either. I’ll leave that opinion for another day. I can see I’ve already made you angry and that was not my intention.
@cengland0@hanzov69 Interesting article here. You touted the advantage of using Samsung Pay because merchants do not have to change their system due to the MST capabilities. Apparently Apple Pay defaults to MST (or MSD as they call it here) when there is no contactless/NFC system. So, other than Samsung rewarding you (which Apple will be doing with their card), it appears there is very little difference between the two. https://www.freecodecamp.org/news/how-apple-pay-works-under-the-hood-8c3978238324/
@cinoclav MST and MSD describe two different things, I think you’re misunderstanding what they are describing.
MST is a Samsung* proprietary hardware interface that actually tricks the magnetic pick up heads on a swipe card reader in to thinking it’s reading a track off a swiped card, which is pretty cool tech. My previous employer uses something similar (although Samsung legal would/has argued is sufficiently different).
MSD is protocol, not hardware. In the article you linked, what it is describing is how Apple Pay handles NFC/Contactless systems that don’t support EMV communications.
It’s boring and pretty technically dense, but a big thing about EMV is there is a some bi-directional information passed between chip and payment terminal, which increments (and I’m oversimplifying) a counter on the chip, which is then recorded. If a transaction were to occur and this counter isn’t at a value that the terminal/processor expects (indicating that it may be a clone), the transaction fails.
So basically, MSD is for systems that can’t do the EMV encounter, so it instead sends the data present on Track 2 in a mag swipe.
That’s the edge of the Samsung system, it works on all terminals (where it is capable of influencing the magnetic read head). Apple will only work on NFC/Contactless, but it will work on older Pre-EMV readers.
So, other than Samsung rewarding you (which Apple will be doing with their card), it appears there is very little difference between the two.
Actually, the issuing bank for my credit card still gives me cash back regardless if I use Samsung Pay or not. Using Samsung Pay ALSO gives me additional benefits. I do not have to get a special Samsung credit card to get cash back benefits.
@hanzov69 That rewards depend on the credit card you have linked with Samsung Pay. You could get miles, cash back, or other features like extended warranties and buyer protection. It’s whatever you can negotiate with your card issuer. Nothing to do with Samsung Pay. You get the Samsung Pay points regardless what card you use but you’re sort of limited to using the Samsung points for Samsung merch or giveaway contests.
Samsung pay comes in handy when I go places like the gym where I purposely don’t bring my wallet because there’s a lot of thefts at gyms. Sometimes Mrs. cengland0 wants to go to a store next to the gym while we wait our turn to play racquetball. Only option at that point is Samsung Pay because I don’t have my physical plastic with me.
@cengland0 Oh, I just meant as a way of enticing users to elect to use Samsung Pay (as opposed to Google Pay or just traditional transaction).
When Apple Pay/et al hit the scene, we spent time figuring out what impact it may have on our own strategies with respect to customer adoption/enticement. Samsungs system allowing you to get the rewards you normally would, but hey, if you pay this way (Samsung Pay) you will also get these points.
@thismyusername Same. It should be interesting to see what the industry does in response- if adoption is high it could make for some interesting rate/program adjustments.
@hanzov69@thismyusername people have done programmable credit cards before. They never catch on. “oh but this is apple”. Personally I prefer peach or pear
@thismyusername It’s the exact same thing as all other credit cards. It’s issued by Goldman Sachs MasterCard. Just Apple will be getting part of the merchant fees instead of some other bank getting all the fees.
The fees are charged to the merchant. Part of it goes to MasterCard, then the issuing bank usually gets the rest. In the case of Apple, they have a “deal” with Goldman Sachs so they will probably split the fees.
You can get better deals out there. This one is high interest. Direct from their website:
13.24% to 24.24% based on creditworthiness.
Go to your local credit union and get a card from them if you plan on making payments. If you plan on paying in full each month, doesn’t really matter then.
@cengland0@thismyusername The one simple advantage it has is that there are no numbers actually printed on the card. It does have a magnetic stripe and a chip. A lot of fraud is initiated by the simple copying of those numbers. The average thief doesn’t have a card reader so the Apple Card helps in this aspect.
The one simple advantage it has is that there are no numbers actually printed on the card.
Then that’s really going to be hard to make an online purchase with it.
You may also not use it in places that you still have to swipe. Sometimes the merchant needs to enter the last 4 digits of the card into their system and that will not be printed on the card.
@cengland0 If you use Safari when shopping online it will autofill the numbers for you. If there are any merchants still using equipment old enough to ask your last 4 digits, it’s time for them to upgrade. That’s completely antiquated and unnecessary. I’m not speaking in favor of Apple Card, I honestly don’t give a shit about it. Just mentioning some simple facts. I helped start the fraud department for a very large ecommerce company so I’m reasonably in touch with the different aspects of it.
You mean an apple-specific browser? Imagine that. No, I don’t use Safari even when using my mac.
If there are any merchants still using equipment old enough to ask your last 4 digits, it’s time for them to upgrade.
Actually, those are the smart systems that ask for the last 4 digits. It’s when you swipe a card versus using the chip. If you don’t ask for the last 4 digits, it’s possible someone reprogrammed the mag stripe with someone else’s information. Simply asking for those last 4 makes it harder to do that. To commit fraud, It is much easier for me to buy a reader/writer from China to read someone’s mag strip than it is for me to reproduce their plastic. Those last 4 is the best protection against that kind of fraud. The CVV/CVC code is also good to use as another layer of protection.
Yes, there are still merchants that have not upgraded to use the chip. Most gas stations are that way and even received a time extension to do so. All the Redbox machines in my area are still swipe machines.
I personally accept credit cards using square and have not upgraded to the chip version of the reader. There’s no reason for me to make that upgrade investment for the few things that I sell each year. I’ll only consider upgrading when swiping and entering the card # manually is no longer allowed. Unless you want to pay for a new machine for me?
It’s the exact same thing as all other credit cards.
At Apple, we firmly believe in your right to privacy. That’s why we created a unique architecture for Apple Card that generates things like your transaction history and spending summaries right in the Wallet app on your iPhone.
Of course, Goldman Sachs will use your data to operate Apple Card. But they will never share or sell your data to third parties for marketing or advertising.
How many people use Apple Pay these days, and is it enough to where it’d be worth it for Mediocre to add support for it?
Remember also the matter of Mediocre’s demographics. MorningSave, the company’s apparent cash cow, is frequented by people who still try to pay by check or over the phone, and who get so stymied by having more than one option for signing up that it significantly cuts into their registration rates. If Apple Pay is still largely the domain of tech-savvy geeks then adding another payment option might reduce the number of these people checking out just because it’s another option that exists.
On the other hand, something about MorningSave was such that Mediocre made iOS and Android apps for the site despite it already being mobile-friendly, so there must be some significant number of app-using shoppers that they’re capturing thusly. If there’s that many of their customers who are obviously already in Apple’s ecosystem then the chance of them having Apple Pay ready to go increases slightly. I assume Mediocre collects and analyzes usage data like this and can get a better idea (vs. my endless speculation) of what their customers actually use.
@lljk There is some pretty good data on adoption rates at the end of the year here
At my place of employment, we continue to evaluate incorporating Apple Pay at check-out, but for the time being it’s not a priority when balanced against other things.
/giphy spam
I feel ya. I was going to use my two-party out-of-state check and those assholes wouldn’t take it!
@therealjrn not funny Apple Pay is my preferred method of payment for everything… its secure and easy!
@sohmageek No, you must be mistaken. That was a hilarious comment.
I only joined to try and get rid of my dogecoin. Fuckers won’t take that either.
To be fair, Apple Pay isn’t a currency* it’s more of a payment system that abstracts your real accounts.
But you can’t save Apple Pay, so if you think you hate catcha when chasing an IRK, wait until you add authing the purchase on your device.
@hanzov69 The auth for apple pay is faster and would secure us much better than the captcha system they currently use…
Greetings, new robot friend. In time you will come to accept your robotic ways.
@hanzov69 @sohmageek
if some of us would stoop so low as to own an iPhone.
Hell, some of us can’t even figure out to use a flip phone
/
you know who you are
@Cerridwyn Yeah, I know who I am. Thanks.
@Barney
/
@sohmageek That’s the truth. Although, admittedly I think Apple Pay unintentionally performs the same function as the catcha, but I don’t know that it can be botted (yet).
@Cerridwyn Aww…
But they take PayPal right?
@Ignorant PayPal accepted only for foreign shipments to other countries like Korea.
@cengland0 @Ignorant What about foreign shipments to this country?
Everyone that has Apple Pay should also have a corresponding physical piece of plastic issued by the bank which is accepted almost anywhere so I don’t see any incentive for companies to spend money changing their systems to accept Apple Pay. Simply use your actual credit card.
@cengland0 all the cool kids don’t want to put their phone down and dig out the actual credit card.
@cengland0 There are a number of benefits to Apple Pay for consumers and retailers. The way the system is built it reduces fraud by making it very difficult (I refuse to say impossible) to steal credit card numbers.
When buying things at a POS where normally you’d have a card present transaction (and thus the possibility of skimming) it abstracts away the actual number- your “real” information is never actually transferred. Admittedly EMV addresses some of this (although EMV can be compromised as well).
When buying things online (where EMV can’t protect you) it actually dramatically increases security. Same as above, actual number isn’t transmitted, but now there is a 2FA element introduced. Users have to approve the transaction on a second “trusted” device (phone or watch).
For retailers, there is the benefit of reducing checkout friction. Customers don’t have to enter any card details or shipping information- they click the apple pay button, approve the transaction, and off you go. This is a big deal for conversion.
For older style systems (or badly designed systems) this also alleviates potential for breeches and aids in PCI compliance.
Speaking as person who previously worked in fintech producing super fancy cards I am acutely aware of the dangers of using plastic, even EMV.
Today I work in ecommerce, which also shapes my opinions.
Personally, I will always use Apple Pay when it is available.
@cengland0 @hanzov69 so basically there’s no benefit for online retailers it’s just another annoying payment method they have to add to please a minority of the population? Got it
@cengland0 the benefits are mostly in the ease of use and security. If your card is compromised at a retailer that was a plastic a new plastic card must be issued. However with tokenization you don’t need a new plastic. The token is discarded and a new one is generated.
@cengland0 @hanzov69 @unksol there are benefits for the retailer is in the chargebacks also. Using biometrics adds a different level of verification. The only fraud I’ve personally heard of was when someone was able to compromise the plastic then sign up for Apple Pay.
@hanzov69
That is no benefit to customers. Customers are not responsible for fraud that appears on the account. And if the merchant does their due-diligence when accepting the card such as verifying the shipping address with the bank, then the merchant doesn’t lose either. The bank generally eats the fraud.
Seems to be doing the exact opposite because some customers are very rude about a merchant not accepting it and refusing to do business. The OP did not make a purchase and could be because Apple Pay was not accepted. Imagine if you had a whole shopping cart full of food and finding it out at the store at the point of checkout. There will be a lot of friction there especially to determine who will put all the food away.
Me too. Started in credit card industry in 1990 and continued into banking until I retired in 2017.
And that’s fine. Good for you. But there’s no need to get angry at a merchant because they don’t accept Apple Pay and going so far as to refuse to buy from them, that’s just silly.
@sohmageek
And how does that benefit the merchant again?
If the bank reduced the credit card fee merchants have to pay when they accept major credit cards, that would be a benefit and would drive more merchants to accept that form of payment. Unfortunately, there’s an increased cost to accept Apple Pay in the form of new hardware and potential training of staff.
@sohmageek
Not so sure you need to compromise the plastic. Just need a photo of someone’s credit card and print it out because you add the card to Apple Pay by taking a photo of your card. Much easier to do fraud that way because, for Apple Pay, you do not have to decode the mag stripe, create a physical piece of plastic, or recreate the microchip that’s in the card and needed to do local transactions. Just that photograph or photoshop of the credit card number and some social engineering.
@unksol
YES! That’s exactly how I see it.
I personally use Samsung Pay. The merchant does not need to change their system for it to be accepted. So far it works everywhere except for gas stations where you have to insert the card into the slot and then pull it back out. Wouldn’t work for places like Redbox either because your Redbox account is tied to your credit card number and you could be using a different number for each transaction.
There is a benefit to me using Samsung Pay. I get Samsung points every time I use it and can use those points to make purchases from Samsung or enter into drawings for prizes.
Wonder what all those Apple Pay fanboys do at gas stations and Redbox. Wonder if they are boycotting them too. Do they go downtown 10 miles out of their way to pay 10 cents extra for gas because of that one station that setup to take Apple Pay?
@cengland0
It is very much a benefit. Not being liable for fraudulent transactions doesn’t make dealing with the after-effects any less inconvenient.
/sigh. My comment about reducing checkout friction was very much in the context of an ecommerce scenario, so your cart of groceries hypothetical is irrelevant. Also, OP never said anything about not making a purchase.
I never suggested I was angry at anyone or that I would refuse to buy from them. I simply said that when it’s available, it’s the payment method I will use.
Meh, that’s not quite as steep as you might think. Contactless payment terminals saw a big push with the EMV Liability Shift. Adoption is slowed a bit owing more to POS system software than hardware.
Bad news it’s even easier than that. When doing apple pay enrollment, if OCR fails, users can just key in their details, not even an image of the card is needed. BUT card issuers define their own onboarding process (which is part of why not all cards can be added to ApplePay).
Most have added a second form of authentication for enrollment, usually in the form of a text code.
Which is a step in the right direction, but as we know from recent simjacking attacks that’s relatively weak protection.
What you’re referring to is their MST system, something I know a bit about. In the absence of a contactless/NFC payment terminal, it tricks the reader in to believing a card was swiped.
Good news is this basically totally removed the adoption barrier, bad news is that this exactly as secure as swiping your credit card (as in, it’s not secure at all).
This also ends up being a corner-case. With the Liability Shift, merchants accepting swipe transactions are on the hook for fraud (excluding AFD/pay-at-pump). When EMV is present on your account, most POS systems will re-route users attempting a swipe to insert card. Fortunately, most EMV readers are also NFC enabled, so Samsung users never run in to this.
So, upshot is Samsung Pay is exponentially more flexible. Downside it’s exponentially less secure. Not knocking Samsung Pay (or it’s users), just pointing out that it’s not quite a (heh) Apples-to-Apples comparison.
Honestly, the only person who has raised this whole “boycotting” “refusing to do business” etc nonsense is you.
Personally, I would consider myself an Apple Pay “fanboy”. Simply because I understand, at a technical level, it is a more secure system; which is important to me. But I will also say that I don’t make purchasing decisions based on ApplePay acceptance any more than I make purchasing decisions based on AmEx acceptance.
@hanzov69
True but I did my research and noticed OP did not make a purchase on this site. It is reasonable to believe that’s because Meh does not accept Apple Pay, the main complain of this thread. Why else would he have gone through a whole checkout process and noticed Apple Pay was not accepted.
The EMV Liability shift is regarding using the chip instead of the mag stripe. Nothing to do with Contactless payment transactions. Use the Mag stripe, merchant can be liable. Soon if you use your chip and pin and there’s fraud, customer will be liable. The bank wins in both situations. Lucky nobody requires you to use your pin yet but that’s coming soon.
And that’s where I mentioned the social engineering aspect. It’s not difficult to get a customer service agent to change the phone number if you can pass the easy phone verification questions. Easily intercepting the latest credit card statement from someone’s mailbox is a treasure trove of information to help you commit fraud regardless if that customer uses Apple Pay or not. The customer may only use Apple Pay and still be a victim of fraud due to methods outside of Apple Pay.
Not true. When using MST, it doesn’t send my real credit card information, it sends a proxy number. If that number is misused by the merchant, there’s no need to send a replacement card to the customer. That proxy number would be discontinued and a new number proxy established for the next purchase. The number on the plastic can remain the same.
And that’s exactly why part of their procedure is to verify the last 4 digits. It’s so easy to commit fraud so this is a very minor concern. All you need to do is steal someone’s credit card and make purchases using the chip all over town. You don’t even need their PIN to complete the transaction and no merchants ask for identification.
That’s your opinion and I’m not concerned about security of Samsung Pay. I know I’m not responsible for fraud and even with gross negligence such as not reporting charges I didn’t recognize or not reporting a lost or stolen card for months, your maximum liability is $50 according to the RICA.
I understand it too and security is a low priority for me. Convenience and acceptance everywhere is more important.
Oh dear lord, don’t get me started on Amex. If I were a large merchant, I would accept Amex either. I’ll leave that opinion for another day. I can see I’ve already made you angry and that was not my intention.
@cengland0 @hanzov69 Interesting article here. You touted the advantage of using Samsung Pay because merchants do not have to change their system due to the MST capabilities. Apparently Apple Pay defaults to MST (or MSD as they call it here) when there is no contactless/NFC system. So, other than Samsung rewarding you (which Apple will be doing with their card), it appears there is very little difference between the two.
https://www.freecodecamp.org/news/how-apple-pay-works-under-the-hood-8c3978238324/
@cinoclav MST and MSD describe two different things, I think you’re misunderstanding what they are describing.
MST is a Samsung* proprietary hardware interface that actually tricks the magnetic pick up heads on a swipe card reader in to thinking it’s reading a track off a swiped card, which is pretty cool tech. My previous employer uses something similar (although Samsung legal would/has argued is sufficiently different).
MSD is protocol, not hardware. In the article you linked, what it is describing is how Apple Pay handles NFC/Contactless systems that don’t support EMV communications.
It’s boring and pretty technically dense, but a big thing about EMV is there is a some bi-directional information passed between chip and payment terminal, which increments (and I’m oversimplifying) a counter on the chip, which is then recorded. If a transaction were to occur and this counter isn’t at a value that the terminal/processor expects (indicating that it may be a clone), the transaction fails.
So basically, MSD is for systems that can’t do the EMV encounter, so it instead sends the data present on Track 2 in a mag swipe.
That’s the edge of the Samsung system, it works on all terminals (where it is capable of influencing the magnetic read head). Apple will only work on NFC/Contactless, but it will work on older Pre-EMV readers.
@cinoclav
Actually, the issuing bank for my credit card still gives me cash back regardless if I use Samsung Pay or not. Using Samsung Pay ALSO gives me additional benefits. I do not have to get a special Samsung credit card to get cash back benefits.
@cengland0 I think that’s a pretty nice enticement strategy, allow customers to “double up” on rewards.
@hanzov69 That rewards depend on the credit card you have linked with Samsung Pay. You could get miles, cash back, or other features like extended warranties and buyer protection. It’s whatever you can negotiate with your card issuer. Nothing to do with Samsung Pay. You get the Samsung Pay points regardless what card you use but you’re sort of limited to using the Samsung points for Samsung merch or giveaway contests.
Samsung pay comes in handy when I go places like the gym where I purposely don’t bring my wallet because there’s a lot of thefts at gyms. Sometimes Mrs. cengland0 wants to go to a store next to the gym while we wait our turn to play racquetball. Only option at that point is Samsung Pay because I don’t have my physical plastic with me.
@cengland0 Oh, I just meant as a way of enticing users to elect to use Samsung Pay (as opposed to Google Pay or just traditional transaction).
When Apple Pay/et al hit the scene, we spent time figuring out what impact it may have on our own strategies with respect to customer adoption/enticement. Samsungs system allowing you to get the rewards you normally would, but hey, if you pay this way (Samsung Pay) you will also get these points.
I have no idea what this spam was for but the apple pay I am interested in is this new privacy focused credit card they mentioned a bit back…
https://www.apple.com/apple-card/
@thismyusername Same. It should be interesting to see what the industry does in response- if adoption is high it could make for some interesting rate/program adjustments.
@hanzov69 @thismyusername people have done programmable credit cards before. They never catch on. “oh but this is apple”. Personally I prefer peach or pear
@thismyusername It’s the exact same thing as all other credit cards. It’s issued by Goldman Sachs MasterCard. Just Apple will be getting part of the merchant fees instead of some other bank getting all the fees.
The fees are charged to the merchant. Part of it goes to MasterCard, then the issuing bank usually gets the rest. In the case of Apple, they have a “deal” with Goldman Sachs so they will probably split the fees.
You can get better deals out there. This one is high interest. Direct from their website:
Go to your local credit union and get a card from them if you plan on making payments. If you plan on paying in full each month, doesn’t really matter then.
@cengland0 @thismyusername The one simple advantage it has is that there are no numbers actually printed on the card. It does have a magnetic stripe and a chip. A lot of fraud is initiated by the simple copying of those numbers. The average thief doesn’t have a card reader so the Apple Card helps in this aspect.
@cinoclav
Then that’s really going to be hard to make an online purchase with it.
You may also not use it in places that you still have to swipe. Sometimes the merchant needs to enter the last 4 digits of the card into their system and that will not be printed on the card.
@cengland0 If you use Safari when shopping online it will autofill the numbers for you. If there are any merchants still using equipment old enough to ask your last 4 digits, it’s time for them to upgrade. That’s completely antiquated and unnecessary. I’m not speaking in favor of Apple Card, I honestly don’t give a shit about it. Just mentioning some simple facts. I helped start the fraud department for a very large ecommerce company so I’m reasonably in touch with the different aspects of it.
@cinoclav
You mean an apple-specific browser? Imagine that. No, I don’t use Safari even when using my mac.
Actually, those are the smart systems that ask for the last 4 digits. It’s when you swipe a card versus using the chip. If you don’t ask for the last 4 digits, it’s possible someone reprogrammed the mag stripe with someone else’s information. Simply asking for those last 4 makes it harder to do that. To commit fraud, It is much easier for me to buy a reader/writer from China to read someone’s mag strip than it is for me to reproduce their plastic. Those last 4 is the best protection against that kind of fraud. The CVV/CVC code is also good to use as another layer of protection.
Yes, there are still merchants that have not upgraded to use the chip. Most gas stations are that way and even received a time extension to do so. All the Redbox machines in my area are still swipe machines.
I personally accept credit cards using square and have not upgraded to the chip version of the reader. There’s no reason for me to make that upgrade investment for the few things that I sell each year. I’ll only consider upgrading when swiping and entering the card # manually is no longer allowed. Unless you want to pay for a new machine for me?
@cengland0 @cinoclav Physical card frauds often print the card number on the plastic anyways, so that’s kind of moot.
As for the last four, in the event that happens, the Wallet App on your phone also presents the card number.
@cengland0
At Apple, we firmly believe in your right to privacy. That’s why we created a unique architecture for Apple Card that generates things like your transaction history and spending summaries right in the Wallet app on your iPhone.
Of course, Goldman Sachs will use your data to operate Apple Card. But they will never share or sell your data to third parties for marketing or advertising.
https://www.apple.com/apple-card/privacy-security/
that is the part that is different…
I think you will find that this is the only card that Goldman Sachs has ever had.
How many people use Apple Pay these days, and is it enough to where it’d be worth it for Mediocre to add support for it?
Remember also the matter of Mediocre’s demographics. MorningSave, the company’s apparent cash cow, is frequented by people who still try to pay by check or over the phone, and who get so stymied by having more than one option for signing up that it significantly cuts into their registration rates. If Apple Pay is still largely the domain of tech-savvy geeks then adding another payment option might reduce the number of these people checking out just because it’s another option that exists.
On the other hand, something about MorningSave was such that Mediocre made iOS and Android apps for the site despite it already being mobile-friendly, so there must be some significant number of app-using shoppers that they’re capturing thusly. If there’s that many of their customers who are obviously already in Apple’s ecosystem then the chance of them having Apple Pay ready to go increases slightly. I assume Mediocre collects and analyzes usage data like this and can get a better idea (vs. my endless speculation) of what their customers actually use.
@lljk There is some pretty good data on adoption rates at the end of the year here
At my place of employment, we continue to evaluate incorporating Apple Pay at check-out, but for the time being it’s not a priority when balanced against other things.
Lots of great info on tech in this thread. Thank you all.
Today I learned that Apple Pay is a religion.
@blaineg No wonder I hate it so much, oh wait, no that’s Apple in general LOL