Contactless Payments how MasterCard does it.

[nouveau-apple]

Some vending machines, for one reason or another, does not accept MasterCard debit cards. A swipe or Apple Pay payment will result in denial. And it will not allow you to use a MasterCard debit card.

But under closer inspection I saw a logo: MasterCard PayPass. "Oh, well that's weird." I said. My card doesn't have PayPass.

Then I went online and found out that I could actually order a PayPass. This was supposed to be a Tap-to-Pay contactless payment card that has been offered since at least 2012 but I had heard nothing of it.

While I was doing the research I found out that PayPass isn't so good. Literally, you're walking around with an RFID tag that people can just scan and take the information.

It's so easy. The same convenience that would've allowed me to pay so easily is the same effort hackers can use to take the information. And what's worse is the fact that the U.S. has not updated to chip and pin. That's even less security than you would normally have. In the U.S. neither the readers or the cards are supplied. We've already been through multiple data breaches and that was with just regular MasterCards.

My PayPass is on the way, but I don't think I'll be activating it. I already have Apple Pay, which is probably more secure. Those Lays chips and diet Dr. Pepper will have to wait.

That only leaves the question of why these readers are only taking PayPass. But not a regular swipe, or Apple Pay?

And the tap to pay feature that PayPass offers, the tap to pay featured I'd always heard about, has anyone here had any issues with that?

 

[JayLenochiniMac]

Mastercard is also known not to work at certain retailers (like Home Depot) that unofficially support Apple Pay, whereas Visa and Amex will work.

Take home message: It's best to have a Visa or Amex for Apple Pay whenever possible.

 

[AppleFanatic10]

I have this problem also. I try to use my MasterCard in vending machines around my campus, but I'm always getting denied. If I'm really thirsty or want a snack, I'll have to go to one of the stores on campus and buy something which can be a hassle when I'm in a rush.

 

[nouveau-apple]

more research has enlightened me that this problem has existed since 2012.

Vending machines don't take MasterCard. Isnt that something? Seems like MasterCard isn't that much of a master now is it?

 

[lordofthereef]

You lost me at the aprt where you explained, in decent detail, how payloads is terribly insecure, but then decided to order one anyway.

If vending machine use is important to you, is getting another type of card not feasible? The US is goog to be chip and pin at all major retailers (and small retailers who are smart) within the year anyway. Most of my cards have already been updated.

 

[MWB1124]

You lost me at the aprt where you explained, in decent detail, how payloads is terribly insecure, but then decided to order one anyway.

If vending machine use is important to you, is getting another type of card not feasible? The US is goog to be chip and pin at all major retailers (and small retailers who are smart) within the year anyway. Most of my cards have already been updated.

Unfortunately, most U.S. cards are going to be chip-and-sign, not chip-and-PIN...at least for the next year or two.

http://www.wsj.com/articles/why-new-credit-cards-may-fall-short-on-fraud-control-1420423917

 

[kdarling]

The problem is apparently with the interchange fee for Mastercard debit cards at vending machines.

It got raised to over 22 cents per transaction. That's a pretty big hit on items that sell for under $2, so one of the biggest vendors banned those cards years ago.

Other debit cards and all credit cards should work just fine.

 

[nouveau-apple]

You lost me at the aprt where you explained, in decent detail, how payloads is terribly insecure, but then decided to order one anyway.

If vending machine use is important to you, is getting another type of card not feasible? The US is goog to be chip and pin at all major retailers (and small retailers who are smart) within the year anyway. Most of my cards have already been updated.

I did the research after I had already ordered it. You see, the only MasterCard cards allowed at vending machines are PayPass cards. You can't use Apple Pay. So this meand I have to have one.

What are the chances that someone can steal my information?

I heard you could just call in to deactivate the PayPass signal.

Should I activate it or no?

 

[lordofthereef]

I did the research after I had already ordered it. You see, the only MasterCard cards allowed at vending machines are PayPass cards. You can't use Apple Pay. So this meand I have to have one.

What are the chances that someone can steal my information?

I heard you could just call in to deactivate the PayPass signal.

Should I activate it or no?

I have no idea the chances. I know I had a pay pass for a while with mobile (the gas station) when we lived in California. We never used it really. If I recall correctly you actually had to tap the device to the pad. I imagine (but am not sure) that stealing your info would require the same sort of thing. I don't inagine one could just walk around "sniffing the air" for your data as I don't believe it is transmitted that way.

It sounds like you did more research than I did though so go with your instincts. If sexurity is a concern I would simply get another card though. Something perhaps with a rather low balance if you are one to be tempted by loading cards up (some people have an aversion to credit cards for this reason). If you pay the balance off monthly you won't accrue any fees.

Anyway. That's what I would do if vending machine payments were as important to me as they seem to be to you.

 

[nouveau-apple]

They just tap it lightly. And bam. They have it.

I just thought contactless would be cool to have.

 

[tmiw]

They just tap it lightly. And bam. They have it.

I just thought contactless would be cool to have.

Sorry to resurrect an old thread but IMO I don't think this is all that likely. Remember, Apple Pay is basically PayPass under the hood (assuming you add a MasterCard to it); a dynamic security code gets generated based on a private encryption key inside the card just like with Apple Pay. The biggest improvements Apple Pay brings are:

1. Touch ID (not transmitting anything until you authenticate),
2. Tokenization (using a card number different from the one on your physical card), and
3. Once chip and PIN/chip and signature becomes more widely supported by retailers, not having to sign or enter a PIN for anything regardless of the amount.

Someone tapping you, assuming they manage to get an antenna small enough to easily conceal, isn't enough to clone a contactless card. They would need to get the private key somehow, which IIRC no one has managed to do. That said, almost all US banks have given up on the cards in favor of Apple/Android Pay, partly because Apple Pay is superior and partly because not enough people used the cards to continue making them worthwhile to produce.