Good Sam Community

magicbus wrote:

“Apple Pay is accepted at over 85 percent of retailers in the U.S., so you can likely use it wherever and however you want.

Except Walmart, Home Depot, Lowes, etc.

Per the Apple Pay website (Link) it is accepted anywhere that takes contactless credit cards.

“Apple Pay is accepted at over 85 percent of retailers in the U.S., so you can likely use it wherever and however you want. If you’re not sure, just ask. Apple Pay works anywhere that takes contactless payments — from vending machines and grocery stores to taxis and subway stations.”

On edit: I only recently learned that the Apple Pay network is not required. When I added my BofA card to my wallet, BofA texted me a code then sent an email saying my CC was added to my iPhone wallet and could be used at any contactless station. I guess they added their transaction routing info to my phone in order to skip the need for the Apple Pay network.

Dave

magicbus wrote:
Or as others have pointed out, put your card in your phone wallet and leave the card home. At least with an iPhone you tap your phone and approve the transaction using your fingerprint on your phone. Can’t get much safer - especially with something for which you have no liability, all you are trying to do is avoid the hassle of a stolen card.

Dave

More merchants need to get onboard, as many notably large businesses still are not setup to accept Apple Pay.

Or as others have pointed out, put your card in your phone wallet and leave the card home. At least with an iPhone you tap your phone and approve the transaction using your fingerprint on your phone. Can’t get much safer - especially with something for which you have no liability, all you are trying to do is avoid the hassle of a stolen card.

Dave

Gdetrailer wrote:

1492 wrote:
As mentioned, contact-less credit card transactions are about as safe as using the card's chip insertion method. They both use the same encrypted transaction technology generating a one-time token. Most of the RFID fraud concerns from contact-less credit cards have been debunked as myths.

Personally, I will always use touch credit transaction first, and only use the chip insertion method if not available.

Nope.

Not any safer than using the mag stripe..

Skimmers have gotten significantly better over the last few yrs..

I have no idea what you are referring? I'm talking about touch credit card readers. RFID enable CC uses the same technology as chip. So not following your skimmer example? If that were the case, than using chip based insertion would be just as vulnerable. BTW, the model in your photo example does not have built in RFID contact-less reader in the first place, so not understanding the point.

In any case, show a example of RFID touch credit card used in a successful fraudulent transaction? One that doesn't involve a merchant.

BTW, I never swipe my card, even if the chip does not work the mentioned three times. This is a an issue I've experienced with TDBank credit cards as they use a thinner plastic. No issue using contact-less RFID method, but TDBank cards sometime fail to read using chip insertion method at stores like Home Depot or Harris Teeter. I just end up using a different card.

What can be encrypted, can be decrypted if one wants to go to the effort and the effort has a big enough payoff.

While this is a true statement, what is missing is that with the system used today it would takes months or years or even decades or longer on a high speed computer to decrypt the token. By then it is of no value since it has already been used once.

Now skimming the magnetic strip, that's much easier, but more and more cards have no magnetic strip.

1492 wrote:
As mentioned, contact-less credit card transactions are about as safe as using the card's chip insertion method. They both use the same encrypted transaction technology generating a one-time token. Most of the RFID fraud concerns from contact-less credit cards have been debunked as myths.

Personally, I will always use touch credit transaction first, and only use the chip insertion method if not available.

Nope.

Not any safer than using the mag stripe..

Skimmers have gotten significantly better over the last few yrs..

Here is a couple of recent examples found at Sam's clubs self checkouts in my county and a few other counties near me..





Those skimmers were slid down over a rather popular card reader brand which does have chip reader plus mag stripe and from what has been said was completely undetectable.

The skimmers transmit the data via BT to the perps..

Considering very few CC and ATM bank cards now days are issued with no chip (mag stripe only) and many older non chipped cards most likely have expired and no longer valid I highly doubt the perps would get enough CC data from mag stripe transactions to make this effort worth it.

Chip first is required by the terminal, only if the chip reader fails to work three times in a row will the mag stripe reader be enabled.. Granted, they could have been skimming the very few debit cards which may not have chips but even that to me seems to be very low hanging fruit for the effort these folks went through.

The perps that installed the readers in the pix above were caught, they came from Romania via Canada into the States, rented a vehicle and eventually drove to my state.. That was a lot of cost and effort on only the hopes of capturing only mag stripe transactions.. Which leads me to believe that even the chip safety is a fallacy..

What can be encrypted, can be decrypted if one wants to go to the effort and the effort has a big enough payoff..

Cptnvideo wrote:
My phone alerts me to EVERY transaction. One time after using the card the night before at a gas station, my phone alerted me to a $2200 transaction to an online furniture store. I immediately alerted Capitol 1. Needless to say, the a$$hole that stole my CC number got caught.

If a gas pump has the old style black card reader that sticks out you need to grab it and make sure it is tight and won't come off. If it isn't tight it probably is a skimmer grabbing your data. Had this happen to me in SC and was buying groceries that day in Canada after I got skimmed.

My phone alerts me to EVERY transaction. One time after using the card the night before at a gas station, my phone alerted me to a $2200 transaction to an online furniture store. I immediately alerted Capitol 1. Needless to say, the a$$hole that stole my CC number got caught.

As mentioned, contact-less credit card transactions are about as safe as using the card's chip insertion method. They both use the same encrypted transaction technology generating a one-time token. Most of the RFID fraud concerns from contact-less credit cards have been debunked as myths.

Personally, I will always use touch credit transaction first, and only use the chip insertion method if not available.

I'll keep going on my merry way using a CC for virtually any transaction, keep getting free airfare with the points, pay it off every month, get my 5% back on gas purchases. In close to 50 years using credit cards ONCE I got a call from the CC company with a potential fraud, which they caught.
I download financial transactions to my accounting SW every day so I'd catch any "bad" transactions anyway.

The contactless CC transaction is actually likely more "theft proof" than the insert into the machine and WAY safer than manual CC transactions.

And I make it a policy to use paypal for online transactions to avoid entering a CC number.

There are those that want to make a quick buck by convincing consumers that your CC, your car key fob, your phone is wide open to everyone and your going to end up in the poor house. They spread false and misleading information to get your $$$$.

pbeverly wrote:
Very safe. Your actual credit card number is not used in the transaction, it generates a one time unique one each time it is used. SO very safe.

Correct, it's called a token. The signal emitted by the contactless chip in the card is readable and can be intercepted with a nearby scanner, but the card is not transmitting your real credit card number, it sends another number called a token that gets translated into your card number when it's received by the bank. So any info crooks steal using this method is worthless. Like intercepting an encrypted transmission, by the time the crooks decode it the token is no longer valid.

Very safe. Your actual credit card number is not used in the transaction, it generates a one time unique one each time it is used. SO very safe.

I prefer to use Samsung Pay as it does the same thing and I do not have to whip out my credit card at all. I also have it setup for my debit card, again don't have to whip out physical card.

My credit card company allows me to setup virtual cards. I have 5 different ones set up. These are for online/phone use. One just for Amazon. One for hotel/camping reservations. The intent is if say my credit card info gets stolen from Amazon I shut down that virtual card, create a new one and don't have to update credit card information everywhere, just Amazon. My REAL credit card number is still good.