I use AP at Walgreens all the time. They now have a $50 limit on not requiring a signature. Over $50 you must sign the display.. I thought (hoped) the touch ID would over ride signature requirements.
TouchID is neither a signature nor a
card PIN replacement.
It is a convenient shortcut for the
phone unlock PIN.
EDIT: someone else already answered this. Over $50 still requires a signature. I find this ridiculous when I was already verified with my fingerprint.
The fingerprint sensor hasn't verified anything, except that it matched the last person with access to the phone and its unlock PIN, who registered a finger.
I agree. It defeats the purpose of the finger print. Especially since you can pretty much scribble anything you want on those things and it doesn't matter. If this system is suppose to be super secure, I should be able to buy everything from a burrito to a new Macbook Pro with Apple Pay and Apple Pay alone.
If they wanted to be super secure, they'd ask for photo id... as well as an instant photo of the purchaser that could be stored to prove a match
But that's not their goal. The goal is speedy checkouts, which encourage more buying, and that's how everyone makes money.
Moreover, if it was totally secure and payment was assured, then there'd be no need for banks to charge fees. But again, such perfection is definitely not their purpose in life. The CC companies exist
to charge for mitigating the risk of payment.
And actually you were much more accurately verified with the fingerprint since I doubt they compare the signature you enter with a signature on file or anything like that. And if they did compare it to something, you could copy the signature on the card if you were a thief anyway.
You were not verified with a fingerprint that was stored on the phone, because the merchant... just as with your signature example... did not compare the fingerprint to your actual finger.
There is a coming standard for fingerprint authentication for EMV payments, but it would require the fingerprint to be taken at a bank and stored with your other account info at the bank. Any print authentication would be compared to the data on file. That's the only way to be sure the finger on the device sensor at the time of purchase is really yours.
Do you see the difference? An on-device fingerprint can be changed by anyone who steals your phone and knows your PIN, ergo it is only as secure as your device PIN. That's why Google Wallet and the Apple Watch only need a device PIN to activate the purchase app.
TouchID is more about making spending convenient, while making the
user feel more secure.