Why use Apple Pay at a store that you've shopped at before?

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by Bill Av, Jun 2, 2015.

  1. Bill Av macrumors member

    Joined:
    Oct 21, 2006
    #1
    From a security standpoint: if you've used a magnetic stripe credit card at a store, is there a security benefit to using the same credit card (via Apple Pay) at the same store? I assume that once you've used a normal credit card at a store they have all your info, and using Apple Pay is like locking the barn door after the horse has escaped.
     
  2. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #2
    Purely from security point of view, they might not be storing the previous information, or some parts of it, indefinitely. There could also be a new exploit that is just becoming active and catching new transactions and not really dealing with old information.
     
  3. iamMacPerson macrumors 68030

    iamMacPerson

    Joined:
    Jun 12, 2011
    Location:
    AZ/10.0.1.1
    #3
    Well, look at Target and Home Depot. They were hacked.
     
  4. rugmankc Contributor

    rugmankc

    Joined:
    Sep 24, 2014
    Location:
    Dayton, Ohio
    #4
    I think Targets and most are for a specific time period. So, the further back the non AP transactions go, the less likely to be hacked.

    I don't use AP for security, but to keep from having to dig my CC's out of my wallet with arthritic hands--it's hell getting old--;)
     
  5. perkedel macrumors 6502a

    perkedel

    Joined:
    Dec 30, 2014
    Location:
    California
    #5
    I shopped at Target, they got hacked. I got a new card.
    I shopped at Home Depot with my card, they got hacked.
    I shopped at Kmart, they too got hacked. http://www.kmart.com/en_us/dap/statement1010140.html
    I then shop at local groceries, Albertsons. They got hacked. http://www.albertsons.com/recent-update/

    The credit card number on Apple Pay is not the same as the number on my magnetic stripe card.
    Do you understand now?
     
  6. adamhenry macrumors 65816

    adamhenry

    Joined:
    Jan 1, 2015
    Location:
    On the Beach
    #6

    So if you use your magnetic striped card and it's number gets stored on the stores computer today and starting tomorrow you only use AP, when the stores computer gets hacked 6 mo. from now the hackers still have the number from your magnetic striped card unless the store purges old information or the hack didn't access the stores computers.
     
  7. newellj macrumors 601

    Joined:
    Oct 15, 2014
    Location:
    Boston, MA, US
  8. deleder macrumors member

    Joined:
    Jun 11, 2014
    #8
    When will you guys in the USA get chips with your credit cards?? This was introduced half a decade ago where I live. This pretty much eliminates fraud.
     
  9. ZebraDude macrumors 6502a

    ZebraDude

    Joined:
    Sep 7, 2014
    Location:
    Naperville, IL
    #9
    Most of the Cardholders will have chip & PIN by Oct 2015.
     
  10. ohio.emt macrumors 6502a

    Joined:
    Jul 18, 2008
    Location:
    Ohio
    #10
    I have it in a couple of mine, it doesn't help though. You can still just swipe the card and sign. Also most retailers I've been to can't even accept chip and pin because they don't have the terminal for it.
     
  11. gsmornot macrumors 68030

    gsmornot

    Joined:
    Sep 29, 2014
    #11
    Why wear a seat belt when the last time you drove you made it just fine?
    Its a more secure method of payment and getting in the habit of making use of it both provides you a level of protection for that specific transaction and lets the business know people are interested in the technology. Your point is valid if the hack makes use of recorded data but if that happens you hope to catch it, swap the card then use AP from that point forward with that store.
     
  12. uhaas macrumors 6502

    uhaas

    Joined:
    Aug 31, 2012
    Location:
    Twin Cities, MN
    #12
    Many of the hacks occur with some type of malware/exploit at the Point of Sale (POS) terminal. They typically don't store your CC#. So getting those hacked, which has been the norm, will start capturing CC#s from the point of exploit going forward. Using AP today at a place where you used your CC# yesterday should protect you from hacks starting today.

    The PCI standards are also pretty rigorous around storing CC#s and the systems they are stored on, which is why they weren't targeted, but and easier place to create a hack, the POS systems.

    Bottom line, starting to use AP, or the new Google Pay (when it comes out with temporary tokens) will protect you going forward.
     
  13. deleder macrumors member

    Joined:
    Jun 11, 2014
    #13
    Strange. It shouldn't be that way. It is impossible to swipe my card if the POS is equipped with chip support. It just says "insert card".
     
  14. tmiw macrumors 68000

    Joined:
    Jun 26, 2007
    Location:
    San Diego, CA
    #14
    Almost all American credit cards are actually chip and signature, not chip and PIN. The one chip and PIN card I have is from a bank that's not currently accepting applications for it. Using said chip and PIN card is actually a hassle at restaurants because they're not getting the portable readers like in other countries.

    My debit card has a chip too but I was never asked for PIN the few times I tried using said chip. Or it was rejected outright (Walmart) and forced to swipe.
     
  15. ZebraDude macrumors 6502a

    ZebraDude

    Joined:
    Sep 7, 2014
    Location:
    Naperville, IL
    #15
     
  16. xero9 macrumors 6502a

    Joined:
    Nov 7, 2006
    #16
    I've had my chip die for what ever reason to the point where even tapping it doesn't work (the antennas lead into the same chip, so no surprise). Technically, the mag strip would be unaffected, and after inserting the chip into the terminal it tells me "CHIP ERROR, PLEASE SWIPE" however the transaction fails when I swipe.

    In Canada at least, I don't know why they even make them with mag strips anymore. Virtually no places even accept them. I still have an Amex card that doesn't have a chip and while I can use it most places, I've learned never to use it at the pump at a Shell station. I don't think they can physically read them anymore.
     
  17. Bill Av thread starter macrumors member

    Joined:
    Oct 21, 2006
    #17
    Thanks. I had always pictured the hacks as a database being breached and the information being downloaded all at once. If I'm understanding you correctly, the data was stolen over the course of months as the hackers were "listening" to the transactions as they were being made.

    Out of curiosity, does anyone know how long do retail stores hold on to your credit card info? I assumed that once they get it, they never let it go.
     
  18. deleder macrumors member

    Joined:
    Jun 11, 2014
    #18

    The reason you still have a magnet strip if you're going to the ancient country called USA ;)
     
  19. tmiw macrumors 68000

    Joined:
    Jun 26, 2007
    Location:
    San Diego, CA
    #19
    Even if the US became 100% chip tomorrow most cards would still have the strip simply because most banks still allow fallback transactions.
     
  20. AndyK macrumors 65816

    AndyK

    Joined:
    Jan 10, 2008
    #20
    I was in California a couple of months ago and was asked to SIGN when using my card. I'm from the UK & found this weird as I haven't done that for nearly ten years.
     
  21. Bill Av thread starter macrumors member

    Joined:
    Oct 21, 2006
    #21
    Jeez, I missed this reply. Thanks for the Apple Pay for Dummies refresher.

    I wasn't trolling. I've been getting into the habit for the past six months of using Apple Pay or my chip card whenever possible. For me, that's been 5% of my purchases. One store that I've consistently used Apple Pay at is BJ's. Until a few days ago. The NFC light was out, and instead holding up the line, I just swiped my card (since Chip & Signature isn't an option there). And I figured that seven months of protecting my info was down the drain. I'd like it so that no store has my CC info on file.

    For those of you who are security conscious in the US, what do you do when NFC is down, chip card isn't an option, and you don't have the cash to cover your purchase?
     
  22. Diode macrumors 68020

    Diode

    Joined:
    Apr 15, 2004
    Location:
    Washington DC
    #22
    Barclays Arrival+ supports C&P (both online and offline) - but defaults to signature.

    Walmart (and I think some Targets) as of a few days ago now require chipped cards to be inserted. If you try and swipe the machine will tell you to insert the card. Although I've heard chipped debit support might be a bit ways off for various technical reasons.

    This will become more and more mainstream in the coming months.
     
  23. Small White Car macrumors G4

    Small White Car

    Joined:
    Aug 29, 2006
    Location:
    Washington DC
    #23
    But there are multiple standpoints. Security aside, using Apple Pay will prevent the store from tracking your purchase over time and building a profile of you.

    I wouldn't call that a security issue, but it is a thing. The point is, whether or not one particular reason matters to you isn't such a big deal when there are multiple reasons.

    How does this work? So does this card not work for internet purchases? And if you travel to the U.S. it's worthless? Do you have a second, less-secure card for use in those situations?
     
  24. jedblanks, Jun 4, 2015
    Last edited: Jun 4, 2015

    jedblanks macrumors newbie

    Joined:
    Sep 27, 2012
    #24
    I still use my credit card for online bill payments (the ones that don't charge a fee) and for Amazon purchases.

    Before the hacking incidents, I still used Credit Cards at Brick and Mortar stores, but never restaurants or any situation where the card left my sight, preferably my hands.

    Since the hacking happened (Both Target and Home Depot) to me, and I got card replacements, The physical cards never leave my wallet except for gasoline purchases (required pump swipe for 5% rebate). I guess I should stop carrying them, but for emergency purposes I continue to do so. I suppose I may adopt apple pay when it becomes more ubiquitous, but for now its more likely a store will take cash. I hope gas stations begin to accept apple pay, but it is not clear to me if I will still get my 5% rebate, which requires at pump swipe of the card.

    I've adapted to using cash and I have to admit sometimes it seems as if stores make it unnecessarily difficult. It wasn't an easy or small change, but it has come with several benefits, not the least of which is better spending habits.
    A) I have to really want something to turn loose of the cash
    B) I have to leave the store to get cash and return, or plan ahead for big purchases -- impulse buys don't happen.
    C) When my monthly budget allowance is gone, its gone -- no going over without tapping money earmarked for savings. It was too easy to go over budget with the huge credit limit and be forced into going over budget when the bill came.
    D) Stores (and other interested parties) can't track your spending habits with cash, unless you also use a rewards/shoppers card. I don't like being watched.

    [​IMG]

    EDIT: For those that mentioned the chipped cards as extra security:

    1) A defective chip reader declined my PenFed card at Wal-Mart for no reason with a line of people behind me. Guy who hates shopping at Wal-Mart finds himself there for motor oil and even though he has an 846 out of 850 credit score, the people carrying WIC/Food Stamp cards behind him stare at him like he's a deadbeat. The next register (after waiting in line again) accepted the chip after 4 more tries. I knew the card was ok because I made a paypal purchase as I entered the store on my phone.

    2) The chips are an obvious attempt to shift the fraud blame from creditor to consumer.
     
  25. tmiw macrumors 68000

    Joined:
    Jun 26, 2007
    Location:
    San Diego, CA
    #25
    That's why I consider the Arrival+ to be chip and signature. Using the term C&P to refer to cards configured like the Arrival+ seems to have stuck though.
     

Share This Page