Yeah, it'll definitely have to be seen to be believed but NFCU doesn't have a habit of deceptive advertising so I'm guessing they're telling the truth. Especially since chip and signature is all that'll be legally required.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Target Plans to Offer Apple Pay After Chip-and-PIN Card Upgrade
- Thread starter MacRumors
- Start date
- Sort by reaction score
Does it even do that? The banks are issuing chip cards that still have the mag strip.
It'll help once nearly everyone has chip terminal (since there is data on the magstripe that will cause the terminal to force the card to be inserted), but that could be a while.
Yes. It's trivial to overwrite the mag stripe on a card, so thieves overwrite strips on cards with stolen numbers to use them at physical stores. That's why retailers often ask for the last 4 digits on the card, to compare what's on the face of the card with what it read off the mag stripe. It's impossible to overwrite the data on a chip. Furthermore, if someone overwrites the mag stripe on a card with the number of a chipped card, the fake card will be declined at the register IF they are EMv enabled when swiped because the bank is expecting a chip transaction.
You're totally right on this. This just switches the reading of the number of the card from a mag stripe to the chip, that's all - doesn't do squat for security (wouldn't prevent the massive breach Target allowed to occur with its guests credit cards last year).
Even after Chip and nothing or Chip and PIN, Apple Pay will be the much more secure method of payment.
As to the Target guy saying they'll do it after switching on their Chip readers - thats about minimum effort (they already have the Chip readers in all the stores I've been to - there's a slot in the middle of the bottom of the reader where you put the card in)....but one more retailer is one more retailer.
That's interesting. In the US, I swipe my card everywhere (because the few times I've tried to use the chip reader it hasn't been turned on) and I've never had the terminal request the card be inserted, so, I'm guessing pretty much nowhere has the chip reader turned on.
Out of the major retailers, Walmart and Home Depot have chip support turned on. There are also a few smaller businesses that have it turned on too. (According to the user-contributed submissions at http://emvacceptedhere.com/ anyway.)
Read up on Chip Priority. Some cards have the capability of Chip and PIN, but priority is set to Chip and Signature, so that way it only reverts to signature if signature is offline. Remember with Chip and PIN, you can use the card in an offline environment that's still secure (like on an airplane where it validates the user but not the funds).
That's what I mean though. Nearly every US card is set up so signature is the highest priority, so it's not going to behave like a chip and PIN card would from another country. Hence why it's more accurate for banks to just say their cards are chip and signature (and possibly include that "there is a PIN but you'll only use it at ticket machines" or some language like that).
I've been shopping around for credit cards, and the word for most of them is "signature or nothing". I'm hoping this is something that will change once people get used to the chip.
Signatures are absolutely useless. It's not like they do any actually checking on them!
Your move Wal-Mart
That will be the last major domino to fall in favor ofPay
Interestingly, I used my new chip card there the other day. Now, the process didn't (yet) seem straight forward and took longer than swiping and signing, but ... at least their system is now able to accept the chip cards. It was the first place I'd been able to use it
I work in banking, and everyone is switching to chip and signature instead of the more secure chip and PIN. The reason? We commissioned study after study and they all said that the average American was simply too stupid to remember their PIN.
We all seem to remember our debit cards' PINs fine. And there's nothing stopping people from setting all of their credit and debit cards so that the PINs are the same. No, banks don't want to do it because they're too cheap to, especially since lost/stolen fraud is already fairly low compared to other countries before their switch to chip.
I work for a credit card company in the fraud department. I can verify there are some inconsistencies in the article and in the replies.
First, any U.S.-issued EMV cards will likely be Chip-and-Signature.
Second, Chip-and-Signature cards will slightly help to reduce the number of numbers compromised in a massive breach. U.S.-issued EMV cards still have magnetic strips, which can easily be read with a skimmer, and all cards are still at risk from something as simple as a waiter at a restaurant writing down your number. Largely, EMV cards are still a joke, and will prove to be a short-term solution until NFC and biometrics is widely adopted.
If you haven't seen an EMV card, I'm very surprised. My cards from American Express, Capital One, and USAA are all EMV cards. If you don't have one, yet, expect to receive one by October, when the liability shift to merchants takes place.
In my opinion, Apple Pay is the absolute most secure way to purchase anything with a credit or debit card. Tokenization pretty much removes the risk of your number being stolen in a massive breach. It's a shame so many companies are so slow in accepting this form of payment.
Another thing that consumers should demand is that our cards are never out of our sight. Restaurants are the largest culprit of this old-fashioned theft. We need to adopt Europe's practice of card swipes being performed table-side as soon as possible.
I will also warn everyone that, as card numbers become more secure year after year (hopefully), it will open up more cases of identity theft as card thieves become more desperate for these numbers.
It's a never-ending game of cat and mouse.
First, any U.S.-issued EMV cards will likely be Chip-and-Signature.
Second, Chip-and-Signature cards will slightly help to reduce the number of numbers compromised in a massive breach. U.S.-issued EMV cards still have magnetic strips, which can easily be read with a skimmer, and all cards are still at risk from something as simple as a waiter at a restaurant writing down your number. Largely, EMV cards are still a joke, and will prove to be a short-term solution until NFC and biometrics is widely adopted.
If you haven't seen an EMV card, I'm very surprised. My cards from American Express, Capital One, and USAA are all EMV cards. If you don't have one, yet, expect to receive one by October, when the liability shift to merchants takes place.
In my opinion, Apple Pay is the absolute most secure way to purchase anything with a credit or debit card. Tokenization pretty much removes the risk of your number being stolen in a massive breach. It's a shame so many companies are so slow in accepting this form of payment.
Another thing that consumers should demand is that our cards are never out of our sight. Restaurants are the largest culprit of this old-fashioned theft. We need to adopt Europe's practice of card swipes being performed table-side as soon as possible.
I will also warn everyone that, as card numbers become more secure year after year (hopefully), it will open up more cases of identity theft as card thieves become more desperate for these numbers.
It's a never-ending game of cat and mouse.
Short of widespread adoption of chip and PIN or some sort of new regulation/law mandating cards stay in view of the customer at all times, I don't think restaurants will stop taking cards from tables. I already ran into one that has a chip reader (in the kitchen/employee area); I had to follow the server to that location to enter the PIN.
BTW, a couple of issuers are offering chip and PIN cards--BMO Harris/Diner's Club and UNFCU come to mind, though the former isn't open to new applicants. I used the DC card at that restaurant I talked about above. Other than those few and maybe a couple of others, I don't think anyone else will do anything other than chip and signature.
It does, indeed, reduce the risk of the number being stolen in a breach. The chip isn't simply a CC number device, giving it out willy-nillly. The chip is issuing an encrypted, one-time use number to the merchant. In a breach, the encrypted numbers should prove useless to the hacker.
I am a regular Target customer as I work right next to one. This is great news. Can't wait to start using Pay there!
Pay there!Yeah. Any issuers that were offering EMV cards before they were kind of forced to were offering Chip-and-Pin cards. Typically, they were elite accounts that had high-end clients with huge annual membership fees. Usually. A year or more ago, any of the big issuers, especially AmEx and BoA (if I recall correctly) I know had them for high-profile accounts. They were rarely available except by request. Thy were PIN cards because these customers might have had a frequent need to use the card overseas.
Since then, though, any new chip issuers that are only offering EMV because they HAVE to will most likely be signature cards.
They don't HAVE to, but if they don't they can't take advantage of the liability shift (and thus businesses don't have any real reason to upgrade their equipment either).
Like I said earlier in the thread, ultimately chip and signature won't matter assuming Apple Pay and the Android equivalents get widespread adoption. Contactless usage has pretty much doubled within the last year among Americans so that's actually possible.
Your move Wal-Mart
That will be the last major domino to fall in favor of
Walmart already has Chip & PIN, and I'm fine with this. Though Apple Pay would be nice, Chip & PIN is fine for protecting my card information.
----------
Because chip and PIN is required by October, NFC is not.
