Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
New commercial is asinine.
- Thread starter venomgt95
- Start date
- Sort by reaction score
None of these are even possible with a simple credit card - identity theft and bank account theft are not achieved using the credit card as an attack vector. You are at no more risk using a credit card than cash, and I would argue that, because of fraud protection laws, you are actually safer using a credit card than cash. Which brings me to my point: Apple Pay reduces incidence of credit card fraud (fraudulent transactions), so your potential downside with cash is higher than the potential downside with a credit card - hence, Apple Pay is safer than a mag-stripe credit card which is safer than using cash.
Supposedly MST uses tokenization just like apple pay does so essentially it's just as secure, only more compatible.
They don't have to do that. If the card has no chip, then the bank is liable. That's the stick to get the banks to issue those chipped cards. If the card has a chip, and the merchant can only take a swipe, then the merchant is liable.
But isn't that data still being transmitted in a way that the strip reader can read it? Wouldn't a skimmer (perhaps one more specialized) be able to pick this up simply due to the format it's being presented?
I'm aware. What I'm saying is, they aren't forcing people with cards with chips to use their chips. People are still swiping despite having new cards. And this isn't going to change overnight
The mag teceives credit card numbers where the NFC never sends that specific information (unless I I'm fundamentally not understanding how this tech works).
I have to wonder how it can do that with a terminal not designed for it. Apple Pay uses a challenge received from the payment terminal to authenticate that "this transaction is authorized for this merchant". The NFC terminals are designed for that because they are NFC and the whole point was to avoid someone being able to capture the details (like sticking a "skimmer" like device near the terminal), and create fraudulent transactions.
They are both tokenized, they both transmit the same exact info. The transfer method is the only thing that's different (mst does not simply mimic your card number)
[
You're right. Key part of my phrase was "not overnight". If you believe that every retailer is going to require nothing but chip and pin starting October first, you have much more faith in the system than Ido.
I wasn't aware of that (not mimicking the card number). Makes me wonder why we needed a whole new system to begin with in this case. Clearly I'm not well versed in this technology.
Hate to nit-pick but a few things
- We're not getting chip and PIN in the US, we are going to use chip and signature which is a lot less secure but still much better than simple mag stripe cards.
- Most if not all card issuers for normal debit and credit cards should have issued new EMV chip cards by now, and come Oct, if the merchant doesn't enforce the use of the chip they shoulder the fraud liability for that transaction. This is a huge shift for banks and merchants, and I'd guess that it'll only take a few bad transactions to get retailers to switch very quickly.
All of my credit cards have been replaced with chipped cards. I have tried to use them in terminals that have a chip reader and been told, "Oh, it's not turned on yet." There is training going on for all the cashiers to know how to instruct customers how to use the chipped cards. And they're not chip and pin, they're chip and signature. One cashier remarked to me, "I don't see how that's any better, they still just use a signature, not a pin or anything." I heartily agreed with her. Apparently they're afraid Americans have no idea how to use a pin.
There are several hurdles that need to happen, the first is I believe Samsung bought Loop Pay and all of it's IP, therefore if Apple didn't want to license the tech (fat chance) they are pretty much stuck with NFC. Even after they have the method of MST, the challenge is the tokenization part, agreements need to be setup with the card issuer to be able to process each transaction properly, even using old terminals.
All I'm saying is, people who don't want any of their information out there and want to make payments without a point at which any identifiable information passes from client to vendor, cash is a viable option. Target just had a breach where information was leaked,
Including bank accounts (due to the way their red card is assigned). This database doesn't have a chance to exist with cash (or Apple Pay). I didn't mean to necessarily imply the point of sale was the actual issue.
It appears to me that the same problem applies. It may be tokenized, but there is nothing locking the token to the particular merchant and transaction. A skimmer can still grab those details. The NFC method assumes that bad guys are listening to the entire transaction and ensures that whatever information it gets is useless.
I've had the same experience as you, it seems. Maybe I'll be pleasantly surprised. I so rarely am. Lol.
No worries. That's how we learn. And ultimately that's why I'm here. I do enjoy learning new things that fall into my realm of interest, and I probably should know more than I did when entering the conversation.
I wasn't aware we wouldn't have pins. Why? That seems to have already been the gold standard with debit transactions. Too much for 'merica? Lol
I was aware of the shift in responsibility. And I'm sure they'll (businesses) want to adopt the new system. I'd still be surprised if October 1 we are all of the sudden seeing universal acceptance, but I can obviously be wrong.
From what I understand the technology assumes the token can be stolen, but prevents it from being used fraudulently. Even if it was, it doesn't matter to you the customer or to the retailer, at that point the bank will assume liability. Whether it's MST or NFC, the tokenization process is the same.
Dude, right here with you, what's wrong with just using a card?
I've been to several local restaurants that, unless they suddenly whip out the chip-capable terminals, are not going to have the capability. They all have those "slide the card down the slot on the side of the monitor" type terminal. So I don't expect universal acceptance, but I do expect a sharp increase at businesses that are national or regional in scope, and the mom and pops (like those restaurants) are going to lag. I hope they don't end up experiencing a sudden influx of fraud (their merchandise isn't really amenable to liquidation on eBay), but I'm not holding my breath on that score.
Honestly, you know what worries me about Samsung Pay (I carry both a S6 and an iPhone 6), is that I could see using it with an old mag card reader and the cashier freaks out and accuses me of trying to "hack" their terminals.