Apple Launches New Consumer-Friendly Privacy Site

[b0fh666]

Is Apple Pay really that secure, though?

There's one thing that has bothered me for a while and I cannot get an answer on Apple's discussion forums. There is at least one merchant where my paper receipt contains the last 4 digits of my ACTUAL credit card, even though I use contactless pay. This happens regardless of whether I use my iPhone or my Apple Watch to pay, and regardless of which credit card I use. Everywhere else, the last 4 digits will be that of the device account number as it should be. At this particular merchant, payments show up on my credit card bill as having been paid using the contactless method (as they should). But the paper receipt I get baffles me.

What does it mean that the last 4 digits of my ACTUAL credit card are always printed on the receipts from this merchant? Are they receiving my actual credit card number when I use Apple Pay? They shouldn't be, and it bothers me to no end only because it means Apple Pay may not be as secure as Apple claims.

safer than using the card itself.

dont worry about the tail of the PAN on the receipt, its supposed to be like that for traceability.

 

[Naraxus]

There are really people out there saying with a straight face that Apple should have made "DuckDuckGo" the primary search engine for Siri?

If Apple valued privacy as much as they claim to, then yes

 

[ramallite]

Apply Pay uses the EMV tokenisation scheme to instigate transactions over NFC. This definitely does not send your card number from your device. Once the transaction is under way, the payment processor (Verifone, WorldPay, whatever) negotiates in real time with your bank using a payment reference. It is common practice that when a payment processor conducts a transaction, the last four digits of the actual card account being used are returned to the terminal equipment as a descriptive field. For instance, I operate a payment website for our company where we never see a card number - we delegate that completely to Verifone. As part of the transaction, however, our website receives a notification from Verifone of the last four card digits of the card that was used. We don't use this, but it's easy to see how this could be useful when printing a receipt from a card terminal.

Thanks - that makes more sense. I'm still slightly confused why this happens only at this restaurant (a Subway) but no other place where I use the same card (everywhere else, the last 4 digits on the receipt are the device ID number not my actual CC number). But it makes sense that this may depend on the payment processor (Verifone, WorldPay) which can vary depending on location. Thanks!

 

[Tech198]

That does look better