Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
We are talking identity theft, bank account theft, etc.

None of these are even possible with a simple credit card - identity theft and bank account theft are not achieved using the credit card as an attack vector. You are at no more risk using a credit card than cash, and I would argue that, because of fraud protection laws, you are actually safer using a credit card than cash. Which brings me to my point: Apple Pay reduces incidence of credit card fraud (fraudulent transactions), so your potential downside with cash is higher than the potential downside with a credit card - hence, Apple Pay is safer than a mag-stripe credit card which is safer than using cash.
 
It's obviously not any more secure than a regular swipe. The reality is, that has been good enough for Americans for a very long time. And it's the biggest reason why it's taken so long to adapt to higher security options.

I welcome added security but I also don't fear the old systems, really. I've had a problem but once and my money was credited back that very day.

Supposedly MST uses tokenization just like apple pay does so essentially it's just as secure, only more compatible.
 
You can bet that most retailers will be easing into this and more than willing to eat the cost of what amounts to be a very small percentage of their total for a while. Have you seen signs or anything stating "we will stop taking swiped cards as of this date"? They don't want to scare customers who have been using the same damn thing for almost as long as they've been alive.

They don't have to do that. If the card has no chip, then the bank is liable. That's the stick to get the banks to issue those chipped cards. If the card has a chip, and the merchant can only take a swipe, then the merchant is liable.
 
Supposedly MST uses tokenization just like apple pay does so essentially it's just as secure, only more compatible.
But isn't that data still being transmitted in a way that the strip reader can read it? Wouldn't a skimmer (perhaps one more specialized) be able to pick this up simply due to the format it's being presented?
 
But isn't that data still being transmitted in a way that the strip reader can read it? Wouldn't a skimmer (perhaps one more specialized) be able to pick this up simply due to the format it's being presented?

What's the difference between a mag skimmer and a NFC skimmer?
 
They don't have to do that. If the card has no chip, then the bank is liable. That's the stick to get the banks to issue those chipped cards. If the card has a chip, and the merchant can only take a swipe, then the merchant is liable.
I'm aware. What I'm saying is, they aren't forcing people with cards with chips to use their chips. People are still swiping despite having new cards. And this isn't going to change overnight
 
Supposedly MST uses tokenization just like apple pay does so essentially it's just as secure, only more compatible.
I have to wonder how it can do that with a terminal not designed for it. Apple Pay uses a challenge received from the payment terminal to authenticate that "this transaction is authorized for this merchant". The NFC terminals are designed for that because they are NFC and the whole point was to avoid someone being able to capture the details (like sticking a "skimmer" like device near the terminal), and create fraudulent transactions.
 
The mag teceives credit card numbers where the NFC never sends that specific information (unless I I'm fundamentally not understanding how this tech works).

They are both tokenized, they both transmit the same exact info. The transfer method is the only thing that's different (mst does not simply mimic your card number)
 
I have to wonder how it can do that with a terminal not designed for it. Apple Pay uses a challenge received from the payment terminal to authenticate that "this transaction is authorized for this merchant". The NFC terminals are designed for that because they are NFC and the whole point was to avoid someone being able to capture the details (like sticking a "skimmer" like device near the terminal), and create fraudulent transactions.

http://www.theverge.com/2015/8/13/9146965/samsung-pay-mobile-payment-credit-card-readers-date
 
They are both tokenized, they both transmit the same exact info. The transfer method is the only thing that's different (mst does not simply mimic your card number)
I wasn't aware of that (not mimicking the card number). Makes me wonder why we needed a whole new system to begin with in this case. Clearly I'm not well versed in this technology.
 
[

You're right. Key part of my phrase was "not overnight". If you believe that every retailer is going to require nothing but chip and pin starting October first, you have much more faith in the system than Ido.

Hate to nit-pick but a few things

- We're not getting chip and PIN in the US, we are going to use chip and signature which is a lot less secure but still much better than simple mag stripe cards.

- Most if not all card issuers for normal debit and credit cards should have issued new EMV chip cards by now, and come Oct, if the merchant doesn't enforce the use of the chip they shoulder the fraud liability for that transaction. This is a huge shift for banks and merchants, and I'd guess that it'll only take a few bad transactions to get retailers to switch very quickly.
 
[

You're right. Key part of my phrase was "not overnight". If you believe that every retailer is going to require nothing but chip and pin starting October first, you have much more faith in the system than Ido.
All of my credit cards have been replaced with chipped cards. I have tried to use them in terminals that have a chip reader and been told, "Oh, it's not turned on yet." There is training going on for all the cashiers to know how to instruct customers how to use the chipped cards. And they're not chip and pin, they're chip and signature. One cashier remarked to me, "I don't see how that's any better, they still just use a signature, not a pin or anything." I heartily agreed with her. Apparently they're afraid Americans have no idea how to use a pin.
 
I wasn't aware of that (not mimicking the card number). Makes me wonder why we needed a whole new system to begin with in this case. Clearly I'm not well versed in this technology.

There are several hurdles that need to happen, the first is I believe Samsung bought Loop Pay and all of it's IP, therefore if Apple didn't want to license the tech (fat chance) they are pretty much stuck with NFC. Even after they have the method of MST, the challenge is the tokenization part, agreements need to be setup with the card issuer to be able to process each transaction properly, even using old terminals.
 
  • Like
Reactions: lordofthereef
None of these are even possible with a simple credit card - identity theft and bank account theft are not achieved using the credit card as an attack vector. You are at no more risk using a credit card than cash, and I would argue that, because of fraud protection laws, you are actually safer using a credit card than cash. Which brings me to my point: Apple Pay reduces incidence of credit card fraud (fraudulent transactions), so your potential downside with cash is higher than the potential downside with a credit card - hence, Apple Pay is safer than a mag-stripe credit card which is safer than using cash.

All I'm saying is, people who don't want any of their information out there and want to make payments without a point at which any identifiable information passes from client to vendor, cash is a viable option. Target just had a breach where information was leaked,
Including bank accounts (due to the way their red card is assigned). This database doesn't have a chance to exist with cash (or Apple Pay). I didn't mean to necessarily imply the point of sale was the actual issue.
 
All of my credit cards have been replaced with chipped cards. I have tried to use them in terminals that have a chip reader and been told, "Oh, it's not turned on yet." There is training going on for all the cashiers to know how to instruct customers how to use the chipped cards. And they're not chip and pin, they're chip and signature. One cashier remarked to me, "I don't see how that's any better, they still just use a signature, not a pin or anything." I heartily agreed with her. Apparently they're afraid Americans have no idea how to use a pin.
I've had the same experience as you, it seems. Maybe I'll be pleasantly surprised. I so rarely am. Lol.
 
Hate to nit-pick but a few things

- We're not getting chip and PIN in the US, we are going to use chip and signature which is a lot less secure but still much better than simple mag stripe cards.

- Most if not all card issuers for normal debit and credit cards should have issued new EMV chip cards by now, and come Oct, if the merchant doesn't enforce the use of the chip they shoulder the fraud liability for that transaction. This is a huge shift for banks and merchants, and I'd guess that it'll only take a few bad transactions to get retailers to switch very quickly.
No worries. That's how we learn. And ultimately that's why I'm here. I do enjoy learning new things that fall into my realm of interest, and I probably should know more than I did when entering the conversation.

I wasn't aware we wouldn't have pins. Why? That seems to have already been the gold standard with debit transactions. Too much for 'merica? Lol

I was aware of the shift in responsibility. And I'm sure they'll (businesses) want to adopt the new system. I'd still be surprised if October 1 we are all of the sudden seeing universal acceptance, but I can obviously be wrong.
 
It appears to me that the same problem applies. It may be tokenized, but there is nothing locking the token to the particular merchant and transaction. A skimmer can still grab those details. The NFC method assumes that bad guys are listening to the entire transaction and ensures that whatever information it gets is useless.

From what I understand the technology assumes the token can be stolen, but prevents it from being used fraudulently. Even if it was, it doesn't matter to you the customer or to the retailer, at that point the bank will assume liability. Whether it's MST or NFC, the tokenization process is the same.

how about just pay? can't I just ****in pay?

Dude, right here with you, what's wrong with just using a card?
 
  • Like
Reactions: DustinDev47
I was aware of the shift in responsibility. And I'm sure they'll (businesses) want to adopt the new system. I'd still be surprised if October 1 we are all of the sudden seeing universal acceptance, but I can obviously be wrong.
I've been to several local restaurants that, unless they suddenly whip out the chip-capable terminals, are not going to have the capability. They all have those "slide the card down the slot on the side of the monitor" type terminal. So I don't expect universal acceptance, but I do expect a sharp increase at businesses that are national or regional in scope, and the mom and pops (like those restaurants) are going to lag. I hope they don't end up experiencing a sudden influx of fraud (their merchandise isn't really amenable to liquidation on eBay), but I'm not holding my breath on that score.
 
  • Like
Reactions: lordofthereef
Honestly, you know what worries me about Samsung Pay (I carry both a S6 and an iPhone 6), is that I could see using it with an old mag card reader and the cashier freaks out and accuses me of trying to "hack" their terminals.
 
  • Like
Reactions: DoofenshmirtzEI
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.