Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Mastercard's Plans to Fully Eliminate Signature Requirement Next Year Will Speed Up Apple Pay
- Thread starter MacRumors
- Start date
- Sort by reaction score
That definitely does suck, I've made a significant number of Apple Pay purchases that were over $100.
If the card PIN is used, that's proof it's you (or at least it is your responsibility if someone else knows it).
OTOH, millions were lost to fraudulent registration of accounts on Apple Pay. In those cases, the device passcode was meaningless because it wasn't even your phone that was involved. And the liability was on the banks.
It has nothing to do with the purchase being Apple Pay or even a token account number (which every xxx pay service uses).
And no, there's no definition that the person used a biometric authentication. For one thing, you can use a passcode instead. Heck, the Apple Watch has no fingerprint sensor at all.
It has to do with the limits the bank sets on the card, the limits merchant sets at his terminals, and...
...whether or not the terminal recognizes a special transaction flag that says the cardholder was verified on the device. Such verification can be a passcode, biometric, or even a PIN pad on the device.
Behind here, ahead there, it all washes out eventually. At the very least, I won't have to feel out of place when I use my credit card the next time I'm in Europe. One of my relatives looked strange at me when I needed a pen at a restaurant in Denmark (I paid). Similar look from a cashier in Frankfurt.
LOL I was the one giving strange look at this Californian cashier in a clothing boutique back then when she swiped my card, and asked for my signature. I asked her why didn’t she just insert the chip into the card reader opening at the bottom for her terminal, and she was like what chip, what opening. That’s when I realised that you guys had no idea what chip and PIN are. She and her coworkers were like all impressed to see a chip on a Visa card. And I was “oh boy…”
It all ready depends on which type of contactless technology the terminal is using. There are two forms of contactless MSD and EMV. MSD is basically just contactless data that looks like the mag stripe on the back of the card (the data is different but it’s in the same format). When MSD is used the terminal has no ID if a fingerprint or whatever has been used on a device. You could have also just tapped a contactless credit or debit card.
EMV contactless is basically the data on the chip but in a contactless format. EMV terminals can (although older ones, primarily out of the US don’t) recognise that you’ve used your fingerprint as the device can say that the cardholder was verified by device (known as CDCVM), so no extra authorization method is needed.
MSD isn’t used outside of North America and it’s only really used at gas pumps in Canada. In fact Visa cards outside of the US don’t support MSD at all either with tapping the card or using Apple Pay (with the exception of some Canadian Visa cards). MasterCard and Amex are phasing it out.
US AmEx cards are MSD only in Apple Pay and the Apple Store managed to use CDCVM for the purchase from what I remember. I'm not 100% sure how that happened but I haven't seen that anywhere else.
Only problem is if someone took your card and you didn’t realize. And made a ton of purchases. First thing you would complain about is, you didn’t even check their ID! lol
I can't remember the last time I signed for a purchase other that when in the US. In fact, I can't remember a restaurant that doesn't bring the wireless terminal to the table.
My heart just stops when I'm in the USA and the waiter leaves with my card... So retarded...
My heart just stops when I'm in the USA and the waiter leaves with my card... So retarded...
sorry, I don't know the technical details behind it. So this transaction flag can work not only with Apple Pay but also some other NFC based systems? which ones? In any case, the upshot of what I was saying is that this is very rare in Canada.
yes, that's the general idea. although from what kdarling is saying this functionality is standard and in principle can work with other NFC based payment systems besides Apple Pay. but the major caveat is that the merchant terminal has to support this functionality and it has to be turned on. Unfortunately, in Canada most of them don't bother, at least in my experience. 100$ tap limit is enough for a lot of places, so they just leave it at that. For me this is most annoying in supermarkets which is where I regularly go over 100$ and have to do chip and pin. They could certainly benefit from enabling Apple Pay transactions above 100$. I don't know why they don't do it.
Now if Target could speed up their checkout process by not asking a hundred questions during the transaction process.
Cashier: How are you?
Cashier: Do you have any coupons?
Cashier: Did you find everything?
Cashier: Do you have a RED card?
Cashier: It could save you 5% if you did?
Cashier: You really really really should consider the RED card?
Cashier: Don't you like saving?
Arrrgghhh
Card Reader: Debit or Credit?
Card Reader: Is the amount ok?
Card Reader: Do you want it all on the same card?
Card Reader: Do you want cash back?
Card Reader: Do you want to donate to the Children's....?
Card Reader: Enter your PIN / or Signature
Arrrrgghhhh
Yep, ApplePay or MC's no signature will never speed up Target's checkout process.
Cashier: How are you?
Cashier: Do you have any coupons?
Cashier: Did you find everything?
Cashier: Do you have a RED card?
Cashier: It could save you 5% if you did?
Cashier: You really really really should consider the RED card?
Cashier: Don't you like saving?
Arrrgghhh
Card Reader: Debit or Credit?
Card Reader: Is the amount ok?
Card Reader: Do you want it all on the same card?
Card Reader: Do you want cash back?
Card Reader: Do you want to donate to the Children's....?
Card Reader: Enter your PIN / or Signature
Arrrrgghhhh
Yep, ApplePay or MC's no signature will never speed up Target's checkout process.
Back in the day when cheques were still a thing, I was told by a bank employee that banks never checked the signatures of any cheques under £1,000 because the cost to the bank of implementing control procedures for such small amounts exceeded the cost of paying out against small fraudulent transactions. It was simply cheaper to let those slide.
All of them. Forget the idea that Apple Pay is somehow seen as unique to terminals. It's just another implementation of contactless card payment standards used by a lot of the world for years. (And even that's done by the MC/Visa/Discover/AMEX standard applets in the Secure Element processor, not by any iPhone cpu code.)
That's why it works anywhere there's contactless payment support. To a POS terminal, it looks like one of millions of physical contactless payment cards.
Terminals don't care whose electronic wallet (Apple, Android, Samsung x Pays) you're using. They also don't know if you used a passcode, fingerprint, iris or facial scan for on-device user verification.
All they know is what basic authentication (on-device, PIN, signature, none) & authorization (online, offline) modes... and associated amount limits for each combo... have been listed in both the (emulated) card and the terminal. Those lists are what are used to decide the purchase restrictions and user requirements (which were originally designed for offline use in Europe). They're also why it acts differently with different cards at different terminals.
The standardized on-device flag, btw, is called the CDCVM bit. Consumer Device Cardholder Verification Method. Apple has a little info page that's readable:
https://support.apple.com/en-us/HT202527
Substitute "contactless payment" for "Apple Pay" in most of it, as it's not Apple specific.
Last edited:
When Europe was in the dark ages of end of day batch processing of POS transactions the US was already addressing fraud by doing real time authorizations, back in the 70s.
"About NACHA – The Electronic Payments Association
Since 1974, NACHA – The Electronic Payments Association has served as trustee
of the ACH Network, managing the development, administration and rules for the
payment network that universally connects all 12,000 financial institutions in the U.S."
Secondly:
Why is the US so behind?
"We have always had really good, strong fraud systems in place in the United States," MasterCard product expert Carolyn Balfany tells Business Insider. "Other parts of the world were not so lucky. They had lesser robust security systems, so they had more immediate need for chip cards and the security that they brought."
The US has always had "real time transactions," meaning merchants immediately send off the credit card information to the issuer for verification.
In other parts of the world there was a lag between when the merchant would send the card information. After swiping your card, your information would be stored with the merchant throughout the day, and wouldn't be sent to your bank for approval until later that day, meaning fraudsters had more time to commit fraud.
Why it took the US so long to adopt the credit card technology Europe has used for years
Last edited:
Eh I don't like this move. A signature should always be required for extra security but Apple and Mastercard next to make their commissions.
Mastercard today announced that cardholders will no longer have to provide a signature for any purchases in the United States and Canada after April 2018. The change will apply to both debit and credit cards.
Mastercard said removing the need to sign for card-present transactions will not have any impact on customer security due to modern safeguards.
"Our secure network and state-of-the art systems combined with new digital payment methods that include chip, tokenization, biometrics, and specialized digital platforms use newer and more secure methods to prove identity," said Linda Kirkpatrick, an Executive Vice President at Mastercard.
Mastercard's consumer research unsurprisingly found that a majority of people believe it would be easier to pay, and that checkout lines would move faster, if they didn't need to sign the receipt when making a purchase.
Already, more than 80 percent of in-store Mastercard transactions in North America today do not require a cardholder signature at checkout. Mastercard said both customers and merchants support the change.
The long-existing "signature required" clause is intended to verify that customers own the debit or credit card they are attempting to use. The process is supposed to involve the cashier verifying the signature on the receipt matches the one on the back of the card, but in reality, this process is often skipped.
The change should make Apple Pay transactions even quicker for Mastercard cardholders. Currently, even when using Apple Pay, sometimes a signature can be required for purchases over $50 in the United States.
The signature requirement is already very uncommon in Canada, where chip-and-PIN cards are the norm. At most merchants in Canada, customers insert a card into the payment terminal, enter a PIN, and the purchase is completed.
Mastercard removing the signature requirement won't speed up Apple Pay in Canada, however, as contactless payments aren't generally permitted for purchases above $100. Above this limit, customers must use chip-and-PIN.
Mastercard currently doesn't require a signature for purchases totaling $50 or less. Visa's no-signature limit is $25, but the amount is upped to $50 for purchases made at grocery stores and discount stores like Walmart.
Article Link: Mastercard's Plans to Fully Eliminate Signature Requirement Next Year Will Speed Up Apple Pay
In France, the contactless limit is 20 euros. Many cafes require a 15 euro purchase before you can use a card. So, it's almost impossible to use contactless. Luckily I can use chip-and-PIN with my French cc, but I still have to do signature with my U.S. cc's.
Ah, so true. I live in the Netherlands, and up here, paying is very easy indeed:
- take out your PIN-card (yes, it is not a credit or debet card, it is a payment card that allows direct transaction processing)
- hold it next to the payment-terminal. And you're done. No need for a PIN-code (for payments under €25). If a payment is above the €25,- then just enter the 4-digit PIN-code.
No chance of getting any credit card debts (because of real time processing) and everything is safe and secure because of the daily payment limits and the 4-digit code. In addition to this situation: practically every Dutch shop/bar/whatever gives us the option of PIN-payments, no minimum payment amount needed (haha, France
).If only banks would start to incorporate Apple Pay into the PIN-payment system...
----------------------
edit: the main issue is ofcourse the obvious difference in payment methods:
- PIN is not only realtime authorization, but realtime processing as well.
- Creditcards 'collect' your payments and process them once a month. Big dealbreaker.
----------------------
edit2: Just as a little FYI: I hardly ever use cash anymore. I pay everything with IDEAL (a Dutch online payment method) and with my PIN-card. The one time I use cash, is in church (offerings)
.
Last edited:
It's about ***** time. As soon as this goes through I will be cutting up my VISA card and going full Master Card. Then I'm sure I'll have to teach my grocery store the new rule...I had to teach them how Apple Pay works even after they had signs up saying they accepted it. Shaw's
Wow!
Really?
Welcome to US of A of the 1970's:
"About NACHA – The Electronic Payments Association
Since 1974, NACHA – The Electronic Payments Association has served as trustee
of the ACH Network, managing the development, administration and rules for the
payment network that universally connects all 12,000 financial institutions in the U.S.
The Network, which moves money and information directly from one bank account to
another, supports more than 90 percent of the total value of all electronic payments in
the U.S."
Glad your finally up to speed on realtime processing.
I don't doubt that card processing was better in the US in the 70s, but nowadays paying by card in the US sucks.
I'm not talking about fraud protection (because this is a bank and merchant problem) but user experience. You can walk into 5 different stores and have 5 different user experiences depending on the terminal, store policy or bank policy. Here, I can take out any of my cards (credit or debit), in any store, in any country in the EU and have exactly the same experience. Tokenisation also replaces both PIN and signature, which is how it was conceived.
You may have a valid point but it is off topic from what was being addressed in the original post you quoted from.
You can use contactless in France for amounts up to 30€ (since October 1st, 2017).
Merchants accepting contactless cards will now do so from as little as 1€ and those who accept it will generally propose it to you because the commission is considerably lower than for a chip and PIN transaction.
My local boulangerie accepts contactless for a 1,50€ baguette.
[doublepost=1508506448][/doublepost]
See what I did there?