Go | New | Find | Notify | Tools | Reply |
Just Hanging Around |
I apologize, I guess this is my day to be dense, and I'm probably not making sense. I understand the difference between Apple Pay, and the Apple Card. No problem there. Are you saying, when I use Tap to Pay on one of my cards, that even though the number on the receipt, and the number on my card match, there is actually a different number that gets passed to the vendor? | |||
|
Just Hanging Around |
| |||
|
Nullus Anxietas |
No. I don't understand how you got that from what I wrote ETA: Ah! I think I see it, now. See my edit to that post. Using tap-to-pay is no different from using in-the-slot-to-pay. ETA: Summary: When you use a real, physical CC, the vendor gets the actual CC number, regardless of whether it's tap-to-pay, insert-to-pay, or card swipe. This includes for the Apple Card. When you use Apple Pay, through iPhone or Apple Watch, they get a temporary virtual number--regardless of which CC is used. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Just Hanging Around |
I guess I was confusing the one time security code with the card number on the Tap to Pay. I think I have it now. As long as I don’t have to take a test I should be OK. Thanks for helping me out. | |||
|
Nullus Anxietas |
Yeah, that "one time security code" is entirely transparent. I could explain it in more detail, but, it's really relatively uninteresting tech geek stuff (Except to tech geeks.)
That "Summary" I wrote in one of the ETAs in my prior post is all you really need to know. You're welcome "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Baroque Bloke |
Yes, same security. But, oddly, in my stores tap-to-pay nearly always works flawlessly whereas in-the-slot-to-pay often takes two or more insertions. So strange since the card is optimally positioned with in-the-slot-to-pay. Serious about crackers | |||
|
אַרְיֵה |
The bank is USAA. They sent an email stating that they would replace the old-fashioned plain vanilla VISA with a tap-to-pay card. הרחפת שלי מלאה בצלופחים | |||
|
Nullus Anxietas |
Here's another oddity (going back to the speed-of-use question): Nine times out of ten I found Apple Pay would clear on the POS terminal faster than inserted CCs. And not by just a little >< either. Fair enough. But, still: The wording they used, while strictly accurate in a technical sense, could easily lead one to the wrong conclusion. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
A teetotaling beer aficionado |
Yeah, I know all of that and know where to find the number in Wallet. I can get a new number assigned right there if I need to. My point is there's no number on the card that a sneaky merchant can grab. Sure it's embedded in the code but the merchant never sees it, not even on their posting record or any transaction paperwork. And let me add, since about 20 years ago, it's illegal for merchants to have terminals that print your card number on the paper receipt. I went through that when I had my business and had to get a new terminal that didn't print numbers on receipts. So if you see your number on a receipt, challenge the merchant. Men fight for liberty and win it with hard knocks. Their children, brought up easy, let it slip away again, poor fools. And their grandchildren are once more slaves. -D.H. Lawrence | |||
|
Nullus Anxietas |
That's a bit different than what you were asserting previously, that "... the Apple Card is more than you assert." It's not. The full number: Sure. But, every CC receipt I just checked in our "paperwork to process inbox" sitting behind me, from a variety of vendors and vendor types, has printed upon it some for of "XXXXXXXXXXXXNNNN," where "NNNN" are the last four digits of the card used. I'd almost be willing to bet the rent that, if you used your physical Apple Card in a POS terminal and checked that field on your receipt against the Card's number in your Apple Wallet, you'd find they matched. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
A teetotaling beer aficionado |
Not he entire number Men fight for liberty and win it with hard knocks. Their children, brought up easy, let it slip away again, poor fools. And their grandchildren are once more slaves. -D.H. Lawrence | |||
|
eh-TEE-oh-clez |
I think there's misinformation in the previous few posts. For chip cards where you "dip" and contactless "tap-to-pay" physical cards that use an embedded RFID chip, both of those methods pass an algorithmically generated "token" to the merchant for payment authorization. No full credit card account number is passed to the merchant unless it is lifted from the mag strip. The last 4 digits of a CC do not count, as that's often circulated as a means to identify the transaction. The mag strip stores unencrypted credit card numbers, but not the RFID or EMV chips used for tap-to-pay or dipped transactions. Just so we're all clear, in order of security: 1) Apple Pay, Google Wallet, etc. is most secure as it passes only a token, which can only be accessed using two factor authentication (device + password/biometric unlock). 2) Contactless RFID chip is next most secure, as it passes only a token without inserting the card (which may expose the mag strip to skimming) 3) Insert or dipped EMV chips cards also only pass a token, however, your whole card is inside the machine and your mag strip can potentially be skimmed for credit card numbers while dipped. 4) Online transactions using 16 digit account number + 3 or 4 digit security code, plus zip code and expiration date. Typically an additional layer of security on the merchant end using digital security certificates, IP addresses and the like 5) Swiped transactions using just the mag strip + signature from a terminal. The terminal ID should be recognized by the payment processor. 6) Manual transaction using credit card imprint + signature. 6) Phoned transactions with credit card number + security code. Honorable mention for European style tap-to-pay or EMV card dip with 4 digit pin, which would take take the second spot if widely available here in the US. | |||
|
Nullus Anxietas |
Ok. Could be my information is out-of-date, then. There's this: The Challenges and advantages of EMV Tokenization (2019), and, more recently, this: EMV® Payment Tokenisation (2022). So perhaps what these new cards are is the new tech? If I was wrong, I appreciate the correction. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Baroque Bloke |
Per ChatGPT: Q: Do “tap to pay” terminals pass the full credit card number to the merchant? A: No. The credit card number is not passed to the merchant when a "tap to pay" terminal is used. Instead, the payment information is sent securely from the terminal to the payment processor, which generates a one-time "token" to represent the customer's payment information. The token is then sent to the merchant, so the customer's actual credit card information is never exposed. Serious about crackers | |||
|
Powered by Social Strata | Page 1 2 3 4 |
Please Wait. Your request is being processed... |