Guess it went WAY over my head. that one was funny by the way.I know. It was meant to be a little joke. I liked the ad and it's nothing like anything apple would do.
Guess it went WAY over my head. that one was funny by the way.I know. It was meant to be a little joke. I liked the ad and it's nothing like anything apple would do.
We are talking identity theft, bank account theft, etc.
It's obviously not any more secure than a regular swipe. The reality is, that has been good enough for Americans for a very long time. And it's the biggest reason why it's taken so long to adapt to higher security options.
I welcome added security but I also don't fear the old systems, really. I've had a problem but once and my money was credited back that very day.
You can bet that most retailers will be easing into this and more than willing to eat the cost of what amounts to be a very small percentage of their total for a while. Have you seen signs or anything stating "we will stop taking swiped cards as of this date"? They don't want to scare customers who have been using the same damn thing for almost as long as they've been alive.
But isn't that data still being transmitted in a way that the strip reader can read it? Wouldn't a skimmer (perhaps one more specialized) be able to pick this up simply due to the format it's being presented?Supposedly MST uses tokenization just like apple pay does so essentially it's just as secure, only more compatible.
But isn't that data still being transmitted in a way that the strip reader can read it? Wouldn't a skimmer (perhaps one more specialized) be able to pick this up simply due to the format it's being presented?
I'm aware. What I'm saying is, they aren't forcing people with cards with chips to use their chips. People are still swiping despite having new cards. And this isn't going to change overnightThey don't have to do that. If the card has no chip, then the bank is liable. That's the stick to get the banks to issue those chipped cards. If the card has a chip, and the merchant can only take a swipe, then the merchant is liable.
The mag teceives credit card numbers where the NFC never sends that specific information (unless I I'm fundamentally not understanding how this tech works).What's the difference between a mag skimmer and a NFC skimmer?
I have to wonder how it can do that with a terminal not designed for it. Apple Pay uses a challenge received from the payment terminal to authenticate that "this transaction is authorized for this merchant". The NFC terminals are designed for that because they are NFC and the whole point was to avoid someone being able to capture the details (like sticking a "skimmer" like device near the terminal), and create fraudulent transactions.Supposedly MST uses tokenization just like apple pay does so essentially it's just as secure, only more compatible.
It's not October 1st though. That's when the new rules kick in.I'm aware. What I'm saying is, they aren't forcing people with cards with chips to use their chips. People are still swiping despite having new cards. And this isn't going to change overnight
The mag teceives credit card numbers where the NFC never sends that specific information (unless I I'm fundamentally not understanding how this tech works).
You're right. Key part of my phrase was "not overnight". If you believe that every retailer is going to require nothing but chip and pin starting October first, you have much more faith in the system than Ido.It's not October 1st though. That's when the new rules kick in.
I have to wonder how it can do that with a terminal not designed for it. Apple Pay uses a challenge received from the payment terminal to authenticate that "this transaction is authorized for this merchant". The NFC terminals are designed for that because they are NFC and the whole point was to avoid someone being able to capture the details (like sticking a "skimmer" like device near the terminal), and create fraudulent transactions.
I wasn't aware of that (not mimicking the card number). Makes me wonder why we needed a whole new system to begin with in this case. Clearly I'm not well versed in this technology.They are both tokenized, they both transmit the same exact info. The transfer method is the only thing that's different (mst does not simply mimic your card number)
[
You're right. Key part of my phrase was "not overnight". If you believe that every retailer is going to require nothing but chip and pin starting October first, you have much more faith in the system than Ido.
All of my credit cards have been replaced with chipped cards. I have tried to use them in terminals that have a chip reader and been told, "Oh, it's not turned on yet." There is training going on for all the cashiers to know how to instruct customers how to use the chipped cards. And they're not chip and pin, they're chip and signature. One cashier remarked to me, "I don't see how that's any better, they still just use a signature, not a pin or anything." I heartily agreed with her. Apparently they're afraid Americans have no idea how to use a pin.[
You're right. Key part of my phrase was "not overnight". If you believe that every retailer is going to require nothing but chip and pin starting October first, you have much more faith in the system than Ido.
I wasn't aware of that (not mimicking the card number). Makes me wonder why we needed a whole new system to begin with in this case. Clearly I'm not well versed in this technology.
None of these are even possible with a simple credit card - identity theft and bank account theft are not achieved using the credit card as an attack vector. You are at no more risk using a credit card than cash, and I would argue that, because of fraud protection laws, you are actually safer using a credit card than cash. Which brings me to my point: Apple Pay reduces incidence of credit card fraud (fraudulent transactions), so your potential downside with cash is higher than the potential downside with a credit card - hence, Apple Pay is safer than a mag-stripe credit card which is safer than using cash.
It appears to me that the same problem applies. It may be tokenized, but there is nothing locking the token to the particular merchant and transaction. A skimmer can still grab those details. The NFC method assumes that bad guys are listening to the entire transaction and ensures that whatever information it gets is useless.
how about just pay? can't I just ****in pay?Apple Pay, Android Pay, Samsung Pay what's next? Obviously something Pay.
I've had the same experience as you, it seems. Maybe I'll be pleasantly surprised. I so rarely am. Lol.All of my credit cards have been replaced with chipped cards. I have tried to use them in terminals that have a chip reader and been told, "Oh, it's not turned on yet." There is training going on for all the cashiers to know how to instruct customers how to use the chipped cards. And they're not chip and pin, they're chip and signature. One cashier remarked to me, "I don't see how that's any better, they still just use a signature, not a pin or anything." I heartily agreed with her. Apparently they're afraid Americans have no idea how to use a pin.
No worries. That's how we learn. And ultimately that's why I'm here. I do enjoy learning new things that fall into my realm of interest, and I probably should know more than I did when entering the conversation.Hate to nit-pick but a few things
- We're not getting chip and PIN in the US, we are going to use chip and signature which is a lot less secure but still much better than simple mag stripe cards.
- Most if not all card issuers for normal debit and credit cards should have issued new EMV chip cards by now, and come Oct, if the merchant doesn't enforce the use of the chip they shoulder the fraud liability for that transaction. This is a huge shift for banks and merchants, and I'd guess that it'll only take a few bad transactions to get retailers to switch very quickly.
It appears to me that the same problem applies. It may be tokenized, but there is nothing locking the token to the particular merchant and transaction. A skimmer can still grab those details. The NFC method assumes that bad guys are listening to the entire transaction and ensures that whatever information it gets is useless.
how about just pay? can't I just ****in pay?
I've been to several local restaurants that, unless they suddenly whip out the chip-capable terminals, are not going to have the capability. They all have those "slide the card down the slot on the side of the monitor" type terminal. So I don't expect universal acceptance, but I do expect a sharp increase at businesses that are national or regional in scope, and the mom and pops (like those restaurants) are going to lag. I hope they don't end up experiencing a sudden influx of fraud (their merchandise isn't really amenable to liquidation on eBay), but I'm not holding my breath on that score.I was aware of the shift in responsibility. And I'm sure they'll (businesses) want to adopt the new system. I'd still be surprised if October 1 we are all of the sudden seeing universal acceptance, but I can obviously be wrong.