Leaked Images Show Apple Card's Design in the Wild

[lartola]

That's if they choose to implement PIN CVM. And "outside the US" is wrong, it's a falsehood spread by the media. Banks in the EU require PINs because customer-unfriendly laws there let banks shift fraud liability to the customer.

Most of Asia, including Japan, Taiwan, South Korea, and parts of South America, like Peru, do not use PINs. If you take a Chip and Pin card there, you'll have issues because they often don't have the pinpad hardware.

Those countries most likely still use signatures, but I bet they will eventually be required to drop signatures too. And when that happens, the banks in those countries will most likely want to replace the signatures with something else. Here in Mexico, for example signatures were dropped in 2018 like in the US. Prior to that, only debit cards were chip and pin whereas credit cards were chip and signature just like in the US. Now, after dropping signatures, all cards in Mexico are chip and pin just like in Europe. However, in the US signatures were dropped but not replaced by PIN or anything else (i.e., there you just insert and remove your card and that’s it). That hasn’t happened anywhere else yet, and probably won’t.

Also, those countries are probably still using magnetic stripe readers that will eventually need to be replaced. It’s the only way a merchant wouldn’t have the hardware for entering a PIN, since all chip readers have a number pad built in.
[doublepost=1561413889][/doublepost]

Thanks. So basically the iPhone is like a battery powered credit card.

Pretty much. And even more so is the apple watch.

 

[tmiw]

PIN incurs a cost, especially because you need a terminal, like an ATM, to change PINs. (EMV doesn't implement the PIN offset system ATM cards do because the PIN was designed for offline operation). This is a major issue in the US because retail banks and credit card banks often do not overlap geographically. That is, credit cards are nationwide but due to state regulation of banks, there is no 50-state retail bank. Then you have abandoned transactions when people forget PINs.

This is only the case if we wanted to use offline PIN (stored on card) as the standard vs. online PIN (sent to the issuer during authorization). If banks wanted to mandate PIN at all, they'd likely go with the latter, especially since international use doesn't seem to be a big priority for most. And especially due to the lack of reliability surrounding issuer scripting thanks to the prevalence of Quick Chip in this country.

In fact, online PIN is already supported by issuers, but it's currently just used for cash advances rather than purchases with most of them. If anything, they'd just need to add support in their web UI/mobile apps to allow for changing it (if there's not already an electronic way of doing so). Software implementation at the merchant level would be the bigger challenge due to additional complications compared to implementing offline PIN.

In the US, the law prevents this fraud shift, but in the EU, fraud claims with a valid PIN are regularly denied. In particular, many of their cardholder agreements say its your fault if you write down your PIN. If you didn't write it down, then the transaction must be authorized, according to their logic. The issue is real, just read about the claims their banks deny.

Again, it's a legal issue and not something inherent to the technology. If US law was a lot more lax about cardholder liability, for instance, there wouldn't be much stopping banks from claiming that since the chip "can't be cloned", you obviously authorized the charges--even without PIN. Especially since they claimed that lost/stolen fraud is one of the least likely fraud vectors in the US thanks to issuers stopping most of it before it can be authorized (hence the decision by most to go chip and signature).
[doublepost=1561414233][/doublepost]

Banks in other countries will eventually switch to PIN as well.

Maybe, maybe not. I suspect given the current worldwide push for contactless payment, many won't.

 

[lartola]

This is only the case if we wanted to use offline PIN (stored on card) as the standard vs. online PIN (sent to the issuer during authorization). If banks wanted to mandate PIN at all, they'd likely go with the latter, especially since international use doesn't seem to be a big priority for most. And especially due to the lack of reliability surrounding issuer scripting thanks to the prevalence of Quick Chip in this country.

In fact, online PIN is already supported by issuers, but it's currently just used for cash advances rather than purchases with most of them. If anything, they'd just need to add support in their web UI/mobile apps to allow for changing it (if there's not already an electronic way of doing so). Software implementation at the merchant level would be the bigger challenge due to additional complications compared to implementing offline PIN.



Again, it's a legal issue and not something inherent to the technology. If US law was a lot more lax about cardholder liability, for instance, there wouldn't be much stopping banks from claiming that since the chip "can't be cloned", you obviously authorized the charges--even without PIN. Especially since they claimed that lost/stolen fraud is one of the least likely fraud vectors in the US thanks to issuers stopping most of it before it can be authorized (hence the decision by most to go chip and signature).
[doublepost=1561414233][/doublepost]

Maybe, maybe not. I suspect given the current worldwide push for contactless payment, many won't.

Contactless payment does not eliminate the need to use a PIN for security, though. Not unless you are using a mobile wallet such as apple pay or google pay. Contactless cards still need authorization just like chip cards.

 

[konqerror]

Again, it's a legal issue and not something inherent to the technology. If US law was a lot more lax about cardholder liability, for instance, there wouldn't be much stopping banks from claiming that since the chip "can't be cloned", you obviously authorized the charges--even without PIN. Especially since they claimed that lost/stolen fraud is one of the least likely fraud vectors in the US thanks to issuers stopping most of it before it can be authorized (hence the decision by most to go chip and signature).

The legal issue is what drives European banks to stick to PINs. The legal benefits of PINs are not present in the US, therefore the cost of PINs, in direct costs and cost of lost use, outweigh the benefits.

It's not a technical issue or banks being "lazy", as news media likes to put it, but a reasoned business decision coupled with strong customer protections. This is basically the reasons against lartola's arguments that "pin will come eventually".

 

[tmiw]

Contactless payment does not eliminate the need to use a PIN for security, though. Not unless you are using a mobile wallet such as apple pay or google pay. Contactless cards still need authorization just like chip cards.

It could if the banks in a country are okay with it. Apparently they are in the US as contactless officially has no limit regardless of the device or card used.

(BTW, Singapore is one of those countries that uses chip and signature. Contactless does have a limit there, but I doubt that the banks there are under any illusion that signature provides anything remotely close to reliable cardholder verification. It wouldn't surprise me if the limit goes away there eventually.)

The legal issue is what drives European banks to stick to PINs. The legal benefits of PINs are not present in the US, therefore the cost of PINs, in direct costs and cost of lost use, outweigh the benefits.

It's not a technical issue or banks being "lazy", as news media likes to put it, but a reasoned business decision coupled with strong customer protections. This is basically the reasons against lartola's arguments that "pin will come eventually".

While this isn't exactly recent, I'm not so sure they'd have bothered with PIN (even if US law allowed banks to hold cardholders liable for fraudulent transactions) based on the stated low level of lost/stolen fraud relative to others. And if the law did allow it, they'd just claim that "you didn't report your card stolen quickly enough" under the assumption that there can only be one valid card--no need to consider whether a PIN was used. Of course, backing out those laws would cause a huge storm of controversy and likely a mass switch back to cash, hence why no one's even considering doing it.

That said, if lost/stolen fraud was a much higher share of the fraud problem in the US, they'd likely have forced PIN to be mandatory, regardless of the legal situation. Remember, this is a country whose banks are notorious for not spending money to implement stuff unless they have no choice; it's why we didn't even get the chip at all until a few years ago, for instance, and why stuff like Venmo had free reign in the P2P space for at least a few years before they came out with Zelle.

 

[Bawstun]

Why no discussion of Apple being slow to the metal card without account number release?
[doublepost=1561231403][/doublepost]
Guess you must feel the same about Amazon with their metal Visa card for a couple of years now.
Seriously, snark and ignorance welcome to the internet 2019.

Amazon isn’t a tech company.

 

[lartola]

Amazon isn’t a tech company.

They do have a tech department that designs the kindle readers and other devices though.

 

[ipponrg]

They do have a tech department that designs the kindle readers and other devices though.

They also power their store with AWS along with practically most large companies.

Anyone that argues that Amazon or Apple are not tech companies should just sit in their tower where they belong

 

[aknabi]

Was the weighing necessary?

You should peek at another mac site where the fanboys are rabid... the corner radius for the card would be a "stop the press" moment... and the level of wind up over the release date you'd think these are folks with terminal cancer waiting for a life saving drug approval date. I find MacRumors folks much more "sane and balanced" (now there's a news site tagline)

 

[mattopotamus]

Was the weighing necessary?

This may sound weird, but lots of people interested in credit cards actually want to know these things

For example, if two cards were identical in every way (rewards) I would want the one that weighs more. Yes, it is solely for prestigious reasons.

 

[hungedu]

Um, it's a credit card.

 

[Mac 128]

It’s not Apple it’s the US banking system. No credit card in the US ever uses PIN authorization, only debit cards do. Credit cards were Chip and signature until recently. Now the signature is being phased out by the card networks, but without replacing it by a PIN (i.e., now it’s chip and nothing else).
[doublepost=1561410915][/doublepost]
But outside the US, the issuing banks do require their customers to set a PIN for authorization. Even on mastercard cards.

I can set a pin on my US issued Visa for the purposes of using it as a debit card for cash advances from ATMs. It’s a very useful thing, especially when traveling if I need cash and don’t have my debit card for some reason. However, it is not required for transaction validation, nor does it function as such outside the US.

 

[lartola]

I can set a pin on my US issued Visa for the purposes of using it as a debit card for cash advances from ATMs. It’s a very useful thing, especially when traveling if I need cash and don’t have my debit card for some reason. However, it is not required for transaction validation, nor does it function as such outside the US.

That’s the difference. In Europe, Canada, and more recently also in Mexico and other Latin American countries, PIN is not optional. It is mandatory and it is also used to authorize payment at stores and other places instead of a signature. In the US it’s still optional and purchases are usually either authorized with a signature or don’t require any authorization.

 

[tallscot]

The plain white sleeve is $999 extra.

 

[mattopotamus]

That’s the difference. In Europe, Canada, and more recently also in Mexico and other Latin American countries, PIN is not optional. It is mandatory and it is also used to authorize payment at stores and other places instead of a signature. In the US it’s still optional and purchases are usually either authorized with a signature or don’t require any authorization.

While a few of my credit cards have had me assign a PIN, I’ve never once had to use a PIN with a credit card in the US.

 

[tmiw]

While a few of my credit cards have had me assign a PIN, I’ve never once had to use a PIN with a credit card in the US.

That's likely because most US cards, if they support PIN at all, typically have it set up so that it's the lowest preferred CVM. By doing this, they can pretty much guarantee that it's not used for domestic transactions while leaving it available for unattended terminals overseas that insist on one.

 

[glowplug]

Curious if they will luanch a corporate card product. A space that has been dominated by Amex, but it seems like there would be plenty of opportunity for a disruptor.

 

[Kendo]

Amazon isn’t a tech company.

https://en.wikipedia.org/wiki/Big_Four_tech_companies

The Big Four tech companies are Google, Apple, Facebook, and Amazon. Btw, Uber is also a tech company.

 

[Bawstun]

https://en.wikipedia.org/wiki/Big_Four_tech_companies

The Big Four tech companies are Google, Apple, Facebook, and Amazon. Btw, Uber is also a tech company.

Amazon is not a tech company, they are an online marketplace and maybe a streaming service if you want to include that. What do they sell? Tablets are garbage the phone they tried to introduce years ago, discontinued & garbage. They wish they were a tech company.

 

[ecschwarz]

Amazon is not a tech company, they are an online marketplace and maybe a streaming service if you want to include that. What do they sell? Tablets are garbage the phone they tried to introduce years ago, discontinued & garbage. They wish they were a tech company.

There's plenty of more recent articles and posts if you search anywhere for "Amazon tech company" or "Amazon tech or retail," but this one explains the argument rather nicely:
https://thenextweb.com/insider/2011...chnology-company-we-just-happen-to-do-retail/

The retail side of things is a byproduct of Amazon's involvement with technology. Their platform is the real product, but even bigger than that is AWS, along with the AI/machine learning products. They're selling their services.

 

[mattopotamus]

Amazon is not a tech company, they are an online marketplace and maybe a streaming service if you want to include that. What do they sell? Tablets are garbage the phone they tried to introduce years ago, discontinued & garbage. They wish they were a tech company.

Pretty sure they are the leader in smart home speakers. That would make them a tech company on some level.

 

[Kendo]

Amazon is not a tech company, they are an online marketplace and maybe a streaming service if you want to include that. What do they sell? Tablets are garbage the phone they tried to introduce years ago, discontinued & garbage. They wish they were a tech company.

Um, everything they do is tech...they technologized (not a word I know) everything we know about commerce (turning it into e-commerce). Their top hired employees are software engineers like Google and Apple. Yes they have warehouse workers in the same way Apple has retail employees, but their bread and butter is tech.

• AmazonFresh
• Amazon Prime
• Amazon Web Services
• Alexa
• Appstore
• Amazon Drive
• Echo
• Kindle
• Fire tablets
• Fire TV
• Video
• Kindle Store
• Music
• Music Unlimited
• Amazon Digital Game Store
• Amazon Studios
• AmazonWireless

 

[jmccall]

Also, how does one securely dispose of this (or any other metal) credit card when it expires? I can stick a plastic card in my shredder at home.

Call me paranoid, but I feel safer knowing that someone can't fish my old card out of the trash, guess at the new expiration date and run up some charges online.

I know I can dispute them, but I'd still rather avoid the situation if at all possible.

I used to work for AMEX and for their Centurion AKA “Black” Card which is also titanium, we had a specific address to which card holders could mail back their expired cards for recycling.

 

[ecschwarz]

I used to work for AMEX and for their Centurion AKA “Black” Card which is also titanium, we had a specific address to which card holders could mail back their expired cards for recycling.

For other metal cards I've had, they typically send a business-reply envelope with the new card to get the old one returned and destroyed. Some people use it, some hang on expired cards.

 

[danbehrens]

Was the weighing necessary?

Absolutely. The material and weight are 1/2 of the available design decisions for a credit card. No pansy weight AL-YOU-MIN-YUM this time!