The main benefit is the one time transaction code tied to a device ID versus your credit card number. This added level of security is the main reason to use the service.
It's not one time. The account token stays the same per device.
The main reason a token is useful, is that if the merchant gets hacked, the hackers won't get your real account number.
Naturally, if you have EVER used your real credit card number in the past, they still have the real account number on file. Token numbers only help with merchant breaks if you use an account number that's never been used on a physical card (or online) at that store.
In other words, if you used account xxxx-1001 at Home Depot, and then later used Apple Pay, the security is pretty meaningless. Hackers into HD's servers can still get the xxxx-1001 number that you used before.
I just draw an "X" on the receipt or terminal. No one has even blinked yet. For that matter I don't think I've had anyone look at the back of a legacy credit card or ask for ID in a couple years either.
At least make it an unusual and repeatable 'X', so if you have to, you can prove it was not you who made the transaction.
For now I'm just really happy about the security of tokenized transactions and the anonymity between myself and the merchant.
No anonymity in this Kohl situation, since the loyalty card is apparently tied to your token.
It should be the case that I authorized with my print already so it should be done at that point.
The terminal does not know you used a print. You could've used your passcode instead.
In any event, it's no proof that it was the cardholder's print. It's just a very good likelihood that it was. But it could be anybody who had access to the passcode and/or registered their print on your phone.
That's why originally the card companies ran an experiment in France where terminals had fingerprint readers that sent your finger scan to the bank, where it could be matched up against a print that you had registered and was witnessed IN PERSON by a bank official.
However, that scheme would've required more expensive terminals, trips to banks, etc. The current method of letting it be done on phone by (hopefully) the cardholder, is "Good Enough" for the majority of situations.