Kohl’s Becomes First Retailer to Support Store Payments and Rewards With One Tap in Apple Pay

[tmiw]

This is nonsense. First of all I haven't come across an "official" retailer that hasn't accepted Apple Pay. And I've asked about Apple Pay at every store I frequent, multiple times. Some have implemented, some haven't. You can't force retailers to adopt a method of payment, especially if they view it as a negative (in terms of lack of data collection). Many stores haven't even activated their chip readers...is there no demand for that, either?

I simply don't see that many people using it at the "official" retailers. (If anywhere would see a lot of Apple Pay users, it's those places.) With smaller businesses, the vast majority don't even know their new terminals support it because they haven't been trained on it by the companies they get their equipment from. Kinda hard not to come to the conclusion that AP/contactless simply isn't important. YMMV of course.

As for chip, most retailers can't even turn support on until they're certified. And that's been such a disaster as well that Visa got sued.

 

[Arcus]

Still not thrilled with ApplePay. I still cannot get my TD back card back on it even with multiple calls to TD and a few to Apple , who tells me its a propblem with TD.

So I can use one of my other CCs but other than the place I buy food I have rarely encountered a retailer that takes Apple Pay. I dont bother asking, I just try it; I realize that the person behind the register might not know.

Most of my shopping is done in the CHerry Hill / Marlton / Voorhees area of south Jersey so its not like we are int he middle of nowhere.

I tried Apple Pay but I gave up. I suspect I am not the only one.

 

[tmiw]

Still not thrilled with ApplePay. I still cannot get my TD back card back on it even with multiple calls to TD and a few to Apple , who tells me its a propblem with TD.

So I can use one of my other CCs but other than the place I buy food I have rarely encountered a retailer that takes Apple Pay. I dont bother asking, I just try it; I realize that the person behind the register might not know.

Most of my shopping is done in the CHerry Hill / Marlton / Voorhees area of south Jersey so its not like we are int he middle of nowhere.

I tried Apple Pay but I gave up. I suspect I am not the only one.

I suspect that the US will never have contactless infrastructure as good as in Europe or Canada simply because of the number of different terminal/POS setups out there and lack of any real standards. Not to mention a significant minority who will never enable it without serious concessions (e.g. 80-90% cut in the interchange/swipe fees if contactless is used), or the possibility that debit will ask for a PIN at a large number of places regardless of the amount, or some number of other issues.

On the other hand, Apple Pay in-app might end up getting far more use because it has the potential to be more of an improvement to the shopping experience. Think self-checkout at stores without having to use the self-checkout machine or stuff like Starbucks/Panera mobile ordering. That may even be how pay at the table at restaurants gets implemented, instead of tablets at every table or portable terminals.

 

[TRICKorDEVICE]

I don't know if this could be a simultaneous deal, but I'm waiting for Target to get their RedCards on Apple Pay, and I would love it if they made Cartwheel compatible as well.

Yes, please!!!

 

[lkalliance]

Good info, the one time code I was referring to is the security code that is one time only per transaction. The token does indeed stay the same and is device related. I should have been more specific.

Could you explain this further? From what I understood (from a non-technical background), that each time you use Apple Pay, a tokenized account number is created that the bank will recognize as yours, and then that tokenized account number is discarded, so it could not be used again. I understand that there is a token that lives in the Secure Enclave that links you to the bank.

I guess in this case the "bank" is Kohl's, and that's why they have the token (so that they can validate the tokenized account number)? Then if I went into Kohl's and instead of using my Kohl's card I used my Amex, then Kohl's doesn't have any record of my phone, correct? The tokenized account number gets used, thrown away, and nothing lives with the merchant?

 

[gsmornot]

Could you explain this further? From what I understood (from a non-technical background), that each time you use Apple Pay, a tokenized account number is created that the bank will recognize as yours, and then that tokenized account number is discarded, so it could not be used again. I understand that there is a token that lives in the Secure Enclave that links you to the bank.

I guess in this case the "bank" is Kohl's, and that's why they have the token (so that they can validate the tokenized account number)? Then if I went into Kohl's and instead of using my Kohl's card I used my Amex, then Kohl's doesn't have any record of my phone, correct? The tokenized account number gets used, thrown away, and nothing lives with the merchant?

Best I can do is point you to the Apple page with more detail and highlight a section of it here. I could use my own words but Apple have done a nice job already. The token in this case is your device ID which is static and based on your device.

https://support.apple.com/en-us/HT203027

"After you use Touch ID or enter your passcode on iPhone, or double-click the side button on Apple Watch at a payment terminal, the Secure Element provides your Device Account Number and a transaction-specific dynamic security code. This information is sent along with additional information needed to complete the transaction to the store’s point of sale terminal. Neither Apple nor your device sends your credit or debit card number. Before they approve the payment, your bank or payment network can verify your payment information by checking the dynamic security code to make sure it’s unique and that it’s tied to your device."

 

[lkalliance]

Best I can do is point you to the Apple page with more detail and highlight a section of it here. I could use my own words but Apple have done a nice job already. The token in this case is your device ID which is static and based on your device.

https://support.apple.com/en-us/HT203027

"After you use Touch ID or enter your passcode on iPhone, or double-click the side button on Apple Watch at a payment terminal, the Secure Element provides your Device Account Number and a transaction-specific dynamic security code. This information is sent along with additional information needed to complete the transaction to the store’s point of sale terminal. Neither Apple nor your device sends your credit or debit card number. Before they approve the payment, your bank or payment network can verify your payment information by checking the dynamic security code to make sure it’s unique and that it’s tied to your device."

Hm. Thanks.

That sounds less secure than I originally thought, though I'm sure I'm just picking at nits. Your credit card number isn't sent, but an unchanging number IS...if that transmission is intercepted then there is a piece that a bad actor can use over and over. I do understand that there is also a security code that is transaction-specific...but I thought that everything about the transaction that was exchanged between the phone/watch and the POS terminal was transaction-specific. Clearly that's not the case. Disappointment. Probably an overreaction, but a disappointment.

 

[kdarling]

That sounds less secure than I originally thought, though I'm sure I'm just picking at nits. Your credit card number isn't sent, but an unchanging number IS...if that transmission is intercepted then there is a piece that a bad actor can use over and over.

Doesn't matter. See last two paragraphs below.

I do understand that there is also a security code that is transaction-specific...but I thought that everything about the transaction that was exchanged between the phone/watch and the POS terminal was transaction-specific. Clearly that's not the case. Disappointment. Probably an overreaction, but a disappointment.

If token numbers changed each time, they'd run out pretty quickly (using credit card number constraints as they have to).

Also, if the token changed, it'd be much harder to do a merchandise return, since that usually involves the store giving credit back to the same (token) account number you used to pay. (Which is why you should not buy something with your watch and then try to return it with your phone... they have different tokens installed. The Device Account Number - the last 4 digits of which you can see in Settings/Passbook/card - is the token account number assigned per card per device.)

-- Here's why it's secure:

The reason why the unchanging token works just fine, is because it's not the secret part. The real secret is the unique crypto key that is provisioned in the Secure Element. Nothing outside the Secure Element can read it.

That secret key is what the particular Secure Element payment applet uses to create the surrounding transaction specific cryptograms. Those are what change each time, and which cannot be duplicated without knowing the key.

 

[Mac 128]

I can agree with you on the need for signature. I never sign with anything other than a scribble so its no real point unless its something the vendor needs due to a requirement for fraud. It should be the case that I authorized with my print already so it should be done at that point. Subway I scan my phone, the receipt prints from their terminal. One easy step. Its the store that is lacking when this happens.

Really? As long as I don't get the blank stare from the cashier, it's been double tap side watch button, hold close, done (or double tap home button on phone, hold close, done). This has included Subway, Office Depot, BP stations, and Wegmans. Which stores do you use it at?

Most merchants require signatures over a certain amount. Each one, or their banks, decide what that limit is. The range I've seen is $5-$50. But almost all retailers require a signature over $50.

Trader Joe's and especially Whole Foods will run up a sizable tab. Neither store is signature-less, nor prompt-less yet. That's primarily where I use it now. Many mom and pops with the little terminal will actually print out receipts I have to sign still.

When I'm under the pre-set limit, the transaction is much smoother. But almost all still have at least one prompt. Haven't tired it at Subway yet.

 

[Chloros]

How did you arrive at this?
Kohl's lot is full of $40K+ cars.

ROFL.....Well Irvine has Kohls as well where most people drive $40k+ cars but also share the parking lot with Starbucks and trendy eateries.

Living here in Socal.....i have not yet seen anyone use Apple Pay on their iPhones let alone iWatch. All the Apple pay users are on this forum.

 

[JoeG4]

Waiting on you Target...

Right? Right! I thought Target was supposed to be all nice with Apple stuff. But their real colors are showing - they're just Walmart with red instead of blue.

Then again Target has really been pissing me off lately with the CVS pharmacy changeover. Not only is the service going downhill, but they got rid of the nice pill bottles too. You used to be able to just call and get the pharmacy staff on the line right away, now you have to go through a stupid menu and wait.

Oh yeah, and they got rid of the Pizza huts, slurpees, and hot dogs. Now it's some stupid sandwich shop.

And they haven't done a thing about the poor customer service at the one near where I live either.

ROFL.....Well Irvine has Kohls as well where most people drive $40k+ cars but also share the parking lot with Starbucks and trendy eateries.

Living here in Socal.....i have not yet seen anyone use Apple Pay on their iPhones let alone iWatch. All the Apple pay users are on this forum.

My Jeep cost more than $40k.. I can usually find the same stuff Kohls sells at Target or Macys for a somewhat better price lol. Or even better, amazon! I do buy things from Kohls on occasion though. I suppose the BMW sales people would frown upon their customers parking at Kohls because it would tarnish BMW's perceived image or something? Lol

I have an Apple Watch and actually DO use Apple pay, sometimes. I use it at Walgreens and Mcdonalds. And that's about it. Wish more places accepted it.

Also, I'd shop at Walmart... but here in my corner of LA the walmarts close at 10pm (9pm sunday! WTF?!) and Targets close at midnight.

 

[Brien]

Hopefully once the RedCard gets added it will speed up the checkout process. Chip and Pin takes longer than the swipe.

Hope this happens. Would be great, especially if they integrate Cartwheel.

 

[American Hero]

Right? Right! I thought Target was supposed to be all nice with Apple stuff. But their real colors are showing - they're just Walmart with red instead of blue.

Their CEO said he would love to support Apple Pay... And it was supposed to happen after the EMV roll out was completed. Target has been done with that since September, and here we are, eight months later, and there's still no word on when they'll accept Apple Pay. Good news is, my Samsung will work there with mobile payment, so I don't care as much as some people do.

 

[macduke]

Problem is, Apple's clientele and Kohl's are at two different ends of the economic spectrum. Can't imagine most Kohl's shoppers having Apple Watches.

I do. People value different things. I'm not sure why people can't get that through their head. I like saving money to buy the things I value and want most.

For instance, I'm closing on a much nicer and bigger new house next month with a great wooded view out the back, but drive a small base model sedan made in the late 90s (although to be fair I'll be replacing it with a nicer used Outback later this summer since we're having our second kid). I make my own sack lunches for work, but have an Apple Watch, iPhone 6s, iPad Air 2 and rMBP. I shop at Kohls and Gap for a lot of my clothes, and yet have thousands of dollars in high-end camera gear.

You see, I just don't care a lot about cars, or eating out, or wearing fancy clothes (which to me look mostly the same). I save my money and buy stuff with credit, which earns cash back rewards, and then I pay off my cards every month. And I'm certain there are far cheaper people than me who buy Apple Watches. The whole point of budgeting is to dial in your expenses so you spend less on things you don't care about, and save more for the stuff you really freaking want.

 

[lkalliance]

Doesn't matter. See last two paragraphs below.



If token numbers changed each time, they'd run out pretty quickly (using credit card number constraints as they have to).

Also, if the token changed, it'd be much harder to do a merchandise return, since that usually involves the store giving credit back to the same (token) account number you used to pay. (Which is why you should not buy something with your watch and then try to return it with your phone... they have different tokens installed. The Device Account Number - the last 4 digits of which you can see in Settings/Passbook/card - is the token account number assigned per card per device.)

-- Here's why it's secure:

The reason why the unchanging token works just fine, is because it's not the secret part. The real secret is the unique crypto key that is provisioned in the Secure Element. Nothing outside the Secure Element can read it.

That secret key is what the particular Secure Element payment applet uses to create the surrounding transaction specific cryptograms. Those are what change each time, and which cannot be duplicated without knowing the key.

Thanks much for the explanation!

 

[A+G.Design]

Still waiting for pay here in scandinavia... here dozens of retailers and businesses could benefit from this technology. Enjoy lucky Kohl's customers!

 

[igorsky]

Given that in most countries Apple sells very few phones compared to Samsung, etc., it's one of two things:

1. Google is more trustworthy.
2. "Trust" isn't exactly that high on peoples' list of priorities.

Point 2 is definitely a possibility. Point 1 must surely be a joke.

 

[jimthing]

Starbucks – about time we didn't have to preload a card with cash. Do get on with it!

 

[idrewuk]

I'm wondering how this would actually work. In the UK, contactless is almost everywhere now and I've been using Pay more and more. But, in a lot of places, I have to seperately scan my loyalty card (which means carrying around plastic) so it's still not very simple... like, Boots (Advantage Card), M&S (Sparks) and Starbucks. Hopefully they can be integrated so with just one tap the whole process of payment and loyalty is joined up.

 

[kdarling]

I'm wondering how this would actually work.

From what I can tell, you have to register and use a Kohl's store card. That's how it knows who you are for loyalty points.

Moreover, you need a card version that has a security code, so it can be registered in Apple Pay. Otherwise, you have to call Kohl's to get an updated card with the usual security code printed on it.

Also, at checkout, if Kohl's is not your default payment card, you have to pick it.

It'd be a lot neater if Apple Pay knew you were in a Kohl's store and automatically put their card first