Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Target Plans to Offer Apple Pay After Chip-and-PIN Card Upgrade

Oh, and if you travel to Europe? Your shiny new Chip card is ok at shops, but useless for buying train tickets from machines (those helpful people in booths are being phased out as Chip & PIN cards make them redundant) or for making purchases from a handheld terminal.

That's bunk. I had zero issues using my dumb American credit card with a mag stripe at the S-Bahn ticket machine in Germany last October. Never had an issue at any retailer actually, even the ones in the sticks. Some retailers didn't think it would work but it always took it once they let us try.

----------

It is just weird that they say they are "focusing" on Chip and Pin and that keeps them too busy to start accepting Apple Pay. Basically if you have the machinery in place, accepting Apple Pay really shouldn't be so hard. I think you basically just need the NFC terminals. And any terminal they install will have NFC built in. It basically just has to be turned on as far as I can tell.

That turning on bit is a lot more work than just flipping a switch.
 
That's bunk. I had zero issues using my dumb American credit card with a mag stripe at the S-Bahn ticket machine in Germany last October. Never had an issue at any retailer actually, even the ones in the sticks. Some retailers didn't think it would work but it always took it once they let us try.

----------



That turning on bit is a lot more work than just flipping a switch.

The reason why they think it won't work is that if you do try to swipe a chip card, their merchant service would reject the fallback transaction. You're always supposed to try the chip first before resorting to swiping with chip cards. When I worked at Walmart, it would take 3 chip read errors before the system would allow me to swipe., which would happen a lot from tourists who didn't take care of their cards or have dirty chips. In fact most systems won't allow you to swipe a chip card at all, like the aforementioned Walmart systems.

What these retailers in Europe don't know is that if there's no chip, you just swipe the thing! This point is moot now that we finally are getting chip cards (and retailers are getting the readers)
 
The reason why they think it won't work is that if you do try to swipe a chip card, their merchant service would reject the fallback transaction. You're always supposed to try the chip first before resorting to swiping with chip cards. When I worked at Walmart, it would take 3 chip read errors before the system would allow me to swipe., which would happen a lot from tourists who didn't take care of their cards or have dirty chips. In fact most systems won't allow you to swipe a chip card at all, like the aforementioned Walmart systems.



What these retailers in Europe don't know is that if there's no chip, you just swipe the thing! This point is moot now that we finally are getting chip cards (and retailers are getting the readers)

Most of them didn't realize the system could take mag swipes. They all had good reactions, like its something they learned they could do. The closer to a bigger city the less it was a surprise to them as it was more common for tourists from the states to use. Also, we always had it work on the first swipe.

My father-in-law travels across the world for business 75% of his job and he rarely has issues with his credit card(s). When we were planning our trip to Germany he said he would be surprised if we did have an issue. We didn't.
 
FYI, I spoke to someone with knowledge of Target's plans and most stores should be getting chip and pin mid-August. The person I spoke to specifically said August 17. It wouldn't surprise me if an Apple Pay announcement came in September.
 
Most of them didn't realize the system could take mag swipes. They all had good reactions, like its something they learned they could do. The closer to a bigger city the less it was a surprise to them as it was more common for tourists from the states to use. Also, we always had it work on the first swipe.

My father-in-law travels across the world for business 75% of his job and he rarely has issues with his credit card(s). When we were planning our trip to Germany he said he would be surprised if we did have an issue. We didn't.
Every terminal manufacturered still is made with a magnetic stripe reader. Gift cards and loyalty cards are still processed in this manner in European countries. I never had trouble with my US issued cards, but the problem is that clerks void out the transaction even after it goes through because they're unaware.
 
Sure, get Chip and Pin working. Sounds great. However I don't really want to enter a pin. And assuming it is a four digit number which the dude behind me will know looking over my shoulder, I'm not sure it is secure.
Is there a troll that lives under bridges in your city? How about a boogieman?

A little over 10% of the chip & PIN fraud in the UK is from shoulder surfing, then stealing a card. I think it's a popular method in the US for debit cards, too.

Though I don't really know what the Chip part of the process really does. But I don't see how it can be more secure than one-time use tokenization.

This was an old post, so you probably know by now that Apple doesn't use one-time account tokens.

Apple Pay does use one-time authentication cryptograms, which came from chip & PIN standards. In fact, with the new terminals, Apple Pay (and other NFC payment methods) are simply emulating a chip & PIN card.

As for what the chip in a physical card does, it creates those cryptograms, along with negotiating purchase limits and authenticating the user's PIN when a store terminal is offline. The lack of the latter capability is seen as a barrier to Apple Pay in many parts of the world.

With two exceptions, everywhere I've used Apple Pay has required me to either enter my card's PIN (for my debit) or sign (for my credit). Apple Pay may be more secure, but the merchants haven't caught up.

For debit cards, a PIN will continue to be required, both in the US and UK.
 
Last edited:
For debit cards, a PIN will continue to be required, both in the US and UK.

Not true. Since I posted that I've used my debit via Apple Pay and have NOT had to enter my PIN. It varies by location and hardware installed.
 
Not true. Since I posted that I've used my debit via Apple Pay and have NOT had to enter my PIN. It varies by location and hardware installed.

They likely just ran it over the Visa/MC networks. The debit networks don't support on-device CVM so PIN would still be asked for regardless if you're given a choice and choose "debit"
 
  • Like
Reactions: kdarling
They likely just ran it over the Visa/MC networks. The debit networks don't support on-device CVM so PIN would still be asked for regardless if you're given a choice and choose "debit"

Nope, it's an amount limit thing - you don't have to enter the PIN if you're below a given (varying by location) amount.
 
That also indicates that the Visa/MC network was used. Debit doesn't have a low amount waiver for PIN like credit does.

I feel like we discussed this before you said that more companies will be running Apple Pay debit as debit when they turn on the chip tech in October. Or am I remembering wrong?
 
I feel like we discussed this before you said that more companies will be running Apple Pay debit as debit when they turn on the chip tech in October. Or am I remembering wrong?

Not quite. What's going to happen, at least for credit, is that terminals will have the ability to recognize that the phone authenticated the cardholder and not bother asking for signature (or PIN, if the card is chip and PIN; however, those are rare in the US). Some stores might still ask whether to run a debit card in Apple Pay as "credit" or "debit", but if you choose the latter you'll still need to put in a PIN.

Apple's support document even claims as much: https://support.apple.com/en-us/HT202527
 
Not quite. What's going to happen, at least for credit, is that terminals will have the ability to recognize that the phone authenticated the cardholder and not bother asking for signature (or PIN, if the card is chip and PIN; however, those are rare in the US). Some stores might still ask whether to run a debit card in Apple Pay as "credit" or "debit", but if you choose the latter you'll still need to put in a PIN.

Apple's support document even claims as much: https://support.apple.com/en-us/HT202527

Thanks for the info. If I run the debit as credit, is there a risk inherent to that? I seem to recall there being a risk.
 
Thanks for the info. If I run the debit as credit, is there a risk inherent to that? I seem to recall there being a risk.

If anything there's less risk running it as credit since Visa/MC's zero liability policies come into play. If you run as debit it's up to your bank as to what happens if there's fraud.
 
Nope, it's an amount limit thing - you don't have to enter the PIN if you're below a given (varying by location) amount.

Nope. Debit always requires a PIN.

If I run the debit as credit, is there a risk inherent to that? I seem to recall there being a risk.

Debit is much more risky. The rules in the US are:

Credit: if you report a stolen card before it's used, there's no liability. Otherwise up to $50.

Debit: you must report a stolen card within two days to only be liable for $50. Otherwise it's up to $500 (!).

If just your card number is used somewhere (but the card itself was not stolen), you owe nothing... as long as you notice it on your CC statement and report it within 60 days.
 
Debit is much more risky. The rules in the US are:

Credit: if you report a stolen card before it's used, there's no liability. Otherwise up to $50.

Debit: you must report a stolen card within two days to only be liable for $50. Otherwise it's up to $500 (!).

If just your card number is used somewhere (but the card itself was not stolen), you owe nothing... as long as you notice it on your CC statement and report it within 60 days.

It appears this applies to the card itself, NOT how the card is run.
 
It appears this applies to the card itself, NOT how the card is run.

Right, I was thinking more in general terms of whether a debit card is riskier than a credit card, not your case of a dual one still in your possession and how it's been run. Apparently tmiw was thinking the same way as me, in his reply.

Okay, I think the main risk using it as a debit card is that if you have a dispute with the store, credit cards usually have more guarantees and clout about purchases. You can ask to stop or reverse a credit payment, for instance, which is usually impossible or much more difficult to do with a debit.

That said, I buy all our groceries with debit, because then it's easier to keep track of the house funds. Although I'm beginning to think that I should be using credit so I get extra miles/awards.
 
A little over 10% of the chip & PIN fraud in the UK is from shoulder surfing, then stealing a card. I think it's a popular method in the US for debit cards, too.



This was an old post, so you probably know by now that Apple doesn't use one-time account tokens.

Apple Pay does use one-time authentication cryptograms, which came from chip & PIN standards. In fact, with the new terminals, Apple Pay (and other NFC payment methods) are simply emulating a chip & PIN card.

As for what the chip in a physical card does, it creates those cryptograms, along with negotiating purchase limits and authenticating the user's PIN when a store terminal is offline. The lack of the latter capability is seen as a barrier to Apple Pay in many parts of the world.



For debit cards, a PIN will continue to be required, both in the US and UK.

Thanks. Not all of that was clear to me.

I've never used my Chip and Pin card in any manner that was different from my non-Chip and Pin cards. So I don't really see the added security.
 
Right, I was thinking more in general terms of whether a debit card is riskier than a credit card, not your case of a dual one still in your possession and how it's been run. Apparently tmiw was thinking the same way as me, in his reply.

Okay, I think the main risk using it as a debit card is that if you have a dispute with the store, credit cards usually have more guarantees and clout about purchases. You can ask to stop or reverse a credit payment, for instance, which is usually impossible or much more difficult to do with a debit.

That said, I buy all our groceries with debit, because then it's easier to keep track of the house funds. Although I'm beginning to think that I should be using credit so I get extra miles/awards.
One big risk is that with debit your money is deducted from your account and you generally have to fight to get it back, while with credit it's simply charged to your account and you just have to fight not to pay it (but you don't actually lose money right away that you are without for some time).
 
Can I take my unlocked T-Mobile iPhone 6+ and use Apple Pay in Canada with my debit card registered to my phone?
 
Thanks. Not all of that was clear to me.

I've never used my Chip and Pin card in any manner that was different from my non-Chip and Pin cards. So I don't really see the added security.
Walmart, some Targets, and Home Depot have chip & PIN enabled. More and more by Oct 1.
 
I've never used my Chip and Pin card in any manner that was different from my non-Chip and Pin cards. So I don't really see the added security.

Right, you mean you've only ever swiped them? That'll change later this year, when merchants who want to avoid liability, enable their terminals to require inserting chip cards in the chip reader slot. No doubt there'll be confusion at first, and some merchants with low fraud rates might not even bother, wishing instead to make paying quicker.

As for security, the chip info is nearly impossible to duplicate, so that makes it more likely that anyone who gets your account number would simply try to use it over the internet instead of in person. That's what has happened everywhere else in the world. The fraud simply shifts to a different arena.

Of course, since there's no PIN used in the US, someone could steal the card itself and use it. Not that it matters, since you're not liable for anything, especially if you report it quickly.

People wonder why the US is sticking with signatures. The deal is, banks are more concerned with keeping people constantly spending, than with fraud. To them, it's important that people disassociate real money with a credit card purchase, because the less someone thinks of a purchase as real, the more they tend to spend. Requiring a PIN... as is done with direct debit cards.. would remind them too much :)

Apple handwaves all over the place about security this or that, but it's not the main reason banks like Apple Pay. Heck, they're in the business of collecting fees for taking the risk... and fraud costs less than what they're paying Apple in fees. So security is not a main reason why they pay Apple.

What they really like about it is that people tend to spend a lot more money on spur-of-the-moment purchases when they have a contactless method available. And, of course, the banks get to continue to collect our purchase info to be used to calculate our credit risk and to sell such info back to the merchants and other advertisers.
 
  • Like
Reactions: Benjamin Frost
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.