There is probably a system where the card makes two small charges to your card and you log in and report the amounts. Apple said that enrollment required some sort of verification from the banks, but they didn't specify EXACTLY what that entails.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Banks Confident in Apple Pay Security, Assume Liability for Fraudulent Purchases
- Thread starter MacRumors
- Start date
- Sort by reaction score
There is probably a system where the card makes two small charges to your card and you log in and report the amounts. Apple said that enrollment required some sort of verification from the banks, but they didn't specify EXACTLY what that entails.
As NorEaster notes, they've been doing this for a long time now. Several times Chase has called me to confirm/deny an odd charge, absolving me of a few hundred dollars in fraudulent charges and sending me a new card. IIRC, they may have even just canceled/covered a charge and sent me new card without even contacting me. Legally my liability is up to $50, but Chase never made me eat it - it's _very_ important to them to maintain customer satisfaction, and they've sure gotten enough from me in interest to more than cover the costs.
ETA: ah, now I remember! Some 13 years ago, Chase called and said "your card # was likely stolen from a gas station data heist, we've already cancelled it and a new card is on its way."
Even when I was on vacation and was _relying_ on the card (different incident), no way the new one would show up in time at the right place, they just said "go to the nearest Chase bank" where I was handed a new temporary card. Went from surprised to solved in about 45 minutes.
Last edited:
Your math needs work. It's not 15 cents but rather 15% of a penny. They could still rack up some cash with this but nothing like what you're suggesting.
Edit: I realized you were quoting there. But please ensure you don't pass on bad info.
Mmm, nope. It's right as-is. 0.15% of a $100 purchase is 15 cents--exactly as it says.
Apparently, I have been staring a screen too long today and read that as $1.00. Thanks.
It's not so easy to steal a phone as it used to be.
To enroll a card, you'll need to have an iTunes account. Probably you won't be able to easily enroll cards that have a different billing address than your account. If the phone is already linked to a different person's iTunes account, you'll need to know that person's iTunes account info. And if the phone is locked, you'll need that person's fingerprint also.
I thought the banks are assuming responsibility for swiped cards now; the merchants have to switch to chip and pin because in the future merchants will be responsible with swipe cards, and the banks with chip & pin.
That's basically to force the merchants to switch to a safer system.
I think you have this wrong.
Right now, banks assume liability for magnetic striped cards. After October 2015, merchants will assume liability for fraudulent charges on those cards. If they have switched to chip and PIN or chip and signature, the bank will be assume liability.
That is how the banks and the credit card companies are getting businesses to pay for and install the new card readers.
If merchants were responsible for chip and pin fraud, none of them would move to that system.
8.1 anyone? ApplePay will be on 8.1. Presumably bugs will be fixed. Lets wait and see before condemning.
This is wrong on several levels. For one, while EMV cards will become mandatory in the US in 2015, most US banks will not issue Chip&PIN, but Chip&Signature credit cards. Second, the "liability shift" that occured in some countries when EMV was introduced does not mean the merchant assumes all liability; they are only liable if their POS terminals do not support EMV, i.e. if the old mag stripe swiping is used even though the card has an EMV chip.
----------
This is described in some detail in this document:
http://images.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf
See chapter "Credit and debit card provisioning".
It's up to the bank. They can either approve the enrollment right away based on information that Apple is providing them (like the phone number of the device), or they can perform an additional verification step, e.g. by sending a security code to a known phone number or email address.
Provisioning a new card works like this:
1. You take a picture or enter the card info (account, name CVV, expiration). It is sent to Apple, which figures out the bank.
2. Apple's servers transmit a Check Card request to the bank, along with some of your account info (probably name address, card on file, phone number, etc).
3. If the info is good, the bank returns a Terms & Conditions id and text, which is displayed to you to check off.
4. Apple then sends the bank a Link & Provision request. This contains enrollment info about you from your iTunes account (including iTunes history, type of device, last four digits of your phone number, and current device lat/long).
5a. If all is okay, the bank returns the payment token info to be stored in your phone's Secure Element, along with custom bank card graphics / other Passbook info.
5b. If there's a question, there will be a longer verification process where you might have to respond to a text sent to your phone number of record, a phone call, or some other method of verification.
--
So no, it'd be pretty hard to enter a stolen card unless your iTunes account had the same name, address, device, phone number, etc as the card.
Edit: oh. I see Rigby pointed to most of the info while I was still typing up my reply. Thanks!
I have USAA, and I can vouch for the fact that it is a Chip & PIN card, as evidenced by the PIN prompt when shopping at Walmart.
As for Apple Pay, I hope it isn't verify the amounts of deposits etc, because that takes a couple days, I am impatient and want to try this on day one
Yo've got it exactly backwards as many have stated. If you are not a troll the honorable thing to do is just admit you are wrong and thank those who have brought you out of ignorance. You can do it!
Is it a credit or a debit card? Chip&PIN credit cards are pretty rare in the US.
As for Apple Pay, I hope it isn't verify the amounts of deposits etc, because that takes a couple days, I am impatient and want to try this on day one
It will behave exactly like the physical card in that regard.
Aren't credit/debit card info stored on Google Wallet servers while Apple Pay is stored on the device?
That was my understanding. The Google Wallet About page says that the information, as well as purchase history, is stored in the cloud on Google's servers.
Same here. I was having coffee at Starbucks in Phoenix when Chase called me about my debit card being used at a gas station in Las Vegas. Needless to say that wasn't me. Chase confirmed my last transaction on the card, cancelled all future transactions and sent me a new card for free. That's the way to keep customers.
Yes. That is my understanding. But just as the Apple Pay device doesn't store your actual fingerprint, it doesn't store your credit card number, either. It stores a key (which would NOT work on any other device) that the bank can use to find your credit card number.
Except briefly, when you enroll your card, your device doesn't know your CC number. Apple doesn't store your CC number. The merchant doesn't know your CC number. Even the NFC device doesn't know your CC number.
A couple of corrections are in order here.
1. the new credit and debit cards are NOT chip+PIN, but chip+signature (since you refer to them as "new", I assume that you're talking about the situation in the U.S.)
2. the merchant does NOT have to assume liability IFF he/she have chip-capable POS systems. The liability shift occurs if the merchant does not have chip readers.
----------
The new chip credit cards in the U.S. are chip+signature, not chip+PIN. I do not know of any bank that issues them - and I have tried for one to use in Europe. So far without success.
Do you swipe it, or stick it into a slot at Walmart?
(And what state / country is this?)
Thanks!
Stick it into a slot. It's in Phoenix, AZ. I know it's Chip & PIN, because if you swipe it will beep and say "Card Must be inserted!"