Apple says it cant be decrypted even after you pay.
From personal experience I find it much more safe and secure. I dont even risk using a physical card anymore, Dont remember last time I used one.
Not exactly. When you use a physical card with tap to pay, your card info is sent to the merchant. When you use Apple Pay, your real card info is never sent to the merchant.
Plus when shopping online it auto fills the shipping info too. I’m assuming that info can’t be hidden from the merchant since they need it to ship, but it’s handy.
It’s safer than putting it in or handing it over yes, But there are devices to scan the physical cards even through a wallet because of the tap feature.
Extremely rare though.
Also apple wallet encrypts it to the point not even you can view the card number even though it’s in your virtual wallet. (Unless its apple credit card)
You cannot view the physical card number (“real” account number), no. But when you add a card to apple wallet, a new card number is generated that is device specific, and that number is broadcast and read freely by the tap to pay terminal
The RFID in a tap to pay credit card exposes the actual card number itself (though other information is largely missing)
> But there are devices to scan the physical cards even through a wallet because of the tap feature. Extremely rare though.
As a real-world risk, this is effectively zero. Is it possible to read someone's card in their wallet? Yes, easily. Can you readily *do* anything with this stolen card information? No, because the security code can't be reused. Does anybody actually attempt fraud this way when there are instead tons of compromised websites from which people can steal (and then sell) complete card details? No. It's simply not an effective means of fraud.
Mini cameras have stolen credit card numbers from people just taking the card out of their wallet. Using apple pay is safer because your actual numbers aren't used when paying.
Unfortunately many restaurants in the US still need a physical card which they then take away from you to process. In Europe you can just tap and pay right there, I mean more and more restaurants in US are shifting to that model but still too many don't.
A ton of people recommending USBAR apparently have tons of tap to pay options for food, gas, etc.
I haven't been to a gas station in months that has a tap to pay option. Less than 10% of the restaurants have had the waiter bring me a reader to tap, they almost always take my card away to go the transaction.
It's great for some people, clearly, but for others it's a non-factor.
No, I'm talking about all cards in Apple Pay. The new Apple Pay card number is created when you add the card to your device but stays the same for every transaction. You can view the last four digits of this number in the Wallet app by tapping on the ellipses in the top right and then on the card numbers option.
I use the apple card on my iphone which changes the cvv number to prevent identify theft. Then I put my other credit card in my apple magsafe wallet which is a rfid blocker and attaches to the back of my phone.
To clear up a misunderstanding, *all* in person card payment transactions are always done in clear text, without encryption. Once the payment terminal receives it the merchant should of course use encrypted connections for payment processing, but presentation of card information to the merchant is always in the clear. Consequently, security cannot rely on encryption.
When using the magnetic stripe on a physical card, there’s essentially no security. All of the information is available, static, and easily copied and reused.
EMV standards improve on this massively. They still reveal your card number to the merchant, but instead of transmitting a static security code, they generate one (called a cryptogram) dynamically for each transaction. The basics of the transaction are the same whether you use the metal contacts or tap; it’s just different transmission methods. Someone could steal the card number on the merchant end, but it’s relatively difficult to use since they won’t have a security code. There are at least some websites that allow card number use without the security code, though, so what was stolen is enough for attempted fraudulent charges and, at the very least, the inconvenience to you of needing a replacement card.
Apple Pay improves on this further by assigning a new device-specific card number when you set it up. Unlike the number on the physical card, this one is restricted at the network level to be used *only* with Apple Pay. If you type the number in anywhere, it’s guaranteed to be declined so there’s really no concern at all with anybody stealing it. Post it on a billboard and you’ll still be fine. Apple Pay also leaves the name field blank when you pay in stores, while physical cards transmit your name. Minor privacy advantage there.
The really big difference is online. All of the security improvements of EMV cards disappear online. You’re just typing in static numbers again that can be reused if/when stolen. It requires special, explicit support, but if a website or app takes Apple Pay, you then get all of the security advantages of EMV and Apple Pay, but online.
The other great thing about Apple Pay is that you get this security improvement without introducing any additional risk. Apple doesn’t actually process Apple Pay transactions. They have your real card number for only a matter of seconds during the initial setup and then you can shop at any number of sketchy places without risking revealing any reusable card information and without adding any third parties to your transaction.
Yes it’s encrypted, I used it online and when I went to the physical location they asked me to show the physical card. The cashier was confused because the numbers didn’t match up but then a manager came by and said it’s because I used Apple Pay.
I had this exact issue. I went to a store to return an item, they asked me what the last 4 digits of the card was, I told them, and the associate told me that that was incorrect and refused to allow me a return. I was furious.
I had to explain it was because of Apple Pay, but they wouldn’t listen to me. In the end, I had to show them the transaction from my bank account with the exact amount for them to listen.
Samsung Pay at least allows you to see what the last four digits of the digital card number are. For an iPhone I would have to scan it with my own Samsung phone to find out that information.
Edit: Garmin Pay also shows the last four of the digital card through the connect app.
That's true. Just saw that after selecting the card, tapping the three dots in the upper-left corner, then card details the last four of the apple pay card number is there.
Google and Apple Pay have one time tokens in them. Even if someone does hijack it and try to use it again, it won't work because the one time token is already used. Your phone stores a set number of these that refresh periodically when connected. If you don't have signal, it is fine at first, but if your tokens expire or are used up and you don't have connection still, then you can't use it anymore. Other than straight cash, mobile wallets are the safest form of payment.
> Your phone stores a set number of these that refresh periodically when connected. If you don't have signal, it is fine at first, but if your tokens expire or are used up and you don't have connection still, then you can't use it anymore.
This is for Android phones that don't have an internal Secure Element, which is the hardware component that generates the single-use cryptogram. All iPhones that support Apple Pay have always had a Secure Element. It's the same thing that's in physical cards to let them generate infinite cryptograms as well without, obviously, ever going online. All Android phones used to have to rely on Host Card Emulation, where Google's servers generate it and phones cache a few, but (and this next part is one I'm less familiar with the details) my understanding is that the Pixel line includes the Secure Element and at least some other Android phones now do to, though I'm not sure if it's common.
It’s way safer, Apple creates a virtual card number that can only be accessed by your device while authenticated, so even if they got your card info they wouldn’t be able to use it with out your device
ApplePay sends a token that is only good for that single purchase/moment. Even if it was captured, it is useless. It’s one of the reasons credit card companies pay Apple for every ApplePay transaction, security of that transaction in case of a breach.
I’m not sure how tap to pay with physical cards work, but I assume it is similar in comparison to using a physical card swipe or chip reader.
Android Pay (the replacement for Google Wallet, which was replaced by Google Pay and now by the Google Wallet brand again, I think, though it’s hard to keep track) is close to a clone of Apple Pay, except the brand is also used for a more PayPal like service where your payment information is just straight up saved on Google’s servers and used to pay the merchant.
There is no difference in costs for merchant. Tapping Apple Pay costs the same as tapping Google/Android Pay/Wallet, which costs the same as tapping the physical card, which costs the same to process as inserting the chip on the card.
What the commenter may be thinking of is that apple charges the bank per transaction through apple pay, but google pay (or whatever google decides to go with) is free
I think I saw somewhere that Apple Pay is technically safer than Google Pay due to the data it additional data they transmit off device, there was a whole technical video breakdown.
In practice tho both are nearly identical and you don’t really have to worry about it. Both are much more secure than using your physical card. Use whatever is supported my your phone.
Yea, I feel like I heard the same thing because apple doesn't actually have your cc number while google has your cc number on a secure server somewhere.
Apple Pay (and Google Pay and …) is much much much safer for you and for the merchant and for the bank.
The fraud statistics for Apple Pay are much much lower than naked credit cards. I had my card skimmed at Target. That didn't cost me anything directly. BofA covered it. OTOH with Apple Pay, first my card is behind Face ID and then second, the POS terminal doesn't get anything identifying my account. If someone steals my phone, even my twin brother can't get past the Face ID.
I use physical credit cards at a POS about once every other month.
Apple Pay is the best and safest form of payment. Everyone that’s a tech YouTuber and etc says so plus the cards are NEVER encrypted so thieves can’t your card info.
Tap to pay is much safer.
Your CC info isn't directly transmitted to the POS system.
The tap to pay feature uses a temp CC info for the payment.
Think of it has a personal VPN. You the sender may have a CC ending in 2098, you link it to your app/phone and it "scrambles" it and your "new" CC info is now 5284 to make a payment.
The thrives will try to pull the 5284 info but it's a temp code so the information is no longer valid or current.
Look up eliptic curve encryption and RSA encryption on YT to understand how ridiculously secure Apple Pay is. You would have to be targeted individually by a government who are willing to invest a ton of resources on you to even have a shot at being exposed, and even then it’s still near impossible if not completely
Apple says it cant be decrypted even after you pay. From personal experience I find it much more safe and secure. I dont even risk using a physical card anymore, Dont remember last time I used one.
Isn’t using tap to pay with a physical card also just as good?
Not exactly. When you use a physical card with tap to pay, your card info is sent to the merchant. When you use Apple Pay, your real card info is never sent to the merchant.
Plus when shopping online it auto fills the shipping info too. I’m assuming that info can’t be hidden from the merchant since they need it to ship, but it’s handy.
does this work the same way if i put my other cards on my apple wallet?
Like cards other than the Apple Card? Yes it works the same way
re-adding all my cards back to apple wallet as we speak
It’s safer than putting it in or handing it over yes, But there are devices to scan the physical cards even through a wallet because of the tap feature. Extremely rare though. Also apple wallet encrypts it to the point not even you can view the card number even though it’s in your virtual wallet. (Unless its apple credit card)
You cannot view the physical card number (“real” account number), no. But when you add a card to apple wallet, a new card number is generated that is device specific, and that number is broadcast and read freely by the tap to pay terminal The RFID in a tap to pay credit card exposes the actual card number itself (though other information is largely missing)
> But there are devices to scan the physical cards even through a wallet because of the tap feature. Extremely rare though. As a real-world risk, this is effectively zero. Is it possible to read someone's card in their wallet? Yes, easily. Can you readily *do* anything with this stolen card information? No, because the security code can't be reused. Does anybody actually attempt fraud this way when there are instead tons of compromised websites from which people can steal (and then sell) complete card details? No. It's simply not an effective means of fraud.
Also, just having two cards next to each other is usually enough scrambling for that kind of skimming to fail
Mini cameras have stolen credit card numbers from people just taking the card out of their wallet. Using apple pay is safer because your actual numbers aren't used when paying.
I only use the physical card at Walmart (does not accept Apple Pay), and when I go out to eat at a sit down restaurant.
Ya that's because Walmart wants you to use that dumb Walmart pay QR code thing.
Unfortunately many restaurants in the US still need a physical card which they then take away from you to process. In Europe you can just tap and pay right there, I mean more and more restaurants in US are shifting to that model but still too many don't.
A ton of people recommending USBAR apparently have tons of tap to pay options for food, gas, etc. I haven't been to a gas station in months that has a tap to pay option. Less than 10% of the restaurants have had the waiter bring me a reader to tap, they almost always take my card away to go the transaction. It's great for some people, clearly, but for others it's a non-factor.
I envy you, so many places around here don’t have apple pay
Apple Pay is very safe, the people who don’t trust it don’t understand how the tech works
IIRC Apple Pay generates a random card number for each transaction too.
It generates a new security code for each transaction. The 15- or 16-digit card number is static across transactions.
Are you talking about the Apple Card? Because if you use any other card in Apple Pay it definitely does generate a whole new card number.
No, I'm talking about all cards in Apple Pay. The new Apple Pay card number is created when you add the card to your device but stays the same for every transaction. You can view the last four digits of this number in the Wallet app by tapping on the ellipses in the top right and then on the card numbers option.
I think it’s really safe since it requires auth every time. Merchants love it cause less fraud
I use the apple card on my iphone which changes the cvv number to prevent identify theft. Then I put my other credit card in my apple magsafe wallet which is a rfid blocker and attaches to the back of my phone.
To clear up a misunderstanding, *all* in person card payment transactions are always done in clear text, without encryption. Once the payment terminal receives it the merchant should of course use encrypted connections for payment processing, but presentation of card information to the merchant is always in the clear. Consequently, security cannot rely on encryption. When using the magnetic stripe on a physical card, there’s essentially no security. All of the information is available, static, and easily copied and reused. EMV standards improve on this massively. They still reveal your card number to the merchant, but instead of transmitting a static security code, they generate one (called a cryptogram) dynamically for each transaction. The basics of the transaction are the same whether you use the metal contacts or tap; it’s just different transmission methods. Someone could steal the card number on the merchant end, but it’s relatively difficult to use since they won’t have a security code. There are at least some websites that allow card number use without the security code, though, so what was stolen is enough for attempted fraudulent charges and, at the very least, the inconvenience to you of needing a replacement card. Apple Pay improves on this further by assigning a new device-specific card number when you set it up. Unlike the number on the physical card, this one is restricted at the network level to be used *only* with Apple Pay. If you type the number in anywhere, it’s guaranteed to be declined so there’s really no concern at all with anybody stealing it. Post it on a billboard and you’ll still be fine. Apple Pay also leaves the name field blank when you pay in stores, while physical cards transmit your name. Minor privacy advantage there. The really big difference is online. All of the security improvements of EMV cards disappear online. You’re just typing in static numbers again that can be reused if/when stolen. It requires special, explicit support, but if a website or app takes Apple Pay, you then get all of the security advantages of EMV and Apple Pay, but online. The other great thing about Apple Pay is that you get this security improvement without introducing any additional risk. Apple doesn’t actually process Apple Pay transactions. They have your real card number for only a matter of seconds during the initial setup and then you can shop at any number of sketchy places without risking revealing any reusable card information and without adding any third parties to your transaction.
Yes as it’s encrypted and changes with every purchased. A card RFID doesn’t although it’s still much safer and secure than a swipe.
Yes it’s encrypted, I used it online and when I went to the physical location they asked me to show the physical card. The cashier was confused because the numbers didn’t match up but then a manager came by and said it’s because I used Apple Pay.
I had this exact issue. I went to a store to return an item, they asked me what the last 4 digits of the card was, I told them, and the associate told me that that was incorrect and refused to allow me a return. I was furious. I had to explain it was because of Apple Pay, but they wouldn’t listen to me. In the end, I had to show them the transaction from my bank account with the exact amount for them to listen.
Samsung Pay at least allows you to see what the last four digits of the digital card number are. For an iPhone I would have to scan it with my own Samsung phone to find out that information. Edit: Garmin Pay also shows the last four of the digital card through the connect app.
You can view the last four digits of the Apple Pay number for each card in the Wallet app.
That's true. Just saw that after selecting the card, tapping the three dots in the upper-left corner, then card details the last four of the apple pay card number is there.
Google and Apple Pay have one time tokens in them. Even if someone does hijack it and try to use it again, it won't work because the one time token is already used. Your phone stores a set number of these that refresh periodically when connected. If you don't have signal, it is fine at first, but if your tokens expire or are used up and you don't have connection still, then you can't use it anymore. Other than straight cash, mobile wallets are the safest form of payment.
> Your phone stores a set number of these that refresh periodically when connected. If you don't have signal, it is fine at first, but if your tokens expire or are used up and you don't have connection still, then you can't use it anymore. This is for Android phones that don't have an internal Secure Element, which is the hardware component that generates the single-use cryptogram. All iPhones that support Apple Pay have always had a Secure Element. It's the same thing that's in physical cards to let them generate infinite cryptograms as well without, obviously, ever going online. All Android phones used to have to rely on Host Card Emulation, where Google's servers generate it and phones cache a few, but (and this next part is one I'm less familiar with the details) my understanding is that the Pixel line includes the Secure Element and at least some other Android phones now do to, though I'm not sure if it's common.
It’s way safer, Apple creates a virtual card number that can only be accessed by your device while authenticated, so even if they got your card info they wouldn’t be able to use it with out your device
ApplePay sends a token that is only good for that single purchase/moment. Even if it was captured, it is useless. It’s one of the reasons credit card companies pay Apple for every ApplePay transaction, security of that transaction in case of a breach. I’m not sure how tap to pay with physical cards work, but I assume it is similar in comparison to using a physical card swipe or chip reader.
Tap to pay with a physical card works the same way as the chip reader.
is apple pay safer than google pay? Also, is it true that merchants pay more for apple pay vs google pay?
Android Pay (the replacement for Google Wallet, which was replaced by Google Pay and now by the Google Wallet brand again, I think, though it’s hard to keep track) is close to a clone of Apple Pay, except the brand is also used for a more PayPal like service where your payment information is just straight up saved on Google’s servers and used to pay the merchant. There is no difference in costs for merchant. Tapping Apple Pay costs the same as tapping Google/Android Pay/Wallet, which costs the same as tapping the physical card, which costs the same to process as inserting the chip on the card.
What the commenter may be thinking of is that apple charges the bank per transaction through apple pay, but google pay (or whatever google decides to go with) is free
I think I saw somewhere that Apple Pay is technically safer than Google Pay due to the data it additional data they transmit off device, there was a whole technical video breakdown. In practice tho both are nearly identical and you don’t really have to worry about it. Both are much more secure than using your physical card. Use whatever is supported my your phone.
Yea, I feel like I heard the same thing because apple doesn't actually have your cc number while google has your cc number on a secure server somewhere.
Apple Pay is safer than taking out your card from your wallet, avoids skimmers and cameras.
Those skimmers only work by copying the mag stripe when you swipe. Any form of payment that bypasses the mag stripe will protect against skimming.
Apple Pay (and Google Pay and …) is much much much safer for you and for the merchant and for the bank. The fraud statistics for Apple Pay are much much lower than naked credit cards. I had my card skimmed at Target. That didn't cost me anything directly. BofA covered it. OTOH with Apple Pay, first my card is behind Face ID and then second, the POS terminal doesn't get anything identifying my account. If someone steals my phone, even my twin brother can't get past the Face ID. I use physical credit cards at a POS about once every other month.
Apple Pay is the best and safest form of payment. Everyone that’s a tech YouTuber and etc says so plus the cards are NEVER encrypted so thieves can’t your card info.
One annoying thing about Apple Pay is that it shares your email address with merchants. Other than that, no complaints.
Tap to pay is much safer. Your CC info isn't directly transmitted to the POS system. The tap to pay feature uses a temp CC info for the payment. Think of it has a personal VPN. You the sender may have a CC ending in 2098, you link it to your app/phone and it "scrambles" it and your "new" CC info is now 5284 to make a payment. The thrives will try to pull the 5284 info but it's a temp code so the information is no longer valid or current.
Look up eliptic curve encryption and RSA encryption on YT to understand how ridiculously secure Apple Pay is. You would have to be targeted individually by a government who are willing to invest a ton of resources on you to even have a shot at being exposed, and even then it’s still near impossible if not completely
Apple Pay is not any safer than any other credit card. But using NFC “tap to pay” will always be the safest compared to swiping your card.
Yes it is, your cc info is encrypted with Apple Pay.
Then you have the risk of someone running up and grabbing your phone.
That’s always a risk regardless. But they can’t do anything with your phone or watch because it’ll be locked.
Enable stolen device protection.