Begun, the Wallet Wars, have.
October 27, 2014 9:56 AM Subscribe

Apple recently launched Apple Pay, a contactless payment system that uses NFC, tokenization, and TouchID for an easy and secure payment experience. Now retailers like CVS and Rite Aid are turning off their NFC support to lock out Apple Pay (and other payments systems that use NFC such as Google Wallet). Why?

The usual reasons. A consortium of retailers, including Walmart, Target, Best Buy, CVS, Rite Aid, and many others, plans to introduce CurrenC, a rival payment system, next year. The goal is to eliminate credit card processing fees while continuing to gather tons of information on their customers. Members of the consortium must sign three-year mobile payment app exclusivity deals with MCX. This is uniting some previously disparate factions.

Their, uh, interesting method of implementation involves QR codes, your bank account, driver's license, and SSN (screenshot). That's okay though, what could go wrong?

posted by entropicamericana (299 comments total) 39 users marked this as a favorite

I expect CVS and the NSA to start sharing footage for their TV ads and Congressional appearances about how "collecting metadata isn't invasive!"

Best Buy are scumbags; I thought they were already out of business. But based on the execs who live in my town, CVS seems smarter and more strategic than this.
posted by wenestvedt at 9:59 AM on October 27, 2014 [1 favorite]

This is asinine. ACH is not intended for direct point payments, and the infrastructure around it won't treat it that way. In a year, you will see this crap listed as a reason for massive losses at these retailers.
posted by sonic meat machine at 9:59 AM on October 27, 2014 [18 favorites]

You know, it's not that big a inconvenience to me to run by the ATM on the way to the store, much less than trying to sort this out.
posted by T.D. Strange at 10:01 AM on October 27, 2014 [7 favorites]

There are plenty of places that now accept Apple Pay (Walgreen's/Duane Reade) that already collect your information. Apple Pay does not protect you from that.
posted by roomthreeseventeen at 10:02 AM on October 27, 2014

Even weirder: sometimes you have to scan their QR code, and sometime you have to show them one on your device. Which to me only makes it even more confusing!
posted by wenestvedt at 10:02 AM on October 27, 2014

roomthreeseventeen, I agree: unless Apple Pay deprives the seller of the use of a loyalty card, what are they losing?
posted by wenestvedt at 10:03 AM on October 27, 2014

Will Apple be able to swap out their NFC chip for an EMV chip once chip-and-pin rolls out?
posted by mullacc at 10:04 AM on October 27, 2014

Also, the app wants access to your health data. (source)

It's really a shopper's dream. Just:

unlock your phone
open the CurrentC app
select "pay"
scan the store QR code
let the cashier scan your QR code
have the money be deducted from your checking account with limited fraud protection
let that store and every other store in the consortium track and share all your purchases
oh and also your health information

posted by the jam at 10:04 AM on October 27, 2014 [128 favorites]

There are plenty of places that now accept Apple Pay (Walgreen's/Duane Reade) that already collect your information. Apple Pay does not protect you from that.

Do you mean they collect info via Apple Pay?
posted by mullacc at 10:05 AM on October 27, 2014

CurrentC not CurrenC.

ACH also provides no consumer level protection against fraud.

I've had my card compromised four times in the last two years. I am done with credit cards. So Apple Pay intrigues me, but when people make it difficult for me to pay them I generally don't.

Apple Pay does protect you from data gathering, since it doesn't use a trackable number. Each transaction has its own number. No coupons, special offers, or other stupid clutter.
posted by cjorgensen at 10:05 AM on October 27, 2014 [5 favorites]

I've been reading about this everywhere. QR codes...AHAHAHAHAHAAAHHAHAAHHHAAAAA!!!

The weird thing is that most of those retailers had NFC implemented and ApplePay was working with them. Then, seemingly overnight, they all pulled the plug on NFC.

I'm thinking that MCX quietly reminded the retailers that they had a contractual obligation to use CurrentC and they should cease and desist using NFC. Or el$e.
posted by Thorzdad at 10:05 AM on October 27, 2014 [1 favorite]

Will prices drop because of this new payment method ? Since the stores are saving on the credit card fees, they should split the difference.. Oh, wait, what am I smoking ?
posted by k5.user at 10:06 AM on October 27, 2014 [18 favorites]

As far as I know, almost all stores accept cash. Just sayin'
posted by double block and bleed at 10:06 AM on October 27, 2014 [7 favorites]

US EMV rollout will actually help NFC.
posted by entropicamericana at 10:06 AM on October 27, 2014

Former Walmart CEO Lee Scott has reportedly said: "I don’t know that MCX will succeed, and I don’t care. As long as Visa suffers."
posted by 1970s Antihero at 10:06 AM on October 27, 2014 [2 favorites]

What? I have been using Google Wallet at CVS for months now. Just...ugh. Ugh. What utter tools.
posted by selfnoise at 10:06 AM on October 27, 2014 [4 favorites]

I have a feeling Apple will just block the CurrentC app from the App Store. Seems only fair if they're blocking Apple Pay from their stores.
posted by the jam at 10:06 AM on October 27, 2014 [24 favorites]

Do you mean they collect info via Apple Pay?

No, I meant that just because you're using Apple Pay doesn't mean the store cares about your privacy.
posted by roomthreeseventeen at 10:07 AM on October 27, 2014

Also, the app wants access to your health data. (source)

It's really a shopper's dream. Just:

unlock your phone
open the CurrentC app
select "pay"
scan the store QR code
let the cashier scan your QR code
have the money be deducted from your checking account with limited fraud protection
let that store and every other store in the consortium track and share all your purchases
oh and also your health information

Was this a result of some sort of challenge to make BitCoin actually look good by comparison?
posted by Drinky Die at 10:07 AM on October 27, 2014 [74 favorites]

There are plenty of places that now accept Apple Pay (Walgreen's/Duane Reade) that already collect your information. Apple Pay does not protect you from that.

ApplePay, itself, does not collect information. Nor does it share any information. It just validates your credit or debit card.

CurrentC is all about information collection and distribution of that information among its members, whether you shop at them or not, and scant little else.
posted by Thorzdad at 10:08 AM on October 27, 2014 [3 favorites]

Considering how badly the interface for checkout using a credit card at walgreens/cvs is already, it doesn't surprise me that they'd be upping their shitty checkout game to new levels.
posted by Ferreous at 10:10 AM on October 27, 2014 [4 favorites]

Congratulations to MCX for making Apple look open and Google privacy oriented. They need to work on their relationship with Facebook users to score a trifecta.
posted by Bovine Love at 10:10 AM on October 27, 2014 [24 favorites]

Also, Verizon and the other cell phone providers are pushing Softcard which is NFC based. So these retailers have now pissed off:

-The major cell phone ISPs
-Google
-Apple

Good luck with that, you miserable idiots.
posted by selfnoise at 10:10 AM on October 27, 2014 [11 favorites]

There are plenty of places that now accept Apple Pay (Walgreen's/Duane Reade) that already collect your information. Apple Pay does not protect you from that.

Those places ask for both your driver's license number and Social Security number?
posted by grubi at 10:10 AM on October 27, 2014 [1 favorite]

~~Soilent green is made of people!!!~~

We are the product!!!
posted by ZenMasterThis at 10:11 AM on October 27, 2014 [2 favorites]

I want to try CurrentC but I haven't been able to figure out how to plug this CueCat into my phone.
posted by komara at 10:11 AM on October 27, 2014 [122 favorites]

I have a feeling Apple will just block the CurrentC app from the App Store. Seems only fair if they're blocking Apple Pay from their stores.
posted by the jam at 1:06 PM on October 27 [+] [!]

Yeah, they seem to think Apple is going to put it in the app store:

The CurrentC mobile wallet app will be free to download through both the App StoreSM and Google PlayTM store, and is compatible with major smartphones.
posted by R. Mutt at 10:11 AM on October 27, 2014 [5 favorites]

I think it would behoove Apple to allow it in the App Store. Let people go through all those steps and then say "See? Apple Pay isn't that intrusive or that big of a deal."
posted by grubi at 10:13 AM on October 27, 2014 [3 favorites]

As far as I know, almost all stores accept cash. Just sayin'

Actually I've been in several restaurants that don't accept cash. Card only or go elsewhere. And try paying for something with cash in an Apple store. Sure, you can do it, but it's a pain compared to cash (or their store app).

You know, it's not that big a inconvenience to me to run by the ATM on the way to the store, much less than trying to sort this out.

You mean the ATM that wasn't to charge me $2.50 to get out $20? or do you mean the one that's on the other side of town that my bank let's me use for free?

This is also a bit tiresome. We get it, you cash guys don't see the point. You're probably also happy with your flip phone.
posted by cjorgensen at 10:13 AM on October 27, 2014 [21 favorites]

On the plus side, I guess you could go and sign up a secondary bank account and link it to CurrentC so that you're eligible for the inevitable class action lawsuit settlement.
posted by sonic meat machine at 10:13 AM on October 27, 2014 [44 favorites]

I honestly don't know why anyone would support middlemen in payment processes, be it one or some combination of credit cards, Apple Pay, or this monstrosity. As consumers we always pay for this stuff, and I refuse to play the "which corp do I get angry at" game when it's just one corp's P&L versus another's. Technology is supposed to enable disintermediation.
posted by sylvanshine at 10:14 AM on October 27, 2014 [6 favorites]

CVS is already the absolute worst on privacy protection.

Anything that gives them more data is a bad idea.
posted by mercredi at 10:15 AM on October 27, 2014 [6 favorites]

Actually I've been in several restaurants that don't accept cash. Card only or go elsewhere.

If they're billing you after the meal, that could be illegal - there's a reason our currency is marked "legal tender for all debts public and private".
posted by NoxAeternum at 10:17 AM on October 27, 2014 [36 favorites]

One of the things that always amuses me about companies competing with Apple is they always have a product coming out that will kill the one Apple is already shipping. How many iPad, iPod, iPhone killers have there been?

Just once it would be nice to see a company try to compete with something they are actually shipping. As far as I am concerned CurrentC is vaporware.
posted by cjorgensen at 10:17 AM on October 27, 2014 [8 favorites]

It's kind of interesting that Google Wallet has been a transaction option in some of these stores for over a year but it's only when Apple Pay launched that the consortium noticed all these NFC-enabled terminals at their retail counters.
posted by ardgedee at 10:18 AM on October 27, 2014 [7 favorites]

If they're billing you after the meal, that could be illegal - there's a reason our currency is marked "legal tender for all debts public and private".

Wrong. I thought that as well, but as long as it's clearly posted they don't have to take cash.
posted by cjorgensen at 10:18 AM on October 27, 2014 [2 favorites]

You mean the ATM that wasn't to charge me $2.50 to get out $20?

My bank reimburses me for the first $10 of out of network ATM fees, as long as I make 1 direct deposit a month. Get a better bank or take out more than $20 at a time.
posted by T.D. Strange at 10:19 AM on October 27, 2014

ACH also provides no consumer level protection against fraud.

The great thing about ACH is that banks will often authorize a transfer, and then four or five days later reverse it because they just noticed that actually the account doesn't exist.
posted by kenko at 10:19 AM on October 27, 2014 [2 favorites]

Well, even $100 at a time is a 2.5% usage fee for my own money. All banks in my area are like this. So not really an option to get a better one.
posted by cjorgensen at 10:20 AM on October 27, 2014 [2 favorites]

NYT (2010): The Merchants That Don’t Take Cash
posted by roomthreeseventeen at 10:20 AM on October 27, 2014 [4 favorites]

the jam: "Also, the app wants access to your health data. (source)

It's really a shopper's dream. Just... "

And don't forget, the consortium has excellent IT customer service reps waiting to help you should you experience any issue. Just dial 0118 999 881 999 119 725 3 and they'll be able to assist you!
posted by boo_radley at 10:20 AM on October 27, 2014 [9 favorites]

Paying for stuff is only one part of the long-term game for Apple Pay:

Apple Eyes New Uses for NFC Beyond iPhone Payments

The Apple representatives have talked to technology providers like HID Global and Cubic, which enable secure access to buildings and transit fare systems, respectively, said people briefed on the discussions. Spokespeople for the companies declined to comment about any discussions with Apple, but executives there discussed how they could integrate their systems with the iPhone.

CurrentC is dead within a year, if the vendors don't cave sooner — maybe they angle for and get a sweeter deal from the merchants — but Apple seems to already be playing a longer game.
posted by a lungful of dragon at 10:21 AM on October 27, 2014

Actually I've been in several restaurants that don't accept cash. Card only or go elsewhere.

Is that even legal? And regardless of legality....why? Note that "avoiding having cash on the premises" in this case results in "having credit card data on the premises".

And try paying for something with cash in an Apple store.

Having never been in Apple store, I'm wondering what exactly the issue is here. Do they spit on you or something?

Buying everything I need from the local flea market is looking better every day.
posted by DU at 10:21 AM on October 27, 2014 [1 favorite]

Those who cannot remember the CueCat are condemned to repeat it.
posted by Esteemed Offendi at 10:22 AM on October 27, 2014 [35 favorites]

MCX = Merchant Customer eXchange. They aren't even trying to hide the fact that you're being passed around, merchant to merchant. But hey, at least I get coupons for it!
posted by msbutah at 10:22 AM on October 27, 2014 [6 favorites]

Just once it would be nice to see a company try to compete with something they are actually shipping.

To be fair, much of the "wearables" market has been predicated on the idea that Apple is going to release Something in that category. I mean granted that none of the stuff that is out right now is as glorious as the iWatch that Apple will be releasing sometime next year, but, it does happen. There is competition, for sufficiently small values of "compete."
posted by rustcrumb at 10:23 AM on October 27, 2014

Those who cannot remember the CueCat are condemned to repeat it.

So, apologies to those of you who mentioned CueCat earlier, but this is the best CueCat reference thus far in the thread.
posted by aramaic at 10:23 AM on October 27, 2014 [5 favorites]

Is that even legal? And regardless of legality....why? Note that "avoiding having cash on the premises" in this case results in "having credit card data on the premises".

The NYT article roomthreeseventeen linked answers this. The TL;DR is it's legal, and it's more of a danger to have cash on premises than credit card data (at least for now).
posted by zombieflanders at 10:24 AM on October 27, 2014

Technology is supposed to enable disintermediation.

Well, there are several issues that cash intermediaries solve: universal availability of credit, vulnerability to crime or mishap, difficulties for people with loss of motor control or eyesight, and general convenience. All of these are things that have been enabled by technology.

Even ACH, the transaction type being used for CurrentC, is a disintermediation: it's basically a way for banks' computers to talk to each other and say "Give sylvanshine $3000, this is his payroll." The problem is that the retailers are so ignorant about financial software that they think that's all the credit card companies and Google/Apple are doing. It's not. There are fraud detection and protection systems inherent in the intermediaries; refunding and dispute processes; and so on.

An ACH transfer has none of these features. It just happens. If you call your bank and say "Holy shitballs! Someone did an ACH transfer for $2000 out of my account without authorization!" they're going to immediately reverse it (if you've notified them within 60 days of the transfer). Who's left holding the bag? Whoever was supposed to get the money. Unless CVS and Wal-Mart are going to open up an entire legal wing to sue people who are reversing their ACH charges maliciously, they will end up with a pile of liability.

Oh, but what if you don't notice a small ACH transfer until 60 days later? That's all she wrote. Good luck disputing it. (There is no central authority with whom you can dispute the charge.)
posted by sonic meat machine at 10:24 AM on October 27, 2014 [12 favorites]

Oh, great, now payment services will be just as fragmented as streaming services.

"Sorry, that movie does exist on Netflix but we are unable to process your payment this month because you use ApplePay. Amazon will accept ApplePay but they only have that movie on alternate Thursdays."
posted by bondcliff at 10:25 AM on October 27, 2014 [11 favorites]

This is timely, because I was on the phone at 3:00 this morning with Amex because my card had been compromised, no doubt through one of those high-profile data breaches of the past few years--there was a fraudulent charge last night at a 7-11 in Dallas (I live in Massachusetts) and I was surprised they didn't go for more than $30 worth of stuff. The account services rep who handled my claim actually told me the replacement card would be what sounded like a chip and PIN card (maybe I misunderstood, it was 3am after all...)

CurrentC sounds pretty terrible. If I understand what Rite Aid and CVS have done here correctly, it sounds like the ExpressPay RFID thing on my card won't work anymore either, which is annoying. I've been a regular CVS customer but I think I'm going to switch over my prescriptions to Walgreens and start going there instead... it's not much further away than the CVS I usually go to anyway, and I like the Apple Pay experience so far.
posted by Kosh at 10:26 AM on October 27, 2014

Having never been in Apple store, I'm wondering what exactly the issue is here.

In an Apple store the clerks on the floor can all take your money with these scanners in their iPhones or you can use the App. I paid for an Apple TV using the app and walked in and took it off the shelf and walked out. It took seconds in either case.

Using cash requires you to go the the Genius Bar (and potentially wait in line) to get to the one cash drawer in the place.
posted by cjorgensen at 10:26 AM on October 27, 2014

That means it CAN be accepted for all debts, it doesn't have to be. If I sell you something on Ebay, I don't have to take cash, I don't think it's really different in person. What it saves you isn't just having cash on premises--it would save you having to send someone to the bank with a ton of cash on a daily basis. It's not the point where it's in the register that it's most dangerous; it's when it's in a package that someone has to physically convey across town somehow. Not to mention that it's a time-consuming task for a trusted employee.

I'm still perfectly happy with my debit card for right now and considering my grocery store will still take personal checks with the right procedure, I'm not seeing them refusing debit cards anytime soon.

I do, however, think that NFC is pretty nifty. I'm hoping more places will get support for the YubiKey with the NFC chip (or something similar) at some point for 2-factor auth so that I can justify the expense, and I'm seriously considering putting a variety of them in my apartment and car for a whole bunch of purposes.
posted by Sequence at 10:26 AM on October 27, 2014

That means it CAN be accepted for all debts, it doesn't have to be.

No, it has to be. But offering to buy something does not therefore incur a debt that you can satisfy this way. It is up to a merchant to decide whether or not to accept your offer, and they can put conditions on it like insisting on payment in advance, via the means of the merchant's choosing.
posted by grouse at 10:30 AM on October 27, 2014 [7 favorites]

I'm not sure there's a problem with the health information - or at least we can't seem to tell yet. This is the image that is being referenced, and I can't seem to find a full policy. What we can see:

The CurrentC app does collect information generated in conjunction with your payment transactions that constitute protected health information, claims or other information used to measure your health or wellness.

Why?

Similar to health information involved in processing and settling traditional payment transactions, certain health information is also involved in processing...

and then the image cuts off. At least that part of it reads more like them acknowledging that having a record of your purchases can constitute health info - if I'm buying Lipitor, then they have health info. That's true and not really a change from the present. Can't tell from that image alone whether they share it or exactly what they mean. Anyone have a full policy? Their website is...minimalist.
posted by Lemurrhea at 10:31 AM on October 27, 2014 [2 favorites]

CurrentC not CurrenC.

It's like they don't even want to be confused with competent branding.

I have a feeling Apple will just block the CurrentC app from the App Store. Seems only fair if they're blocking Apple Pay from their stores.

"Duplicating existing functionality" is the line they'll cite.
posted by ChurchHatesTucker at 10:32 AM on October 27, 2014 [9 favorites]

The Register has been calling NFC payment "Pay-by-bonk" and doing po-faced opinion pieces on its perils (there basically are none - the funniest was one that claimed people would be smashing their phones to pieces upon checkout scanners in their enthusiasm to pay for things).

Pay-by-bonk is it - shitloads better than current credit/debit card infrastructure in terms of security and convenience, and CurrenC will be the biggest non-starter since Flooz. Retailers who eschew ApplePay or GoogleWallet - for any reason - are basically telling people who want to make quick purchases to go next door, because this store doesn't like your money. They'll seem to be quaint cranks at best, like the breakfast place that doesn't take credit cards so you never go there even though it's supposed to be good because who the hell has cash at 9:00am on Saturday?
posted by Slap*Happy at 10:34 AM on October 27, 2014 [10 favorites]

My neighborhood CVS, located directly across the street from my bank, has a an ATM from my bank. I suspect I'm going to be using it even more so than I do now.
posted by dances with hamsters at 10:34 AM on October 27, 2014

Stolen from Daring Fireball: Can't wait for the mobile payments app from the company that designed this receipt.
posted by cjorgensen at 10:36 AM on October 27, 2014 [22 favorites]

You know, it's not that big a inconvenience to me to run by the ATM on the way to the store, much less than trying to sort this out.

ATMs in the US are rapidly aging and increasingly prey to increasingly sophisticated skimmers. Trust your bank all you want, but until all banks in the US spend the cash to replace their armada of decrepit ATMs, I don't trust any ATM.

Doesn't mean I don't use them, because they are, let's face it, convenient -- and 9 times out of 10, banks find ways to force you to use them rather than come in to do in-branch transactions. Doesn't mean I don't cringe every time I have to use one.
posted by blucevalo at 10:37 AM on October 27, 2014 [3 favorites]

The Apple representatives have talked to technology providers like HID Global and Cubic, which enable secure access to buildings and transit fare systems, respectively, said people briefed on the discussions. Spokespeople for the companies declined to comment about any discussions with Apple, but executives there discussed how they could integrate their systems with the iPhone.

So that's creepy.

At work, there's already pressure to have an iPhone - one of the systems we use has a validation process which is much quicker with the iPhone than without.

I have always been "well, a drawback of the iPhone is that you are apparently completely trackable and that's very difficult to turn off, whereas there's more workarounds for old-fashioned phones"....Apple, apparently sensing how creepy and surveillance-y most of their products are, is I guess just going full on into security/surveillance industry. Next up, maybe they'll run the prisons. Or the cops, that would probably be the quickest route.
posted by Frowner at 10:37 AM on October 27, 2014 [4 favorites]

Putting aside the shitty behavior of CVS, etc, perhaps most alarming about this is the QR codes. Seriously?

I mean, I'm not one to put much stock in fear-mongering stories about people photographing your credit card when you take it out of your wallet. However, QR codes are basically designed to be machine-readable at a distance. That seems like a rather easy target for capture and fraud.
posted by tocts at 10:37 AM on October 27, 2014 [4 favorites]

Most ATMs are also still running Windows XP.
posted by cjorgensen at 10:38 AM on October 27, 2014 [2 favorites]

NYT (2010): The Merchants That Don’t Take Cash

There are quite a few restaurants that I go to that still will only take cash.
posted by octothorpe at 10:38 AM on October 27, 2014 [2 favorites]

No, it has to be. But offering to buy something does not therefore incur a debt that you can satisfy this way. It is up to a merchant to decide whether or not to accept your offer, and they can put conditions on it like insisting on payment in advance, via the means of the merchant's choosing.

Seems like a restaurant serving you a meal with the expectation of payment afterwards has created a debt. And we all know cash is "legal tender for all debts." But I'm not sure if the restaurant still gets away with it because a) it posted a no cash policy or b) legally it's not a debt even though it kinda seems that way.
posted by mullacc at 10:39 AM on October 27, 2014

Right place, wrong time. In 1999, I worked for a place that made an RFID reader in the form factor of a mouse pad. NFC and RFID are pretty much the same technology, although RFID tags are allegedly static, but we were looking at various chips that had read/write capability and a small amount of processing power.

The notion was simple, the RFID reader has a unique ID, your credit card has a unique ID and you have a PIN. Then if you're performing an online transaction, the PIN and reader ID authorize the transaction and the RFID ID is used to look up your payment information somewhere not on your computer which then authorizes payment to the site.

It failed as a company because at the time no credit card issuer/bank wanted to invest in helping make the readers ubiquitous nor did they want to pay for the extra cost of a having the tag in their credit cards.

Then there was the challenge that if you're good at making antennae, you can make some pretty awesome RFID skimmers. The mousepad form factor would give a good, solid read in something like 10 inches if the tag was in the right orientation. The problem is that the protocols are very simple - there's a little hand shaking when the chip in the tag powers up and ultimately all it does is say "My ID is xxxxxxxx". In reality, there has to be something more complicated like the ID asking "who goes there, friend or foe?" and not giving up an ID in clear data, but that drives the cost up.

So the response is, go ahead and broadcast your ID, but we'll use the ID in reader which we can keep more private AND the tag ID and we'll take a PIN to as well.

In reality, the whole thing was a solution in search of a problem. Mobil was trying to get in there with Speedpass at the gas pump using a TIRIS tag on a key fob.

Now you have NFC in your phone which solves the ubiquity to a degree and creates the opportunity better security.

I honestly don't expect this to be done right by anyone, although I think the credit card companies are starting to come around to accepting the inevitability of the end of credit cards, but the thing is that what they replace it with will probably be no better than the typical security through obscurity approach which is cheap and makes it cheap to counterfeit.
posted by plinth at 10:39 AM on October 27, 2014 [7 favorites]

So I guess the CurrentC app is in the App Store. The reviews are pretty entertaining.
posted by R. Mutt at 10:40 AM on October 27, 2014

When credit cards first started becoming a thing, was there this kind of fragmentation? Some stores took Visa and only Visa, others took Mastercard and only Mastercard, etc? Were there noncompetes involved in being able to take a particular brand of card?

I genuinely don't know the answer to that, but at least by now, that's mostly worked itself out, with most places taking a variety of cards (still annoys me that Costco only takes AmEx though). I don't understand why these companies would look at the success and ubiquity of the credit card model and go "Nah, that's not for us."
posted by kafziel at 10:41 AM on October 27, 2014

businesses that don't take cash

Read all you want.
posted by cjorgensen at 10:42 AM on October 27, 2014

Oh, but what if you don't notice a small ACH transfer until 60 days later? That's all she wrote.

And if it's a business account? You get two days, not two months, before the debit is irrevocable. The only safe practice for a small business is 1. check your transactions daily, and 2. don't use checks.
posted by nicwolff at 10:43 AM on October 27, 2014 [1 favorite]

So I saw this commercial in which some pro football player was attempting to pay for something with his phone while catching tossed balls... I can't remember which service he was using. Seems it would have been easier to swipe a finger print using Apple Pay.
posted by Gungho at 10:45 AM on October 27, 2014

I suppose both Apple and Google could claim they're entitled to their usual 30% cut of all purchases made through th application.
posted by Fruny at 10:45 AM on October 27, 2014 [8 favorites]

I recently moved to Denmark, and learned about the system here : Dankort..

Seems like an interesting solution, but it may work best in a smallish country. And as a recent newcomer, it's a pain because I can't get one immediately. .
posted by nat at 10:45 AM on October 27, 2014

ATMs in the US are rapidly aging and increasingly prey to increasingly sophisticated skimmers.

Unless you go all cash and only withdraw at in-person visits, you have to trust your banking info to someone, at some point in the electronic transaction chain. At least your bank or credit card company should have developed fraud reimbursement procedures, unfortunately breaches seem to be a transaction cost of modern banking, and as plinth said, it doesn't look like that's changing
posted by T.D. Strange at 10:46 AM on October 27, 2014 [1 favorite]

So I guess the CurrentC app is in the App Store. The reviews are pretty entertaining.

CurrentC

9 five star reviews, 0 four, 1 three, 1 two, and 1,217 one star reviews.
posted by cjorgensen at 10:46 AM on October 27, 2014 [18 favorites]

I'd like to register my prediction that muggings will now include thumb amputations.
posted by sonascope at 10:46 AM on October 27, 2014 [3 favorites]

I honestly don't expect this to be done right by anyone

Aren't NFC payments pretty ubiquitous in East Asia and parts of Europe?

When credit cards first started becoming a thing, was there this kind of fragmentation?

1969 called, they were wondering if Metafilter accepts Diners Club. And well, my Target CC only works at Target, so it's not like this fragmentation is totally licked.
posted by FJT at 10:47 AM on October 27, 2014 [2 favorites]

I was a little sad to CVS included in this consortium. I was all full of good will toward them for dropping tobacco products, and now they go and pull something like this. I also shop at Target some. I wonder if the Kohls next to them will take Apple Pay.
posted by TedW at 10:47 AM on October 27, 2014 [5 favorites]

I suppose both Apple and Google could claim they're entitled to their usual 30% cut of all purchases made through the application.

This is actually interesting. Again, from Daring Fireball: Apple Said to Negotiate Deep Payments Discounts From Big Banks

Basically Apple is taking a bigger cut than normal from the banks because Apple is assuming the fraud risk. Win/win for Apple.
posted by cjorgensen at 10:49 AM on October 27, 2014

This is the sort of thing that actually makes me care about distributed cryptocurrencies. I don't much care for anarcholibertarianism, but it beats panopticon capitalism (except where it's equivalent).

All the cryptocurrencies I know of operate by making all transactions a public record. Everyone in the world knows and agrees that wallet 123456789 paid wallet 987654321 0.24 crypto-coins. The only thing private about it is that we don't know who owns those wallets. Which seems ripe for big data type analysis, or merchant collusion, or information leaked from hacks, or whatever.
posted by aubilenon at 10:51 AM on October 27, 2014 [6 favorites]

9 five star reviews, 0 four, 1 three, 1 two, and 1,217 one star reviews.

Unfortunately, the App Store doesn't allow zero-star ratings.
posted by Thorzdad at 10:51 AM on October 27, 2014 [1 favorite]

sonascope: I'd like to register my prediction that muggings will now include thumb amputations.

Nope. TouchID only works with living fingers: "Apple is not the first company to design a robust fingerprint sensor that is able to "avoid dead fingers"
posted by blob at 10:53 AM on October 27, 2014 [7 favorites]

I also shop at Target some. I wonder if the Kohls next to them will take Apple Pay.

Kohl's is a member of MCX, so presumably not. What's odd about Target is that their iOS app supports Apple Pay. It's unclear how this is not in violation of the exclusivity agreement.
posted by entropicamericana at 10:53 AM on October 27, 2014 [1 favorite]

I'd like to register my prediction that muggings will now include thumb amputations.

touchID and dead fingers

Also, my phone isn't linked to my thumb. You're gonna have to take all 10 to be sure (and my nipples).
posted by cjorgensen at 10:54 AM on October 27, 2014 [3 favorites]

INSERT FINGER
CASH WILL DISPENSE AUTOMATICALLY
AVOID DEAD FINGERS FOR HIGH SCORE
posted by griphus at 10:54 AM on October 27, 2014 [13 favorites]

I sometimes wonder if there is something inherent in the nature of a business person that makes them unusually amenable to cutting off their nose in order to spite their face.
posted by aramaic at 10:55 AM on October 27, 2014 [4 favorites]

I use cash at just about every national or regional chain we shop at and that's the way it's been for a couple years. I do used my debit card at the grocery store and to fill on gas - I suppose that I'll get burned by that one of these days. If Amazon gets cracked then I'm in trouble.
posted by Ber at 10:56 AM on October 27, 2014

Read all you want.

My (possibly out of date) understanding: Businesses don't have to accept cash up front. So, if someone offers to buy your lemonade with cash, you could refuse. However, if you serve lemonade to someone and when the bill comes they offer to pay in cash, refusing that cash is canceling the debt.

Nothing in the above links seem to contradict that.
posted by ChurchHatesTucker at 10:56 AM on October 27, 2014

Well, now I see that Kohls is part of the evil MCX, so I guess I can't use Apple Pay there or Target. But I also notice that at least one retailer (Meijer) is part of both groups, so perhaps they aren't as mutually exclusive as some are saying.
posted by TedW at 10:59 AM on October 27, 2014

I sometimes wonder if there is something inherent in the nature of a business person that makes them unusually amenable to cutting off their nose in order to spite their face.

The enmity is personal, the money isn't.
posted by ChurchHatesTucker at 11:00 AM on October 27, 2014

My credit card has been compromised four times in the last 2 years. Target (which completes the irony of them forgoing a secure technology on favor of embracing an insecure one), Lacie, Home Depot and one other place. It's literally happened enough that I've forgotten which places have done it. I am moving away from credit cards for this reason (and others). I won't shop in a Target again unless it's with cash. I don't think I've been back there since. Same with Lacie. I canceled my outstanding orders with them and won't buy from them again. In the Lacie case it was also my username/password for their site.

I'm down to one credit card. I would love to get rid of that. My previous plan was to open a checking account. Use the debit card on it, keeping only what I needed in there. So the idea of a newer, more secure way to pay, appeals to me.
posted by cjorgensen at 11:01 AM on October 27, 2014

I have always been "well, a drawback of the iPhone is that you are apparently completely trackable and that's very difficult to turn off, whereas there's more workarounds for old-fashioned phones"... Apple, apparently sensing how creepy and surveillance-y most of their products are, is I guess just going full on into security/surveillance industry.

As described, Apple doesn't get to know anything about the details of the transaction between end user and vendor.

My guess is that using NFC for building access would work the same way, where the token exchange starts and ends between the end user and the building's maintenance system (which presumably Apple has no interest in, for the same reason it does not track purchase sessions).

But people are already trackable by means of other technologies, such as making a purchase with a plain credit card, or using a popular web-based email system that scans purchase-related and other personal emails for targeted advertising.

Privacy laws are probably a weak point worth focusing on, generally.
posted by a lungful of dragon at 11:01 AM on October 27, 2014 [1 favorite]

Uh, so I never thought I would type this, but I LIKE my credit card!

It has fraud protection, so I'm not on the hook for lax security at any end of the chain of purchase. It's convenient, small, and accepted everywhere. I also don't have to have a charged phone for it to operate. I get rewards points, and just pay it off every statement anyway. I'm basically getting free money in the form of points instead of absolutely nothing for using cash or my debit card.

The cost for this is largely passed on to retailers and people who maintain a revolving balance of debt, but neither one of those things describes me, so strangely I'm actually on the losing side of the equation if credit cards start to go extinct. But, looking at the MCX documentation, I don't see that happening any time soon.
posted by codacorolla at 11:01 AM on October 27, 2014 [26 favorites]

9 five star reviews, 0 four, 1 three, 1 two, and 1,217 one star reviews.

At least two of those "five star" reviews are 100% sarcasm. "Please track all my movements on your store wifi and sell all my data to junk mail companies too!"
posted by dnash at 11:02 AM on October 27, 2014 [2 favorites]

Is there where I just in to say I've been using "Tap to Pay" with my debit+credit cards for years in Canada? ApplePay is the same system, just differently branded.
posted by blue_beetle at 11:03 AM on October 27, 2014 [5 favorites]

CVS is already the absolute worst on privacy protection.

I'm never showing them my card again (I have to go there because that's my mandatory prescription pharmacy--thanks insurance!). Also I can vouch for those horrendous receipts; I've gotten them myself. They use more (thermal) paper in the receipt than the bag for most of my scrips.
posted by immlass at 11:06 AM on October 27, 2014

Is there where I just in to say I've been using "Tap to Pay" with my debit+credit cards for years in Canada? ApplePay is the same system, just differently branded.

No. It's not. Your Tap to Pay still sends the PAN to the pinpad which can then be hijacked or just stored by the merchant for later breaches.

Apple Pay converts the PAN to a Device Account Number which is then used to assign a unique signature to each transaction.
posted by Talez at 11:07 AM on October 27, 2014 [10 favorites]

The cloud is safe and secure for your money and biometric data linked to said money.

Just don't put nekkid selfies up there and expect them to remain secure. That's crazy talk.
posted by Pirate-Bartender-Zombie-Monkey at 11:09 AM on October 27, 2014 [10 favorites]

So, is ACH actually any scarier than a debit card transaction? AFAIK, the fraud protection mechanisms in the debit system are pretty weak.

Really, I'd love for us to figure out a way to do open payments correctly (and kill Visa's stranglehold on payment processing in the process). It's staggering that the only good replacement for paper checks is still PayPal.

Also, unless Apple want to evolve into a payment processor, Apple Pay isn't going to be a long-term solution for anything. It's a weirdly ambitious business venture for Apple, and it's not at all clear what their endgame is -- do they expect to convert everybody to iOS? Open the platform? Only exist as a secondary payment system?

Apple's strength has always been in the focus of its product offerings, which lately have also been quite conservative as well (not necessarily a bad thing -- Apple don't launch half-baked products). "Try everything and see what sticks" has never worked well for Apple -- that's what Amazon and Google do, and it's particularly perplexing that Apple are seemingly willing to spend a substantial amount of political capital on launching a product, where many other extremely competent players have failed spectacularly due to industry and consumer opposition.

I can be a pretty harsh critic of Apple, but I like the payment processing cartels even less. Apple Pay adds value to the iPhone portfolio, but probably isn't going to attract many new people to the platform. Why not work with Google, Amazon, et al, and actually come up with an industry standard that consumers and businesses can all get on board with?
posted by schmod at 11:10 AM on October 27, 2014

Was this a result of some sort of challenge to make BitCoin actually look good by comparison?

Among other things. After much debate on what to link to, I decided to take a short cut.
posted by infini at 11:10 AM on October 27, 2014 [1 favorite]

I like my credit cards, too. That's why I like to use Google Wallet. Same zero fraud liability and no risk of a merchant breach giving my actual card number to crooks.

I also have a Google Wallet card for those places that don't do NFC, but my Wallet balance is usually around $3 so that's less helpful than it might seem. Of course, the fraud protection on my wallet balance isn't that great compared to credit, so better not to have a big wallet balance anyway. I mainly end up using it to avoid my bank's (small) foreign ATM transaction fee.
posted by wierdo at 11:11 AM on October 27, 2014 [1 favorite]

If you had read the links, you would know that the biometric information from TouchID never leaves your device.
posted by entropicamericana at 11:12 AM on October 27, 2014 [4 favorites]

Why not work with Google, Amazon, et al, and actually come up with an industry standard that consumers and businesses can all get on board with?

Apple Pay is an adaption of the EMVCo tokenization and NFC standards. Google Wallet uses the NFC standard but I believe it replaces the PAN (in theory) with a prepaid Mastercard number for that transaction as a hacked up version of tokenization.
posted by Talez at 11:13 AM on October 27, 2014 [2 favorites]

schmod, my understanding is that, like Google Wallet, Apple Pay works on any standard NFC reader. It's surprisingly non-proprietary, at least by Apple's usual standard.
posted by wierdo at 11:13 AM on October 27, 2014 [1 favorite]

9 five star reviews, 0 four, 1 three, 1 two, and 1,217 one star reviews.

Given the uninformed panic over the Facebook Chat rollout -- and preponderance of user reviews that hadn't actually used the app, I wouldn't read too much into this.*

I mean, it's a bad idea. But the court of public opinion is dumb as dirt when it comes to this stuff.

Facebook are creepy assholes, and people should be upset about that, but they didn't actually change anything by launching a separate chat app.
posted by schmod at 11:15 AM on October 27, 2014 [1 favorite]

Apple Pay is an adaption of the EMVCo tokenization and NFC standards.

Does this mean a retailer who converts to terminals that take EMV cards will have no choice but to take Apple Pay?

Also, what is PAN?
posted by mullacc at 11:15 AM on October 27, 2014

A few months ago, Verizon force-installed an app on my phone called ISIS Mobile Wallet.

This raised so many questions. Why was this installed without my consent? Why do Verizon think that they can compete in this space -- are they still blindly following the Bell Labs Manual For World Domination? Why can't I uninstall it? Why did they name it after a terrorist cell? How quickly can I install CyanogenMod on my new phone?
posted by schmod at 11:17 AM on October 27, 2014 [4 favorites]

Still not really understanding how ApplePay can dominate the market without licensing to third parties. So it continues to sound like a dead end, to me.
posted by lodurr at 11:18 AM on October 27, 2014 [1 favorite]

I like my Google Wallet. Seems they use a proxy with the merchant and my credit card info is buried in PlayStore... CVS was one of the better places in terms of integration.
posted by mikelieman at 11:19 AM on October 27, 2014

Does this mean a retailer who converts to terminals that take EMV cards will have no choice but to take Apple Pay?

No. Apple Pay uses NFC. If the retailer turns off NFC they can still accept Chip and Pin cards without issue.

Also, what is PAN?

PAN is Primary Account Number, the credit card number effectively.

Still not really understanding how ApplePay can dominate the market without licensing to third parties. So it continues to sound like a dead end, to me.

It doesn't have to. It's an implementation of an existing standard. It's like wondering how Apple can dominate music without licensing AAC to other parties. It's not only illogical but literally impossible seeing as they don't own the standard.
posted by Talez at 11:20 AM on October 27, 2014 [5 favorites]

The thing about these NFC solutions (softpay, Apple Pay, Google Wallet) that are NFC based is that they should all work on the same POS hardware, so one service doesn't have to achieve market dominance or whatever. I mean, it does if they disable the NFC POS terminals they already paid for in favor of a system that will never succeed though.
posted by selfnoise at 11:20 AM on October 27, 2014 [1 favorite]

Businesses have to accept dollars, but can choose the types of currency they accept, including not accepting cash at all. Here's the Federal Reserve's information on this subject.
posted by nerdler at 11:20 AM on October 27, 2014 [6 favorites]

This is also a bit tiresome. We get it, you cash guys don't see the point. You're probably also happy with your flip phone.

Yes. Yes I am. I love it so much that I just bought a new one to replace my busted old Motorola. Paid $5 for it. In cash.
posted by nerdler at 11:22 AM on October 27, 2014 [8 favorites]

schmod: Why not work with Google, Amazon, et al, and actually come up with an industry standard that consumers and businesses can all get on board with?

I guess to half-answer my own 'question' via this one: Because they want to have a clear denotation of difference; and in any case they've probably got patents that they think can prevent other vendors from deploying a substantially similar (i.e., similarly easy) system.

So, they don't hope to convert everyone to iOS, they don't plan to become an open vendor -- they simply plan to harvest a lot of money off this while maintaining a differentiating feature.
posted by lodurr at 11:22 AM on October 27, 2014 [1 favorite]

All I have to say about CurrentC is: Remember DivX discs?
posted by chimaera at 11:24 AM on October 27, 2014 [5 favorites]

Talez: It's an implementation of an existing standard.

OK... but is that really all there is to it? If so, then what's the big deal? And why is everyone else not doing the same thing?
posted by lodurr at 11:25 AM on October 27, 2014

No. Apple Pay uses NFC. If the retailer turns off NFC they can still accept Chip and Pin cards without issue.

But can Apple swap out NFC for EMV?
posted by mullacc at 11:26 AM on October 27, 2014

Also, without credit cards, how am I supposed to open locked doors like a seventies private eye?
posted by sonascope at 11:27 AM on October 27, 2014 [1 favorite]

OK... but is that really all there is to it? If so, then what's the big deal? And why is everyone else not doing the same thing?

Yes that's all there is to it. The big deal is that these moronic merchants don't get your credit card anymore and get to store it where it can get stolen and the reason why everyone else is not doing it is because the standard was literally set in stone in March. Apple is moving at the finance industry's equivalent of Warp 9.

But can Apple swap out NFC for EMV?

Not unless they make an Apple Pay card peripheral. Tokenization isn't limited to NFC.
posted by Talez at 11:27 AM on October 27, 2014 [4 favorites]

Sonascope: Using lockpics or jimmies, which is how they really did it. The credit card trick doesn't work on any door that's worth a damn. (Well, not and leave you with a usable credit card.)
posted by lodurr at 11:28 AM on October 27, 2014 [1 favorite]

(Well, not and leave you with a usable credit card.)

Use your CVS extracare card since you won't be using that any more.
posted by immlass at 11:29 AM on October 27, 2014 [20 favorites]

my understanding is that, like Google Wallet, Apple Pay works on any standard NFC reader. It's surprisingly non-proprietary, at least by Apple's usual standard.

Indeed, the outrage is that they worked at existing readers until the retailers disabled that functionality.
posted by ChurchHatesTucker at 11:29 AM on October 27, 2014 [3 favorites]

The credit card companies are bad and the security of the whole ecosystem is almost hilariously bad, but ACH is arguably far worse.

At least credit cards keep the "pull" mechanism for payments (i.e. someone with a few bytes worth of information and therefore has the ability to suck money from an account of yours) disconnected from your main checking account. ACH doesn't, at least as most consumers use it. And there's less fraud protection on ACH transfers than credit card ones.

A lot of business use ACH in conjunction with zero-balance accounts, in order to maintain some separation between the account containing all the money and the one that they're giving out the ACH information to. But that's awkward for consumers and really isn't even good for businesses.

I'm intensely skeptical of any payment system which at its heart is ACH-based.

But anything that breaks up the current framework for consumer POS-based payments is probably good, because the system is as close to bad as you can get with it still working, and basically anything that we invent today is going to be better than the pile of kludges we currently have.

I was intrigued by MCX at the outset because it sounded like they were doing some sort of "push"-based / giro system, which is really where we need to go. It should be the merchant who gives out their routing information (maybe via a scannable barcode or whatever) and then the consumer tells the bank or payment processor to "send $X to Foo Inc.", whereupon the merchant releases the goods once they have proof of payment. I don't think that any system that allows the merchant to pull money is ever going to be securable.
posted by Kadin2048 at 11:30 AM on October 27, 2014 [7 favorites]

imlass: Those are pretty sturdy.
posted by lodurr at 11:30 AM on October 27, 2014

> We get it, you cash guys don't see the point. You're probably also happy with your flip phone.

Speaking as a late late late adopter (I just got my first android phone as a $29.95 no-contract closeout from Kroger) I liked my bottom-end Huawei candybar better. I've got it carefully squirreled away in a baggie against the day I brick my smartphone dicking around with CyanogenMod or something, as I inevitably will.

> A consortium of retailers, including Walmart, Target, Best Buy, CVS, Rite Aid, and many others

I don't see anybody in the list that I'd back in the Great Game against even a Jobs-less Apple.
posted by jfuller at 11:32 AM on October 27, 2014

But might this be setting up some kind of enhancement to ACH?
posted by lodurr at 11:32 AM on October 27, 2014

... e.g., some new ACH service provider? Or offering, from an existing provider?

and Kadin2048, wouldn't Apple running their own ACH service address some of those concerns?
posted by lodurr at 11:33 AM on October 27, 2014

was intrigued by MCX at the outset because it sounded like they were doing some sort of "push"-based / giro system, which is really where we need to go. It should be the merchant who gives out their routing information (maybe via a scannable barcode or whatever) and then the consumer tells the bank or payment processor to "send $X to Foo Inc.", whereupon the merchant releases the goods once they have proof of payment. I don't think that any system that allows the merchant to pull money is ever going to be securable.

Welcome to tokenized payments! This is what Apple Pay literally does this except over NFC. The pin pad sends a payment request, the phone signs the transaction with the Device Account Number to say the payment is legit, the token gets sent to the payment processor and the processor comes back telling the pin pad the transaction is completed.
posted by Talez at 11:33 AM on October 27, 2014 [4 favorites]

What will be interesting/pathetic are the excuses CVS managers and staff will be instructed to use when a customer complains about not being able to use the NFC reader anymore. I suspect it'll be a bald-faced lie like "We discovered it wasn't secure." Followed up with "We're coming out with something better real soon."
posted by Thorzdad at 11:34 AM on October 27, 2014

Who wants to take bets on how long it takes for CurrentC to fold?
posted by the jam at 11:36 AM on October 27, 2014 [2 favorites]

But might this be setting up some kind of enhancement to ACH?

... e.g., some new ACH service provider? Or offering, from an existing provider?

No. It's an ugly hack around the payment processing networks of Visa and Mastercard. Nothing more, nothing less.
posted by Talez at 11:36 AM on October 27, 2014

I get narcolepsy* around almost anything to do with financial transactions, so I'm struggling to follow this because it's important, and I appreciate being able to follow the discussion. It makes it a little easier to stay awake.

--
*Not joking, I really do. It's an issue.
posted by lodurr at 11:39 AM on October 27, 2014 [2 favorites]

Also, what is PAN?

Pan is the great horned god of the woods, fond of nymphs and of playing his pipes.

Also, it is bread in Spain, Mexico, and many other countries.
posted by COBRA! at 11:39 AM on October 27, 2014 [20 favorites]

I don't see anybody in the list that I'd back in the Great Game against even a Jobs-less Apple.

I think it will be interesting if Google and Apple join forces on breaking this one, since they're both backing nfc payments now.
posted by empath at 11:40 AM on October 27, 2014 [1 favorite]

One problem with tokenized payments (one time credit cards that are good for the single purchase) is that they tend to fuck with fraud detection systems. Each time you make a credit card purchase, your purchase is goes through a hugely complicated set of analysis to determine if its a fraudulent purchase (do you ever buy diamonds? is your purchase in the same city it normally is in? is it a small transaction that looks like a 'test' transaction that frauders use, etc, etc). If your 'token' (one time credit card) is generated each time, all these systems get bypassed.

There are a lot of parties that want to get a cut of every transaction you engage in. Right now that's the credit card system mainly, but your cellular provider would really like to get a few pennies for every transaction in the country, and so would google/apple.

About a decade ago, when I worked in this space, Visa didn't consider Mastercard or Amex to be serious competitors (indeed, they were good to have around to prevent accusations of violations of anti-trust laws - 'see, we have competitors!'). Instead, Paypal was (and probably still is) considered the main threat to their business model.

No one at Visa is loosing sleep over this convoluted mess of a system though.
posted by el io at 11:43 AM on October 27, 2014 [1 favorite]

This is all freakishly well-timed given the recent security disasters at various retailers.

I'll actually be a little surprised if CurrentC even manages to launch, at least in the current (hilariously terrible) implementation I've seen posted 'round the net. Google and Apple have already won, but their competitors haven't realized it yet.

...well, either that or they didn't pay attention to the Sunk Cost fallacy when they were getting their MBA.
posted by aramaic at 11:44 AM on October 27, 2014 [3 favorites]

Today I learned that there is a new type of smug person out there: those that only use cash and sneer at others who don't.
posted by MisantropicPainforest at 11:44 AM on October 27, 2014 [7 favorites]

One problem with tokenized payments (one time credit cards that are good for the single purchase) is that they tend to fuck with fraud detection systems.

Also, fraud.
posted by ChurchHatesTucker at 11:45 AM on October 27, 2014 [4 favorites]

Fully anonymized transactions are be nice. I definitely think in the future there will be some need to have that level of control over our identities. It seems like it should also be possible to attach enough identifying information to a transaction to prevent fraud without having to trust every retailer to store permanent payment-authorizing information forever.

Basically, I want to be secure from hackers, incompetent IT departments, AND the advertising panopticon.
posted by rustcrumb at 11:50 AM on October 27, 2014 [1 favorite]

One positive aspect of the CVS/Rite Aid/CurrentC debacle is that it has brought Apple fanboys and Google fanboys together in an inspirational and perhaps unprecedented alliance!

For example, the comment sections for Engadget articles are usually a full-on pitched battle between the two camps - - but reading the comments on this topic (click on 'Show More Comments' and sort by 'Top Comments') almost brought tears of hope for a new unified peaceful future to my eyes.
posted by fairmettle at 11:56 AM on October 27, 2014 [15 favorites]

A QR code would be trivial to scan and store with a little camcorder stuck up in the ceiling tile. You wouldn't capture every single one due to glare or what have you, but you could easily suck up a dozen payment tokens a day. I would have thought it was difficult to beat the insecurity of a mag stripe. I would have been wrong.

One would hope that the payment token is unique on a per transaction basis. You couldn't make a payment system in this day age age without it.
posted by Talez at 11:56 AM on October 27, 2014 [2 favorites]

stoneweaver: I was reading about this system last night, and it's woefully short of actual details of how it works ("it's secure!" , yeah, but *how*?). That being said, I imagine that it's a challenge-response sort of thing. So you can grab a QR code for a transaction, but I imagine it was only good for that single transaction.

It's difficult to do any real analysis of the security of the system without them giving out some details of it (but I'm sure the fraudsters will provide a sophisticated security analysis for us all - 'free of charge').
posted by el io at 11:57 AM on October 27, 2014

The cloud is safe and secure for your money and biometric data linked to said money.

Apple Pay sends no biometric or financial data through the cloud.
posted by grubi at 11:59 AM on October 27, 2014 [1 favorite]

I think it will be interesting if Google and Apple join forces on breaking this one, since they're both backing nfc payments now.

Not sure about the companies, but the users are on it.

Let's invite /r/Android to help us boycott retailers that are disabling NFC readers. We can unite to put pressure on them, since it affects us both!
posted by ChurchHatesTucker at 11:59 AM on October 27, 2014 [1 favorite]

One would hope that the payment token is unique on a per transaction basis. You couldn't make a payment system in this day age age without it.

Given how far the state of the art in ATM card skimmers has advanced, I don't think it's out of the question to think someone might build a small "all in one" package that has a camera (for capturing QR codes) and wireless internet (perhaps via a nearby cafe) to immediately try to use the token. Even if it only succeeds occasionally (due to the inherent race condition), it could still be pretty profitable for a ne'er do well.

Hell, only succeeding occasionally is probably a feature -- when it does work, the cashier will probably think the system was acting up and try again, obfuscating the transaction until the customer later reviewed their charge history.
posted by tocts at 12:01 PM on October 27, 2014

I will never get people who take up the banner for corporations. I mean, really, a boycott?
posted by empath at 12:02 PM on October 27, 2014 [1 favorite]

El Io, speak to me of this "hugely complicated set of analysis" the credit card COs use for fraud analysis, because last time they hit me, I was attempting to buy a mattress. A mattress! In my home town! When was the last time you saw someone hocking used Sealy mattresses in a back alley to make a quick buck?
posted by scolbath at 12:03 PM on October 27, 2014

Today I learned that there is a new type of smug person out there: those that only use cash and sneer at others who don't.

Yeah, well THEY use bills,, I bet; you know how easy it is to counterfeit cash?

Now me, I'm not so foolish; I use dollar coins and store them under my mattress. I'm also working out a barter arrangement with my landlord and the local farmer's market. This spring I'm going to start raising piglets on my balcony.

Seriously, I'm the wave of the future.
posted by happyroach at 12:09 PM on October 27, 2014 [2 favorites]

you know how easy it is to counterfeit cash?

Please, the preferred nomenclature is "handcrafted currency."
posted by entropicamericana at 12:11 PM on October 27, 2014 [14 favorites]

Well, there are several issues that cash intermediaries solve: universal availability of credit, vulnerability to crime or mishap, difficulties for people with loss of motor control or eyesight, and general convenience.

True! But there are also costs associated with non-cash payments, many of which disproportionately affect low-income individuals. Off the top of my head:

-Acquiring a credit or debit card usually requires a mailing address.
-The credit cards available to people with no credit or a poor rating are often usurious, making them more of a danger than a solution.
-Around here, at least, many stores require a minimum charge of $10 to $20 in order to offset the costs associated with credit card transactions.

And that's for transactions that don't involve owning a smartphone.

I can see why a store might prefer to avoid cash transactions, but all the same, I hope that doesn't become commonplace. After all, not everyone out there who relies on cash and a flip phone is doing so because they feel smug about it.
posted by evidenceofabsence at 12:11 PM on October 27, 2014 [3 favorites]

I will never get people who take up the banner for corporations. I mean, really, a boycott?

Do you get people taking up the banner against corporations?

Can we back up a second and ask again what the problem with cash is that we're trying to solve...

Availability and revokability, primarily.
posted by ChurchHatesTucker at 12:15 PM on October 27, 2014 [3 favorites]

The plain answer is that it's harder to harvest additional revenue off of cash transactions. The cash is all you get.

With credit or electronic transactions, there's an opportunity to harvest additional revenue.

That's all you really need to know. Convenience to teh consumer is nice, but it's not the reason this happens.
posted by lodurr at 12:16 PM on October 27, 2014 [6 favorites]

I don't think it's out of the question to think someone might build a small "all in one" package that has a camera (for capturing QR codes) and wireless internet (perhaps via a nearby cafe) to immediately try to use the token. Even if it only succeeds occasionally (due to the inherent race condition), it could still be pretty profitable for a ne'er do well.

That's not how the protocol works (or should work, anyway, I don't know the details of how CurrentC is architected, so it could be massively braindead). The process looks like:

1) Person wants to buy X for Y dollars.
2) The retailer's device talks to the person's device and they generate a token, signed by the person's device, saying "Financial Institution of Person, pay retailer's account number ABC Y dollars (one time only), under authorization of Person (as proven by this cryptosignature)".
3) Said token is passed to Financial Institution of Person (over public networks, since the signature means the token can't be usefully modified in flight).
4) Financial Institution pays the retailer, and retailer lets the person go home with X.

Scanning the QR code from afar isn't useful to a third party, because the token doesn't say "pay the bearer of this token Y dollars" -- it's specific to the parties involved.
posted by axiom at 12:16 PM on October 27, 2014 [3 favorites]

To try a good faith answer to the cash/credit question for a change: I like having a report I can download showing where I spent money for budgeting purposes. You can do this with cash but it's annoying at best. Also AMEX is kind enough to offer me cash back on groceries and gas and hey, every little bit helps. Plus it makes my wallet thinner and coins are not always falling out of my pockets.

I am totally aware of the pro cash arguments in re: to lower income populations, though.
posted by selfnoise at 12:16 PM on October 27, 2014 [1 favorite]

Revenue-harvesting is a totally good-faith answer. It's the foundation of the whole electronic processing industry.
posted by lodurr at 12:17 PM on October 27, 2014

I don't understand the legality of refusing cash at all. On the bills it says right underneath THE UNITED STATES OF AMERICA, albeit in slightly smaller letters but still on caps-lock:

THIS NOTE IS LEGAL TENDER FOR ALL DEBTS PUBLIC AND PRIVATE.

I always thought those people who had those signs up: "We don't accept cash" were fly-by-night and technically illegal.
posted by bukvich at 12:20 PM on October 27, 2014

Sorry Lodurr, I wasn't referring to your comment, I was referring to earlier "skinny jeans hurr hurr" comments. But I think in the interim they were deleted since I can't find them now. Anyway, leave the snark out, lesson learned.
posted by selfnoise at 12:21 PM on October 27, 2014

I don't understand the legality of refusing cash at all. On the bills it says right underneath THE UNITED STATES OF AMERICA, albeit in slightly smaller letters but still on caps-lock:

THIS NOTE IS LEGAL TENDER FOR ALL DEBTS PUBLIC AND PRIVATE.

A purchase is not the payment of a debt.
posted by empath at 12:21 PM on October 27, 2014 [1 favorite]

I didn't think you were being snarky; i read it as your honest take.
posted by lodurr at 12:22 PM on October 27, 2014

Apple Pay / Google Wallet and MCX are both more alike than they are different. Both are basically bolted-on authentication/authorization layers on top of other payment networks. The NFC vs. scanned-barcode stuff is UI candy, basically. NFC is more elegant, the barcode stuff looks like a hack, but either one could work provided it's implemented well. (And either one could work using the other method if you wanted it to.)

That's not really the hard part of building a workable system. The difficult part is actually moving the money around.

MCX is built on top of ACH, which was originally designed for processing checks and really doesn't have any security safeguards built into it. If someone gets your account number and your bank routing number, they can suck money out of your account. All you can do is notice it and get the transaction reversed within 60 days; if you don't, well, too bad for you. Presumably — unless the developers behind MCX are very stupid — they're going to protect your ACH credentials internally and either pass through each POS transaction as a separate ACH transaction, or they aggregate multiple POS transactions together and then hit your checking account via ACH once every so often. (I'm curious which route they take; the first is probably the simplest, but the latter results in the least amount of transaction fees.) This is basically what Paypal does, so they are not exactly breaking new ground or anything. And I'd be as hesitant to sign up for their service as I am to give Paypal my checking-account information, which is to say it'll be a goddamn cold day in hell.

Apple Pay and Google both basically live on top of the credit card networks, because once you authorize a payment, they use a stored credit card to go ahead and charge you for whatever you just authorized. There's nothing wrong with that, but since it doesn't cut the credit card companies or their network out of the equation, there's still a hefty multiple-percent charge that somebody is going to end up paying. And presumably Google/Apple want to make some money on the deal too, so they're going to add on their own fees.

Apple/Google's methods fix some of the problems of credit cards (stupendously insecure, i.e. anyone with numbers on card can make transactions), which is nice if you're a consumer in the short run. But in the longer run it lets the credit card companies continue to charge their huge percentage for doing even less than they are doing right now. It doesn't seem like much of a threat to their lazy, sclerotic business model.

Although I don't really plan on signing up for MCX, it's more interesting to me because it seems to take aim at the CC companies more directly. If that started to gain traction, I think it would force a response (moving to chip+PIN faster, maybe; I'm not holding my breath for real giro) from the companies who own, and can actually fix, the payment networks themselves, which is the better solution than a bolted-on layer.
posted by Kadin2048 at 12:22 PM on October 27, 2014 [6 favorites]

But there are also costs associated with non-cash payments, many of which disproportionately affect low-income individuals.

There are costs associated with cash payments, which also disproportionately affect low-income individuals:

• Cash is harder to store securely
• Credit card use (particularly use of cash-back or rewards plans) increases costs for most products (with a few exceptions), regardless of whether the buyer uses cash or credit
• There are no "charge-backs" on cash; a buyer cannot easily put a hold on further transactions with his or her money, if problems arise
posted by a lungful of dragon at 12:25 PM on October 27, 2014 [1 favorite]

ApplePay and Accessibility
posted by Thorzdad at 12:29 PM on October 27, 2014 [2 favorites]

That's pretty cool.
posted by a lungful of dragon at 12:30 PM on October 27, 2014

So has anyone here actually paid for something with their phone? Or seen anyone do that? Or known anyone?

I keep reading about it but I've never actually seen a cash register that says it accepts NFC payments out in the wild.

Look for a box on top of the credit card scanner with a sort of wave symbol on it.

I've used it a ton, it's actually great and sort of addictive.
posted by selfnoise at 12:30 PM on October 27, 2014 [1 favorite]

Finally, some alternatives to the tedious process of swiping my credit card. That can take almost 10 seconds sometimes!
posted by straight at 12:30 PM on October 27, 2014 [3 favorites]

So has anyone here actually paid for something with their phone? Or seen anyone do that? Or known anyone?

I have seen some registers around with signs on them that say they accept Google Wallet, but I have never tried to use it. (My old phone had Google Wallet blocked courtesy of the cellular company, and I haven't set it up on the new phone.) Have never seen anyone use it either.

I don't really want to be "that guy" who holds up the entire line while the cashier figures out this crazy cellphone-payment thing works. Maybe I'll give it a shot sometime though, for science.
posted by Kadin2048 at 12:31 PM on October 27, 2014

Can we back up a second and ask again what the problem with cash is that we're trying to solve with this phone/account/app/network/qr code/tokens/fraud detectors/chip/pin/readers arrangement?

That's easy. When I buy my $2.34 cup of coffee at Starbucks in cash, if I don't leave the 66 cents in the tip jar I look like a huge asshole. With electronic payments, I save 28%!
posted by rtimmel at 12:32 PM on October 27, 2014 [10 favorites]

Is this something I would need a telephone to understand?
posted by LizBoBiz at 12:32 PM on October 27, 2014 [3 favorites]

So has anyone here actually paid for something with their phone? Or seen anyone do that? Or known anyone?

I've used Apple Pay several times now. It's incredibly easy and convenient, and the register jockey who was 20 years younger than me looked at me like I was a wizard.
posted by entropicamericana at 12:33 PM on October 27, 2014 [4 favorites]

A purchase is not the payment of a debt.

But most of the above examples invoke restaurants, which conventionally charge after a meal has been consumed, and is thus a debt.

I don't really want to be "that guy" who holds up the entire line while the cashier figures out this crazy cellphone-payment thing works. Maybe I'll give it a shot sometime though, for science.

Sounds like you're off the hook for a bit.
posted by ChurchHatesTucker at 12:33 PM on October 27, 2014

The cashier generally isn't involved, the terminal does everything. I live in the sticks and nobody has ever batted an eye when I do it, so I think they must get some training from the mothership.
posted by selfnoise at 12:36 PM on October 27, 2014 [1 favorite]

"My old phone had Google Wallet blocked courtesy of the cellular company, and I haven't set it up on the new phone."

Yeah, that's the cellular company saying 'fuck, even though we don't have a competing service, no way were going to allow google/apple to let consumers use their service, because as some point we're going to try to lock our customers into using our phones as payment devices'.

Ugh.
posted by el io at 12:36 PM on October 27, 2014 [1 favorite]

Ugh. Apple has been going downhill IMO. I've been nearly Mac exclusive since 1995 as it completely dominates my business industry. Seems to me like all these divergent directions Apple is going is just going to open up Mac OS to more and more malware, scammers, viruses, etc.

I don't understand how Apple implementing a payment system standard in their mobile phone OS is going to somehow decrease the security of their desktop OS. I suppose you could make an argument that they're spreading their resources too thin, but we're talking about a six hundred billion dollar company here. Apple could develop five more variants of Darwin for new platforms and still have enough money and engineers to look after OS X just fine. You can bemoan the design changes introduced since Jobs' death/Forstall's departure or whatever, but spreading FUD about the fundamentals of the OS is just … spreading FUD.
posted by spitefulcrow at 12:42 PM on October 27, 2014 [11 favorites]

But most of the above examples invoke restaurants, which conventionally charge after a meal has been consumed, and is thus a debt.

I'm not sure how a no-cash rule would work in that case. If you only have cash to pay, what is the restaurant going to do, call the cops? I guess the worst they could do is ban you from the restaurant.
posted by grouse at 12:42 PM on October 27, 2014 [1 favorite]

If you only have cash to pay, what is the restaurant going to do, call the cops?

Just bluffing about the legitimacy of a no-cash policy is probably enough to achieve 95% compliance. As soon as the server starts with "well, I dunno, lemme ask my manager" I'm going to be pulling out my card just to get it over with.
posted by mullacc at 12:53 PM on October 27, 2014

Apple/Google's methods fix some of the problems of credit cards (stupendously insecure, i.e. anyone with numbers on card can make transactions), which is nice if you're a consumer in the short run. But in the longer run it lets the credit card companies continue to charge their huge percentage for doing even less than they are doing right now. It doesn't seem like much of a threat to their lazy, sclerotic business model.

Right, but presumably when people begin relying on Apple or Google for their transactions, they can move to cut out the middleman.
posted by leotrotsky at 12:56 PM on October 27, 2014 [1 favorite]

Apple Pay and accessibility.
posted by entropicamericana at 12:58 PM on October 27, 2014 [1 favorite]

But most of the above examples invoke restaurants, which conventionally charge after a meal has been consumed, and is thus a debt.

Regardless of whether or not a restaurant bill is a debt or not, there is no law that requires a business to accept cash. Currency is legal tender for all debts, public and private, but that just means that the government has 'approved' this currency as the standard bearer of value. It doesn't imply a requirement that you have to accept it.

Read what the Treasury says about it.
posted by nerdler at 12:59 PM on October 27, 2014 [3 favorites]

I use Google Wallet pretty much daily. It is in fact faster than digging out the card I want to use, rarely has any kind of trouble, keeps the retailer from getting my real card number, and confuses the shit out of cashiers a good percentage of the time. Or did, anyway, before Apple Pay.

When they look at me funny, I tell them to hit the credit button, and all is well.
posted by wierdo at 12:59 PM on October 27, 2014 [2 favorites]

Read what the Treasury says about it.

About restaurants? Not much.

The question isn't whether businesses can say "no cash" up front, it's whether they can refuse cash for a debt (and if they can, are you obligated to get a PayPal account or whatever?)
posted by ChurchHatesTucker at 1:04 PM on October 27, 2014 [1 favorite]

So has anyone here actually paid for something with their phone?

I've been using NFC payments for YEARS. Initially, I had an Amex Blue card with an embedded RFID chip. (They call it ExpressPay, but it's just NFC)

More recently, I've used a Discover ZIP, which is a sticker that I attached to my keychain, and for the last few months, a Motorola phone with G-wallet. The ZIP device is by far the most convenient (though the somewhat limited number of retailers that take Discover makes it a little less so).

To the cashier, it's exactly the same as a swiped credit card... because to the credit-card terminal, it's just a different method of getting the PAN (account number and associated data) from the card to the terminal.

To the consumer, it's a whole lot easier to pay one-handed (while juggling a baby, perhaps). My Amex card was on the outside slot of a leather wallet, and I could just place the entire wallet on the reader -- no problem. The ZIP lets me just dangle my keychain on the reader and wait for the beep. It's kind of annoying that retailers where I've been using this method for some time (hello CVS) have decided to disable it because of Apple.

I pay for most purchases with a credit card and use the reward points. My banks all offer zero-liability on fraud (and yes, my cards get stolen/hacked/skimmed periodically), and I pay my bill completely every month so I don't pay interest. While I definitely see the privacy point of living an all- or mostly- cash existence. I rather like the convenience, and I like the free money (or travel) that the reward points give me.
posted by toxic at 1:11 PM on October 27, 2014 [1 favorite]

So has anyone here actually paid for something with their phone? Or seen anyone do that? Or known anyone?
I set up Apple Pay last week. I used it at Walgreen's after asking if it would work. I didn't understand the answer the cashier gave, but I tried it anyway. I still had to hit all the same buttons on the receiver/swiper as I do when I use my debit card. It worked well.

I tried to use it at Panera and the only open register wasn't hooked up to any card-swiper, but all the other registers had them. It wasn't my usual Panera. I don't think my usual one has any customer facing swipers right now, but I will ask them next time I am there and they are not busy.

I tried to use it at Target at Food Avenue (or whatever it is called now). The cashiers didn't know what I was talking about. They asked me several questions, including if it was exclusive to Target. I told them it just came out, but had been announced in September. Then I used my debit card.

I won't be going anywhere without my cards any time soon. I won't pull them out unless it fails, though.
posted by soelo at 1:16 PM on October 27, 2014

About restaurants? Not much.

The question isn't whether businesses can say "no cash" up front, it's whether they can refuse cash for a debt (and if they can, are you obligated to get a PayPal account or whatever?)

"There is, however, no Federal statute mandating that a private business, a person or an organization must accept currency or coins as for payment for goods and/or services. Private businesses are free to develop their own policies on whether or not to accept cash unless there is a State law which says otherwise."

Seems pretty clear to me.
posted by nerdler at 1:18 PM on October 27, 2014

As a sidenote, it's worth noting that there are three major networks for consumer transactions in the US:

ACH - originally designed for electronic check clearing between banks, but does POS transactions (sorta) due to the Check 21 act. Very little security by modern standards, all you need is the ABA routing/transit number and account number to initiate transactions
Credit cards - which really is comprised of four networks: Visa, Mastercard, Amexco, and Discover, although from the consumer's perspective they all work the same way, and can be thought of as the "signature networks"
EFTPOS - the umbrella term for the ATM networks (Star, NYCE, Pulse, etc.) which started off as a way to let you pull money from another bank's ATMs but let you do POS transactions via card+PIN as well

Personally, I would like to see EFTPOS get more use, since it's better than the other two by virtue of being developed more recently. That would intrigue me much more than yet another bolted-on layer sitting on top of either ACH or the CC networks, a la Paypal, Google Wallet, or Apple Pay.

My big issue with EFTPOS is that, in all current uses, it drafts money from a checking account. But there's no fundamental reason why you couldn't have it draw from a credit account (negative balance) instead of a checking account (positive balance). The bank giving you the underlying line of credit really shouldn't care how you spend it. But EFTPOS has become synonymous with "debit" and the signature networks synonymous with "credit" even though you can do debit transactions over signature networks (happens all the time — those ATM cards with Visa / MC logos) and there's no reason why you couldn't do the reverse.

I'd love to take my credit account, pair it with an EFTPOS-only card (i.e. no Visa/MC logo, just a traditional "ATM card") and use it for card+PIN transactions.

The only problem with this is virtual transactions, e.g. Internet, phone, or mail-order, where you can't physically input a PIN into a console. But you get that with all card+PIN or chip+PIN systems.
posted by Kadin2048 at 1:25 PM on October 27, 2014 [2 favorites]

Seems pretty clear to me.

Depends on whether I'm offering an exchange or trying to collect a debt.

Obviously I can offer my services in hogsheads, and you can accept or decline. Nothing has been exchanged if we can't come to an arrangement.

The question is, if I've eaten at your restaurant, can you demand I pay in hogsheads? I don't have any. Will cash do?
posted by ChurchHatesTucker at 1:28 PM on October 27, 2014 [1 favorite]

The question is, if I've eaten at your restaurant, can you demand I pay in hogsheads? I don't have any. Will cash do?

Where are these restaurants that don't accept cash?
posted by empath at 1:37 PM on October 27, 2014

CurrentC - You mean I can use a mobile payments system created by the same industry that designs UIs for ATMs? Where do I sign up?
posted by RobotVoodooPower at 1:46 PM on October 27, 2014

Where are these restaurants that don't accept cash?

Libertarian World. The restaurants there only accept hand struck artisanal silver coinage, however the pot-pie and strawberry shortcake are good.
posted by mikelieman at 1:46 PM on October 27, 2014 [1 favorite]

There is, however, no Federal statute mandating that a private business, a person or an organization must accept currency or coins as for payment for goods and/or services.

In the restaurant example, the customer is using credit as payment for goods/services. Now there is a debt with the restaurant being the creditor. A creditor must accept legal tender to satisfy the debt. But the creditor can impose some limitations on how, when and where it will accept the cash. Ultimately, the restaurant is going to get around any legal technicalities by posting a "No Cash" sign on the menu or next to the health inspection certificate.

Where are these restaurants that don't accept cash?

Further up in the thread.
posted by mullacc at 1:48 PM on October 27, 2014 [1 favorite]

The only restaurants I've ever seen enforcing a no-cash rule are high-volume counter service places. They're not extending you credit for the food you've eaten; you pay first.
posted by Kadin2048 at 1:49 PM on October 27, 2014

Further up in the thread.

Give me a specific example of a restaurant that doesn't accept cash. All I saw was stuff like airlines and resorts.
posted by empath at 1:51 PM on October 27, 2014

The question is, if I've eaten at your restaurant, can you demand I pay in hogsheads? I don't have any. Will cash do?

Yes, you can demand payment in whatever form you want, as long as you don't violate any statutes involving creating your own currency and passing it off as 'dollars'. If a customer walks in, sits down and orders, they've agreed to any payment stipulations.
posted by nerdler at 1:54 PM on October 27, 2014

Give me a specific example of a restaurant that doesn't accept cash.

Here you go.
posted by nerdler at 1:57 PM on October 27, 2014

Star, NYCE, Pulse, etc.

Star is owned by First Data, Pulse is owned by Discover and NYCE is owned by Fidelity National Information Services. All these companies already work within the Visa/MA stronghold. Maybe they could go rouge but I doubt it would mean lower fees in the system. Perhaps the tech is better though?
posted by mullacc at 2:00 PM on October 27, 2014

If a customer walks in, sits down and orders, they've agreed to any payment stipulations.

So if you refuse to take cash after they've eaten, and they refuse to pay with a credit card, you can take them to small claims court where they can pay you in cash. Or I guess you can call the cops, but they're just going to tell you to take the money.

I don't think a 'no-cash' policy is enforceable for anything where the service is provided before payment.
posted by empath at 2:01 PM on October 27, 2014 [1 favorite]

Give me a specific example of a restaurant that doesn't accept cash. All I saw was stuff like airlines and resorts.

There's one buried in roomthreeseventeen's NYT link and octothorpe claimed to know some too. You go find the details and report back to us.
posted by mullacc at 2:02 PM on October 27, 2014

If a customer walks in, sits down and orders, they've agreed to any payment stipulations.

That's pretty much conceding the argument. If no stipulation is made then cash must be accepted. Then the question just becomes whether or not the restaurant sufficiently communicated the stipulation.
posted by mullacc at 2:05 PM on October 27, 2014

Can we maybe take the cash-at-restaurants derail offline?
posted by Thorzdad at 2:08 PM on October 27, 2014 [15 favorites]

My husband has been using Google Wallet for months, and I was getting envious until Apple Pay came out. So, now I'll be moving my prescription from CVS to Duane Reade.
posted by antinomia at 2:19 PM on October 27, 2014

Esteemed Offendi: "Those who cannot remember the CueCat are condemned to repeat it."

And you can still purchase one from LibraryThing.
posted by jgaiser at 2:23 PM on October 27, 2014 [3 favorites]

I don't think the discussion about accepting cash is a derail. The issue is payment systems and early comments were suggesting using cash as an alternative. I don't see anything wrong with discussing the problematic elements, current and future, of using cash.
posted by cashman at 2:24 PM on October 27, 2014 [3 favorites]

Boy, did I pick the wrong username to have that look unbiased.
posted by cashman at 2:25 PM on October 27, 2014 [45 favorites]

now I'll be moving my prescription from CVS to Duane Reade

If it comes up, be sure to tell them why.
posted by aramaic at 2:27 PM on October 27, 2014

toxic: "More recently, I've used a Discover ZIP, which is a sticker that I attached to my keychain"

Wow. I've been a Discover Card user since the early 2000s and I have never heard of this product. After a few minutes' research on their site I'm not sure how you ever heard of this product.

- I went to Discover's main site. Checked out 'all products and services' - couldn't find it mentioned, even with a search of the page.
- I logged in to my account. Again, no mention, even with a search of the page.
- I used the search function on their site. While it did find it, the first words I saw were "Did you mean: zap"

It's mind-boggling. It's as if they don't want you to know about a product that they started rolling out in 2010. Just astounding.

Unfortunately I checked the "Where can I use Zip?" link and found a short list of retailers, none of whom I have visited in the past several months, and many of whom aren't even in my general metro area.

In short, toxic, it's like you raised my hopes and then Discover Card did their best to dash them back down.
posted by komara at 2:34 PM on October 27, 2014 [4 favorites]

I'll write about this what I wrote elsewhere.

MCX is definitely greedy, short-sighted, and stupid, but Apple Pay also put them in a bind. Because if a customer has set up Apple Pay and a merchant is set up to accept it, there is zero chance that the customer will ever use CurrentC. Not "very low," but "exactly zero."

Even in a scenario where you were a customer who is equally willing to use either Apple Pay or CurrentC, and the merchant is set up to accept either. Consider how it works: You pull out your phone at the checkout counter. You think "hmm, should I pay with Apple Pay or CurrentC?" (OK, I know you don't really think that, humor me). Your iPhone is already showing you your Apple Pay payment option, and as soon as you touch your thumb on the home button, you've paid. I don't think there's any way around using Apple Pay in this scenario, short of :

1. Stepping away from the NFC scanner.
2. Activating your phone and manually disabling Apple Pay.
3. Returning to the NFC scanner and proceeding with the CurrentC QR-code-scanning song and dance.

Short of that, there is technologically no place that MCX can get their foot in the door there.
posted by adamrice at 2:43 PM on October 27, 2014 [6 favorites]

Unfortunately I checked the "Where can I use Zip?" link and found a short list of retailers, none of whom I have visited in the past several months

It works at many many more places than are shown. If a retailer has an NFC-enabled terminal and accepts Discover, then it will work fine.
posted by toxic at 2:43 PM on October 27, 2014

You guys might be interested in Hong Kong's Octopus Card.
posted by I-baLL at 2:57 PM on October 27, 2014

Until portable NFC/EMV POS devices become ubiquitous I have little use for NFC anything. Most of my physical purchases tend to be in places where I hand a card over to someone and they process it. Yes, a lot of it happens in restaurants, bars and other places where the POS is out of my reach.

I'm not handing over my phone, even if that would have worked without my needing to use a PIN or thumbprint.

The Discover Zip, Google Wallet's card option, and HK's Octopus (I still have mine from 2000! It has, like, six bucks) are much better. The Zip could stick to any device or thing (like a keychain mentioned above) and the GW and Octopus card are in credit card form factor, making these Tap (and optional PIN) solutions without the need of a phone.

If you have a smartphone on you with the mobile site or app, you can certainly enhance your spending ability by being able to select the funding source, but otherwise, I honestly don't see the point of this having to be part of a device without a non-power option. I really don't want something that won't work when my phone is dead.
posted by linux at 3:03 PM on October 27, 2014

I don't think the discussion about accepting cash is a derail.

It's not. If there was a derail it was the folks who came into a thread about a new way to pay and said, "What's wrong with this antiquated method of commerce?" It's sort of like a lightbulb thread where people keep insisting candles are just fine.

Restaurants aside I've found plenty of places that where maybe it's possible to pay cash it isn't common and might land you in trouble. Hotels? Can you pay cash? Cars? Good luck with that.

I've decided I am done with credit cards. I would like to be done with cash for the most part as well. This is why an alternative is highly attractive to me. The idea of CurrentC isn't going to get me to give up either. Apple Pay? Who knows? Maybe.

I see it sort of like cable a decade back. I'd decided I was done with those guys. I seriously got to a point where I preferred no product to the product that was offered. Only in the last few years have those offering content begun to catch up with the way people want to consume it.
posted by cjorgensen at 3:17 PM on October 27, 2014

Until portable NFC/EMV POS devices become ubiquitous

In bars and some restaurants in Canada, I have noticed that the POS device is often brought to the bar, counter or table. I suspect this is something that will slowly trickle down south of the border as the US begins to modernize its payment systems to take advantage of Apple Pay and other systems.
posted by a lungful of dragon at 3:19 PM on October 27, 2014

Banks love Apple Pay: Wells Fargo offering $10-$20 credits just for trying Apple Pay.

Looks like it'll be banks and customers lining up against retailers.

And the retailers are pushing a technically inferior product that is also less convenient and ridiculously subject to fraud.

And they require the customer to first surrender their driver's license and social security number (to be stored "safely in the cloud").

I don't think so.
posted by RedOrGreen at 3:49 PM on October 27, 2014 [6 favorites]

I just called Discover Card and asked for a Zip and was told that they no longer offer that service. That might explain why I couldn't find anything about it on their website.
posted by komara at 3:52 PM on October 27, 2014

Until portable NFC/EMV POS devices become ubiquitous I have little use for NFC anything. Most of my physical purchases tend to be in places where I hand a card over to someone and they process it

In Europe pretty much every restaurant has handheld wireless card readers that the waitstaff carries to your table when it's time for you to pay. In fact I believe there's a EU law that forbids them from taking your card out of your sight for processing. That's a big part of how EMV works; if you had to tell everyone your PIN it would undermine the whole system. So when they're adding support for EMV, which new US legislation strongly encourages, they have to either have portable gizmos, or put them somewhere that customers can poke and prod at them themselves. Either way is also suitable for NFC payment.

It's for sure true that lots of business haven't upgraded yet, but yeah, nobody's going to do NFC processing in the back room or anything, because you're right, that's ridiculous.
posted by aubilenon at 3:53 PM on October 27, 2014

So is it true that ApplePay/Google Wallet tokens are truly unique and anonymous?

If that's the case, it seems pretty clear that CurrentC is some combination of last-ditch-effort to maintain customer analytics and an attempt at a bargaining chip to force a new standard that allows consumer tracking.

No chance in hell these retailers can afford to give up that sweet, sweet purchasing data.
posted by graphnerd at 4:40 PM on October 27, 2014 [1 favorite]

So is it true that ApplePay/Google Wallet tokens are truly unique and anonymous?

From the retailer's perspective? Yep.
posted by Talez at 4:47 PM on October 27, 2014 [1 favorite]

Yeah, so that's definitely what this is about. Well, that and taking back the 2-3% from credit cards.
posted by graphnerd at 4:52 PM on October 27, 2014 [1 favorite]

Except that in the US Chip & PIN is being implemented with a mag stripe. So, there's no need to tell anyone your PIN.

What? This is so stupid that I had to look it up to believe it. Is this going to do anything at all to make fraud more difficult?
posted by aubilenon at 4:53 PM on October 27, 2014 [2 favorites]

Yeah, I have chip and pin with my credit card because I travel to Europe a lot, and the only place I've found in NYC that takes it is my optometrist, and they don't ask for a pin, just a signature. And, I don't know that much about security, but I've been told by those who do that this implementation is not secure. And certainly if it allows restaurants to still take your card out of your hand what's the point?
posted by antinomia at 4:54 PM on October 27, 2014

I know that at my first employer they would throw out reams of credit card data with full numbers and addresses in the trash. Chuck E Cheese. Now there is no reason to store credit card data at all unless you're a financial institution. And you aren't really allowed to do it for the most part (PCI). Doesn't mean people don't violate it, like their terminal is down so they offer to gather your info and use it later. Two mom and pops offered that to me in the past year. Noooo. But a "CC only" establishment is refusing cash for security reasons and disinclined to violate PCI.

I want Apple to block the app but also like the idea of allowing it for a month or two, followed by a scathing ad campaign from Apple on usability. They banned us so they could make you use something worse. Install the free "Fuck those guys" app to ensure you are notified during a GPS search or while parking where alternatives are.

Then find a token security hole and block it forever after another snarky ad
posted by aydeejones at 4:57 PM on October 27, 2014 [1 favorite]

Ferreous: Considering how badly the interface for checkout using a credit card at walgreens/cvs is already, it doesn't surprise me that they'd be upping their shitty checkout game to new levels.

Ignoring the fact that walgreens is fine with apple pay and on board, holy shit do they have the fucking WORST checkout process. I swear, it takes like 9 taps on their shitty card terminal to actually just be able to pay and leave. I joked around about it with one of their cashiers once.

But, the best time, and the reason i even posted about it at all, is when i was in there and there was only one cashier and like 10 people in line. The dude was REACHING AROUND THE THING to tap cancel to every stupid "do you want to donate to charity? select an amount" type spam thing that pops up and just speed-blast people through to the "is this amount ok?" screen. Another time i overheard one of the long time cashiers telling a new cashier "oh yea, a lot of people tap the donate to charity thing when they want cash back and then freak out. if someone taps that, just assume they don't really want to do it and void out the transaction. i've never, ever had anyone go "wait i wanted that!" they get mad 100% of the time because they ALWAYS wanted cash back, and some idiot designed that screen to look like the cash back screen".

I don't even know what this says, other than not even their own employees have any faith in their terrible fucking system that seems like it was designed in a windowless room without any "focus group testing" or anything even. They just keep adding more and more screens to their inane turdmachine making it slower and slower and more and more confusing. It makes the worst self checkout kiosks seem like a formula 1 pitstop.

el io: One problem with tokenized payments (one time credit cards that are good for the single purchase) is that they tend to fuck with fraud detection systems. Each time you make a credit card purchase, your purchase is goes through a hugely complicated set of analysis to determine if its a fraudulent purchase (do you ever buy diamonds? is your purchase in the same city it normally is in? is it a small transaction that looks like a 'test' transaction that frauders use, etc, etc). If your 'token' (one time credit card) is generated each time, all these systems get bypassed.

No they... don't? I work on card systems, and this was immediately obvious to me.

The bank still knows "this card was charged", it's just the retailer that doesn't. They also know where the card was charged, obviously. Every system in place that can tell that i didn't just buy 400 gallons of gas in florida when i'm asleep in seattle, and just bought a gatorade at the mini mart an hour and a half ago is still in place and will work fine.

I mean, i'm probably repeating myself here, but lets look at how it works now:

1. i pull out card
2. store gets card info, sends it on to payment processor they contract with(or possibly themselves/corporate if they're big enough)
3. get auth from payment processor or bank(or bank, via payment processor, whatever, you get what i mean)
4. at the end of the day, it batches out and the bank actually sends the money through ach style to the payment processor(who forwards it on to...) or merchant.

With the New System:

1. i pull out phone
2. store gets token, handshake happens, bla bla bla. store never sees card number
3. payment processor/bank shuffle
4. at some point here, the bank has to go "ok this exchange happened with a token but it goes to 1234 card, alright"

And from step 4 on, it's no different than it was before. All you gain or lose here is the store having the card number. Nothing changes at the bank.

If i'm wrong here, which i really don't think i am, how?
posted by emptythought at 5:11 PM on October 27, 2014 [6 favorites]

Just to clarify, Google Wallet does not tokenize like Apple Pay does. It gives the retailer a 'fake' card number, but it is always the same. (It is different than the number on my Wallet Card, though) Perhaps that's why the MCX people didn't freak the fuck out about it but did with Apple Pay.
posted by wierdo at 5:34 PM on October 27, 2014 [2 favorites]

When I buy my $2.34 cup of coffee at Starbucks in cash
Funny you should mention this - we were in talks with Starbucks trying to figure out ways to streamline payment systems as well as to enhance the personal connection of buying a cup of coffee. People tend to be creatures of habit and very often get the same thing, so they were considering offering a ceramic mug with an RFID chip in the base. When you present your cup, it would look up your mug ID and present the barista with a view of your last n orders and they have the opportunity to say, "Good to see you again Mr. Plinth (not that I would ever drink coffee, this is just an example), would you like your usual double short frappalicious mocha hershey squirt (not an actual Starbuck's drink. I think)?" You get your coffee, put the mug down by the register and the payment happens on PIN entry.
posted by plinth at 5:35 PM on October 27, 2014

The more I think about this, the more I'm convincined that this is entirely a gambit to try to pressure Apple into handing over a unique identifier for each purchaser during checkout.

Is there anyway to pressure Apple into not doing this? Or are they (and Google) in a strong enough position to resist on their own? Do they really have any incentive to resist?
posted by graphnerd at 9:22 AM on October 28

and if there's one thing with a history of success, it's corporate gambits to convince Apple to give away customers' identifying personal data
posted by DoctorFedora at 5:44 PM on October 27, 2014 [5 favorites]

> Perhaps that's why the MCX people didn't freak the fuck out about it but did with Apple Pay.

Or maybe Apple wasn't as willing to meet them halfway w/r/t sharing purchaser information as Google might've been.

> [Walgreens' checkout system] seems like it was designed in a windowless room without any "focus group testing" or anything even.

More likely it was intentionally designed to be misleading. This is one of the definitive UI dark patterns.
posted by ardgedee at 5:49 PM on October 27, 2014 [1 favorite]

I love the irony of people suggesting that Apple blocking an app is the best response to this, because fuck consumers right, they shouldn't have an option to choose. A pox on both their anti-competitive lockin-consumers-so-they-have-no-choice houses.
posted by Poldo at 6:08 PM on October 27, 2014 [3 favorites]

Please, the preferred nomenclature is "handcrafted currency."

"Artisanal specie"
posted by Rock Steady at 6:27 PM on October 27, 2014 [2 favorites]

graphnerd: The more I think about this, the more I'm convincined that this is entirely a gambit to try to pressure Apple into handing over a unique identifier for each purchaser during checkout.

Is there anyway to pressure Apple into not doing this? Or are they (and Google) in a strong enough position to resist on their own? Do they really have any incentive to resist?

The fact that any of this has gone on is proof that they're in a strong enough position. It's the equivalent of the bully not even holding up his fist, just turning around, and the other person flinching.

They have no reason to change here. Stores can still have rewards cards, or ask you to punch in your phone number, or have the cashier ask you for an email to send your receipt, or whatever. That's all outside of apple pay and the customer can still go "yea, nah".

I saw the same thing as you, with that gambit, but i'm betting apple is just going to laugh until they cave in just like they did with music DRM and a decent sized stack of other things they won on just by printing money until the other side relented and said "yea, ok, fine, we want money too".

So yea, if this is a gambit like that(which i agree, it seems like it is), it's the equivalent of a little kid saying he's going to hold his breath forever unless he gets what he wants.

ardgedee: More likely it was intentionally designed to be misleading. This is one of the definitive UI dark patterns.

I'm familiar with that, but have you like, used it? It's not confusing in some "trick you in to clicking yes" way, it's just plain confusing. It's just as easy to not do the thing they'd want you to. It's not big yes button tiny no button or anything, it's just shit.

I've seen ones that are the kind of thing you describe, where it tricks you in to signing up for the newsletter or whatever right on the POS. But this isn't that, and it changes seemingly every couple months in to something even more grotesque with more steps.

And if it is a dark pattern it's a stupid one, because the "no" button doesn't move, which leads to people often just mashing no until they cancel everything including the transaction. I noticed recently the final "are you sure" screen had actually shifted the buttons to avoid this. Doesn't solve the problem of it taking like 3-4 seconds to load each screen, though.

Poldo: I love the irony of people suggesting that Apple blocking an app is the best response to this, because fuck consumers right, they shouldn't have an option to choose. A pox on both their anti-competitive lockin-consumers-so-they-have-no-choice houses.

To hit this ball from a different angle, i bet they're afraid to ban this for antitrust reasons. They already got completely fucked by amazon on the ebook thing, and they're getting to the point perceptually that microsoft was at in the late 90s. Even if they aren't numerically dominating the market, they're dominating the mindshare of the market... and congress is fucking stupid. Whether it would be by court, or some congressional inquiry, i bet they're scared shitless of getting reamed over apple pay right now. A lot of people, including your average politician, are too dumb to realize that a samsung android phone and an HTC android phone or whatever aren't the same difference as like, a honda and a toyota. Whereas every tv commercial that shows a phone has an iphone in it. So even if there's more android phones out there, people see it as a bunch of different brands and not in the same way that people see that HP and Dell both make PCs that run windows. I think the silly custom skins help with this.

This thing is DOA. They'll absolutely allow it, and it's already up. Banning it would be madness and you can bet all these huge companies would make an enormous fucking stink about it and cry monopoly and shit. And the absolute snakiest tactics would come up to support their point. The DOJ would be on them in a second.

I can also almost guarantee that the next assault on apple is going to use that "but look at all these different brands!" angle.
posted by emptythought at 6:34 PM on October 27, 2014 [1 favorite]

They have no reason to change here. Stores can still have rewards cards, or ask you to punch in your phone number, or have the cashier ask you for an email to send your receipt, or whatever. That's all outside of apple pay and the customer can still go "yea, nah".

I hope that's the case. But does Apple Pay really benefit Apple if Target, Walmart, and Lowes don't accept it? I mean, there's the argument that they have nothing to lose, since they're selling at least as much the idea of Apple Pay as the reality, but I'm not totally sold.

If I were Tim Cook, I'd be tempted to say "okay, we'll give you user IDs, and you kick back .25% on transactions". Apple gets a windfall, retailers save a few billion on processing fees, and consumers probably don't realize enough to give a shit. Right?
posted by graphnerd at 6:42 PM on October 27, 2014

Can we back up a second and ask again what the problem with cash is that we're trying to solve with this phone/account/app/network/qr code/tokens/fraud detectors/chip/pin/readers arrangement?

I don't really understand this either. Admittedly I'm in the dumbphone set, so I have a certain bias, but at some point it just starts to look like technology for its own sake. I worked at Starbucks and I can tell you it really doesn't take quicker to ring someone up scanning their barcode with the app thing, vs. using a credit/debit card. Even cash doesn't take noticeably longer unless you're paying for a purchase of $9.01 with ten Sacajawea dollars.
posted by threeants at 6:44 PM on October 27, 2014

And what I really mean to say is that retailers seem to have a lot to lose by accepting Apple Pay, and very little to gain. Not being able to track consumer purchases has got to be a real, measurable accounting loss almost certainly larger than the processing fees from Visa.

So if I'm Roger Depot (the inventor of Home Depot, of course), why would I let my customers pay without my ability to track them? It's a serious loss, and it needs to be offset somehow.
posted by graphnerd at 6:52 PM on October 27, 2014 [1 favorite]

I prefer to pay with credit rather than cash because

1.) I lose track of how much cash I have on hand and whether it's enough, or sometimes I lose it outright
2.) I find it extremely inconvenient to constantly have to go out of my way to acquire more cash should I need it
3.) Tracking purchases and receipts for tax and budget purposes is much harder with cash

If I happen to misplace a credit card, I can cancel it and still have all of my money. It does not require extra errands of me. I can bring my credit card into a store with the confidence that I'm not going to be $2.73 short for that thing because I thought I had a five but it was in the pocket of my other pants.

If you are a perfectly organized person with a predictable set of routines then perhaps there is no net benefit for you. For someone a little distracted and harried, credit saves a whole lot of mental juggling around money and logistics.
posted by Andrhia at 6:54 PM on October 27, 2014 [6 favorites]

Can we back up a second and ask again what the problem with cash is that we're trying to solve with this phone/account/app/network/qr code/tokens/fraud detectors/chip/pin/readers arrangement?

I don't really understand this either. Admittedly I'm in the dumbphone set, so I have a certain bias, but at some point it just starts to look like technology for its own sake. I worked at Starbucks and I can tell you it really doesn't take quicker to ring someone up scanning their barcode with the app thing, vs. using a credit/debit card. Even cash doesn't take noticeably longer unless you're paying for a purchase of $9.01 with ten Sacajawea dollars.

Leaving the cash-vs-credit thing out of it, the new NFC systems have a significant security advantage over traditional magstripe credit cards. With old-school cards, the card stripe contains all of the information needed to authorize a transaction with the issuer, and it contains it in a static form that can be stolen with a card skimmer and replayed at will by malicious actors. Chip-and-PIN (or chip-and-signature) cards add another layer to this by having active circuitry inside the card chip that issues a one-time cryptographic signature authorizing the transaction (whether the transaction is carried out online against the issuing bank at this time or offline later, this still happens), so in regions that have switched over to chip cards, just stealing the credit card number and expiration date is insufficient to run arbitrary transactions against the card. NFC takes this a step further by never giving the primary account number to the merchant terminal in the first place. Instead, the phone and issuing bank agree on a temporary token that stands in for the card number when transactions are presented to the merchant and its bank. The cryptographic signatures are still generated as with chip-and-PIN cards. So if a data security breach happens against a merchant, the tokens for all accounts that were presented to that merchant can be revoked without having to issue new cards to all of the affected customers.

In the current day where magstripe skimmers are $50 and high-profile break-ins at large merchants happen monthly, all of these improvements are sorely overdue. I've worked on systems that process credit card payments, and trust me, none of this is "technology for its own sake". Visa and MC would not be throwing literally billions of dollars at these platforms just for a new shiny. They know they have a serious problem with data security, and these systems are a huge step towards addressing that.
posted by spitefulcrow at 7:22 PM on October 27, 2014 [3 favorites]

Can we back up a second and ask again what the problem with cash is that we're trying to solve with this phone/account/app/network/qr code/tokens/fraud detectors/chip/pin/readers arrangement?

I don't really understand this either. Admittedly I'm in the dumbphone set, so I have a certain bias, but at some point it just starts to look like technology for its own sake. I worked at Starbucks and I can tell you it really doesn't take quicker to ring someone up scanning their barcode with the app thing, vs. using a credit/debit card. Even cash doesn't take noticeably longer unless you're paying for a purchase of $9.01 with ten Sacajawea dollars.
posted by threeants at 10:44 AM on October 28

One of the big theoretical advantages of a token-based authentication thing like Apple Pay is that you basically get the upsides of credit/debit card use (don't have to count cash out, etc.) without any of the potential dangers (US credit/debit card use is based almost entirely on hoping everyone is 100% honest all the time).

The single-use token for authentication means that even if someone somehow intercepts the credit card identification number given to the store in place of the actual number on the card (because the processor knows where it should go), it won't be usable again, and the direct linking of this functionality with a fingerprint reader means that it's all but impossible for anyone you haven't entrusted your phone to to the point where you've registered their fingerprint with the reader.

And of course, in this particular setup, your sensitive data is stored only locally (so your actual credit card number is never sent over the internet, even, and your fingerprint data is only stored in a way that can be used to check "does this match?" instead of being able to reproduce a fingerprint from scratch — not that that's really a concern, because everything you own is covered in your fingerprints anyway).

That said, the US really, really needs laws like the EU appears to have, where you aren't allowed to take someone's credit/debit card out of their sight to run a transaction. That's just, like, jackiechan.gif levels of "why is this not incredibly obvious to everyone."
posted by DoctorFedora at 7:27 PM on October 27, 2014 [1 favorite]

Zounds! Beaten to the punch by seconds.
posted by DoctorFedora at 7:28 PM on October 27, 2014

there is absolutely zero chance that apple will cave on sharing data or profits with stores. they aren't the sort of company that backtracks on stuff like that. They'd rather it fail totally than give up a single bit of control.
posted by empath at 7:44 PM on October 27, 2014 [2 favorites]

I'm a little confused. I'm understanding merchants are not liking Apple Pay (if I'm reading all this correctly) because it prevents them from collecting data on individual's purchasing habits. Does this mean that merchants have a database to compare my debit card number to in order to know it is me making a purchase and thereby keeping a record of my purchase history? I know that I use a loyalty card at my local Kroger grocery store so it is certain they are keeping a record of what I purchase, but what about when I go to a CVS where I have no such loyalty card? Are they actually keeping a record of what I purchased there attached to my name whenever I use my debit card?
posted by sourwookie at 8:23 PM on October 27, 2014

On the one hand, this is exactly the kind of thing that will make contactless payments falter in the US. You need a single universal standard. The consumer shouldn't have to wonder which method they need to employ in which retail establishment.

On the other hand, I still remain far from convinced that Apple Pay / Google Wallet is better from a consumer perspective than paywave-enabled Visa, paypass-enabled MasterCard, etc. Since the credit card companies eat fraud charges, the extra security of the thumbprint (in the Apple Pay instance at least) doesn't seem to add much consumer-facing benefit. At the same time, loading credit cards onto a digital wallet seems to to create an extra layer of consumer fiddling (in Apple Pay - ensuring phone is charged, selecting the card, using the thumbprint which does not have a 100% accuracy rate, at least in my ipHone 5S experience). Versus an NFC-enabled credit card which just involves tapping the reader with a plastic card and walking away if it is a purchase <>$50 (or whatever thresholds you are set). Since I will have to carry my credit card for those places that do not have NFC readers anyway, the digital wallet also doesn't effectively lighten my load anyway.

Likewise, it's hard to see digital wallets replacing the NFC cards that are used in transit systems - who wants to be opening an app or selecting a card and using a thumbprint every time you get on the subway, rather than just slapping your entire wallet against the reader as you go through the turnstile?

So while I admire the digital wallet concept and long thought it would be really cool to have, now that I am admittedly confronted with the possibility of it actually becoming a reality in the next few years, it seems to have remarkably less advantages than I initially conceived.
posted by modernnomad at 8:26 PM on October 27, 2014

In Canada, in a restaurant, they typically the bring a gizmo to the table for you to pay. Most are 3G. In the early days, reception was awful and you might have to go to a corner (or outside!) to use it, but that all has been sorted out. Cheap restaurants might require you to go the the counter. Quite a few delivery guys bring a machine to your door too. They are always Chip-and-Pin, never tap-to-pay, because tap-to-pay would remove the ability to add a tip; chip-and-pin provides you with the ability to add a tip by percentage or dollars. Some machines will add a button for like 15, 17 or 20% as well to make it easier for the user to tag on a 'standard' tip.

So unless apple pay provides an ability to ask about a tip, restaurants won't use it.
posted by Bovine Love at 8:33 PM on October 27, 2014

Are they actually keeping a record of what I purchased there attached to my name whenever I use my debit card?

Yes. They absolutely are.

Many grocery stores (I'm most familiar with Albertson's-owned Jewel-Osco in the Chicago area, I'm sure there are others) have entirely phased-out loyalty programs, since they determined that it was easier to just track credit card numbers, which are a vast majority of purchases.

But that's only a tiny sliver of what's really happening. Little Rock-based Axciom exists almost solely as a mega corporation that associates card numbers with shopping histories. I'll let you guess why it has its headquarters in Arkansas.
posted by graphnerd at 8:34 PM on October 27, 2014 [2 favorites]

I'd be surprised if they weren't searching for patterns in the data to make links between different credit cards or cash purchases likely being from the same person, as well.
posted by vibratory manner of working at 8:40 PM on October 27, 2014

Wait--does that mean these large retailers have their own merchant services (Credit card processing machines/system) or they use a third-party merchant service that allows the retailer to keep the data? I know that a merchant service common among small retailers is Heartland, but to the best of my knowledge stores that use them don't get to keep the credit card number on some permanent record. Does a company like Heartland sell the credit card numbers associated with the names as an alternate service?

Having used credit card machines at my job my whole life, I have never encountered one where the store or restaurant got to keep the card number. So I'm a little shaken by the revelation that large merchants keep these numbers on file, as it seems they are playing by a different set of rules than in the small businesses I worked for as I've grown up.
posted by sourwookie at 8:58 PM on October 27, 2014

I don't think this will be that big of a problem for retailers. Apple fans are known to be passive and accepting. Surely no Apple fan would write angry letters because their favorite company's new elegant payment solution was suddenly and arbitrarily turned off by a retailer. Not to mention Google fans. None of those out there. People love CVS.

I say with extreme sarcasm. What is next for CVS some gamer gate related tweets perhaps?
posted by humanfont at 10:34 PM on October 27, 2014

sourwookie, to the best of my knowledge there is nothing preventing retailers using any processor, including Heartland, from keeping your number on file, presuming the retailer does it in a PCI compliant manner.

I don't believe that most (if any) standalone card swipe devices store numbers, though. Large retailers don't use those, though. They use readers which integrate with the POS system. Obviously, there is no need to reference a database to connect name and number in that case, since the swipe also delivers the cardholder's name.

Heck, it seems that these days even few small retailers use standalone machines any more unless they've been around for a long while. Most places use some sort of POS software running on a PC with a USB attached card reader.

For what it's worth, in my experience Heartland gives away a USB card reader when you sign up. A USB card reader that has no support for encrypting the data across the wire. So even if your POS software handles the data securely once it receives the swipe data malware can easily intercept it before it gets to said software. Sad story.
posted by wierdo at 12:09 AM on October 28, 2014 [2 favorites]

Can we back up a second and ask again what the problem with cash is ... I just want to purchase a cup of coffee.

I guess there are a few overly-stubborn people who want the cost of the coffee to be no greater for them than what they have explicitly paid for it; and they want the entity who sells them that coffee to receive all of the value of what they pay. And then there is a majority for whom paying with fancy methods is perhaps a status symbol (look at all the Amex card varieties, FFS), who want to share with the corporate world and by extension the government their every purchase, and would rather have some portion of the value that the seller gave them accrue to an intermediary who squats on every transaction, thus tending to inflate what you pay over time because your seller doesn't receive the full value, because i) convenience ii) "you can go into debt this way" iii) other things. Yes the preceding is full of anti-CC strawmen, don't bother.

There are two types of privilege: being able to afford what you buy, and being able to afford to pay for what you buy using a $600 device in your pocket that implicitly advertises for a company and explicitly gives them a portion of what you spend. Which is the greater privilege?

I'll go back to my Luddite cave now, where the force field for cheering on behalf of the most valuable company on earth has finally diminished to 0. Think Different 'n all that.
posted by sylvanshine at 4:16 AM on October 28, 2014 [2 favorites]

To everyone saying there needs to be a unified standard, NFC is that standard. Apple pay can coexist with tap and pin cards and anything else that wants to use NFC like googles setup. Apples system exists on top of that.

It's basically the equivalent of emailing a psd instead of a png. both go over email, the only difference is on the receiving end. the retailers setup doesn't really matter here. it's a standard that works on top of an existing standard when the underlying standard is available.

And that's what makes it actually kind of brilliant. NFC will become popular after the EMV shift later next year. By the time the iphone 6S launches most places will have gotten brand new terminals or upgraded their POS setup(or gotten new terminals to slave on to their existing POS and do all the card processing, simply getting sent a total from the old janky POS) and these places are going to have to go out of their way to not get NFC. I looked, and it seems like even right now some of the cheapest most basic terminals have NFC. Shit, the neighborhood thrift stores in my area that just got new cheapo terminals have it on the pin pads.

I really do hope some laws get passed regarding the "they don't get to take your card away" thing though. I pretty often see nice terminals with NFC+MSRs on the pin pad where they... taped over the MSR -_-

If anyone is trying to cockblock this, like this MCX alliance, it's going to become painfully obvious. And it's going to be really hilarious when you can use apple pay at your local neighborhood dive bar or hole in the wall breakfast place but not rite aid. People are going to start wondering why the hell that is. And local businesses want it too. At one of the places i work for that's a medium sized local place with several locations, a manager asked me "hey, what do we have to do if we want to support apple pay and stuff?" and the response was "nothing except for buy the stuff we'd have to buy next summer anyways". A lot of people are going to be asking the POS company they contract with, or their payment processor, or their IT tech/staff that. And when they all get either that answer or "well you can buy the 7500 instead of the 7000 for $100 more and it comes with the NFC pinpad" when they're getting a new terminal anyways, they're going to do it.

They're going to win from the bottom up, simply because it'll be so cheap to do it if everyone has to upgrade anyways. This was fucking brilliant timing on apples part. They're giving it just enough time to breathe, and everyone to get used to it, before it's everywhere.

wierdo: A USB card reader that has no support for encrypting the data across the wire. So even if your POS software handles the data securely once it receives the swipe data malware can easily intercept it before it gets to said software. Sad story.

Nah, all the ones anyone is giving out or using now are running on a newer standard like OPOS/UPOS/etc(which is not that new, it's from like 1996), and therefor encrypt the card as soon as it's swiped. "keyboard wedge" type ones that just spammed in the info and could be grabbed with a keylogger(similar to how square works*, but that's not an issue because no one is installing a trojan on your iphone) are frowned upon in new installations and will pop up warnings or errors on most POS software, and card processors will give you grief about upgrading when you can. There's no way they'd be handing out old style MSRs.

The only reason they're even still kind of allowed is that so many big retailers have aging systems that use them. Seriously, go in to some huge store like nordstroms and look at that short circuit 2-ass 80s looking IBM shizz. Kinda like buying extended XP support contracts for $$$ for ATMs, a lot of places are basically waiting to upgrade until the EMV liability shift.

But no, any newer small cheap MSR is going to be of the encryption capable variety. And the drivers they send with it will likely default to that state.

That isn't to say i haven't seen some horrendous security fails at small businesses who basically just got mailed the USB reader, some shitty POS software, and started running it on a windows vista laptop that the clerk plays games on and posts to facebook from IE when they're not ringing stuff up. But the readers aren't the problem.

*i might be wrong on this, but as far as i can tell square doesn't encrypt that info between the reader and well... the ADC in the sound chip. It's not like there's a real reason to, though.

Sourwookie: Having used credit card machines at my job my whole life, I have never encountered one where the store or restaurant got to keep the card number. So I'm a little shaken by the revelation that large merchants keep these numbers on file, as it seems they are playing by a different set of rules than in the small businesses I worked for as I've grown up.

A lot of POS software, including the stuff used by Big Businesses at least has the ability to store card numbers for some amount of time. And judging by how incredibly bad target's security was, it wouldn't surprise me if they didn't even know their software was storing that somewhere. Hell, i've been pushed in to upgrading to a newer version of software on a system i was admining wherein i discovered that the new version had changed where configuration options were and started storing card numbers in a certain database. Cool! Good times! And i only found that out by calling the software developer and going "hey, so i need to get XYZ info out for blabla reason, but a properly configged system doesn't store that right?" "Oh no, you have to specifically turn that off again, if you dig in to foo menu then click bar and check these boxes you'll get that info to spit right out! it's totally streamlined from how it was in $OLDVERSION".

There's no actual rules against storing that info which is completely bonkers batshit insane. Like, malfunctioning eddie on futurama, batman joker lost the plot status. I'm assuming the EMV liability shift will finally sink this sort of shit once and for all, but for now as long as your setup is PCI compliant you can basically store whatever you want.

Sort of like how people who have worked at certain restaurant chains would never eat at one or whatever, knowing what i know now and having had my card info jacked 5-8 times the current system scares the SHIT out of me. Every time i walk in to some small store with a janky ass laptop and USB reader setup it's the equivalent of a really shady hole in the wall restaurant where you know they're blatantly violating health code.

We're basically in the equivalent of car development in the "unsafe at any speed" 60s with card systems right now, where manufacturers could basically put anything they wanted out on the road. Europe has airbags and seatbelt pretensioners and crumple zones, and we're just now finally coming up on the late 60s and going "hmm, maybe we should put some padding on the dashboard and mandate collapsible steering columns".

The difference was that all cars were shit back then safety wise, except for a tiny few like volvos. Whereas now, there's a worlds better system right fucking there across the ocean and everyone involved except for the consumers is dragging their feet from retailers all the way on up. And i mean yea, a lot of money is involved in upgrading all this shit... but i just can't fathom how anyone is ok with how chargebacks work right now and such. Every single person i know has gotten their card stolen at least once. Most of these people are in their mid 20s, and have had a card for 10 years at most. The majority of the people i know have gotten their card ripped off at least twice.

How the fuck did we get this far with this system? Too big to fail indeed.
posted by emptythought at 4:28 AM on October 28, 2014 [4 favorites]

I guess there are a few overly-stubborn people who want the cost of the coffee to be no greater for them than what they have explicitly paid for it; and they want the entity who sells them that coffee to receive all of the value of what they pay.

You're paying for cash as a consumer. You absolutely are - ATMs and the infrastructure that keeps them stocked with fresh folding money are expensive to set up and maintain. Full-service tellers even more so. The banks aren't doing it out of charity and civic-mindedness. Check cashing stores are a thing, and they charge a ton. Cash-back at the checkout? Great, you just bought some gum or a soda you didn't need to get a measely 10 bucks. Ever wonder why Coinstar takes a slice for, essentially, counting your change and turning it into cash? Ever wonder why it's free if you take it in electronic credit at Amazon instead? It costs money to move those coins around, and online merchants can afford to subsidize it from their margins, because they're already paying every time they get money from a customer.

Electronic payments reduce the overhead of moving money around considerably - merchants don't like it because the (smaller) cost for this was taken from the customer - you - and moved to them.
posted by Slap*Happy at 4:35 AM on October 28, 2014 [7 favorites]

If I were Tim Cook, I'd be tempted to say "okay, we'll give you user IDs, and you kick back .25% on transactions". Apple gets a windfall, retailers save a few billion on processing fees, and consumers probably don't realize enough to give a shit. Right?

Apple has gone all in on protecting consumer privacy, they won't fold from a little pressure from retailers.
posted by Mick at 5:15 AM on October 28, 2014

OK, so I installed Google Wallet on my phone and will attempt to use it at the next store I'm in with the squiggly NFC symbol on the card reader.
posted by octothorpe at 5:28 AM on October 28, 2014

A month ago

Consumers: "I never thought I could touch my phone at Walmart to pay for this."

Today

Consumers: "I can't touch my phone at Walmart to pay for this, and I'm outraged! Furthermore, all these withholding stores are and always were shitty anyway, beneath my phone-enabled 'status'!"

This is what happens when you let corporations drive your thoughts.
posted by sylvanshine at 7:06 AM on October 28, 2014

merchants don't like it because the (smaller) cost for this was taken from the customer - you - and moved to them.

You sincerely believe that the cost has been moved to them? In the big picture, end of story? (OK I'm done)
posted by sylvanshine at 7:10 AM on October 28, 2014

Or alternatively:

A month ago

Consumers: "This shit is broke. I am tired of stories of compromised credit card data and clerks stealing card numbers and skimmers and such."

Today

Consumers: "Hey, someone has a suggestion to end tons of fraud and identity theft and some ass not only won't support it, but turned it off when it was previously working because maybe someday they will have something of their own that everyone says sucks and they want me to use it?"

Seriously, for a technology that only has a few million people capable of using it this shows there's a demand. Imagine two years from now when it's in the majority of phones.
posted by cjorgensen at 7:14 AM on October 28, 2014 [6 favorites]

sylvanshine: Well, the cost is always on us; any 'moving' would be just temporary. In any case, it strikes me as less a cost-moving than a revenue-depletion: they think their revenues will suffer because they can't mine the data anymore (and they are probably right).
posted by lodurr at 7:15 AM on October 28, 2014

This has been a very helpful discussion, I must say. I came in thinking Apple was being Apple and fronting a proprietary solution that could never really go anywhere; I hadn't seen popular explanations that dispelled that belief. But Metafilter did.

I keep telling people this is where you go if you want to get people who actually do the shit to tell you how it really works. Forget the movers and shakers crap.
posted by lodurr at 7:17 AM on October 28, 2014 [2 favorites]

Apple Statement to Business Insider.

Apparently it's an "Apple Pay/MCX war" now. It'll be like the time there were browser wars. Those were dark and terrible times!
posted by cjorgensen at 7:23 AM on October 28, 2014

On the other hand, I still remain far from convinced that Apple Pay / Google Wallet is better from a consumer perspective than paywave-enabled Visa, paypass-enabled MasterCard, etc. Since the credit card companies eat fraud charges, the extra security of the thumbprint (in the Apple Pay instance at least) doesn't seem to add much consumer-facing benefit.

I explained not ten comments above you why online NFC with a smartphone is a big security improvement over even an NFC-enabled plastic card, but here it is again: the Apple Pay system creates temporary tokens that stand in for your actual CC number and are transmitted through the merchant terminal and payment network. Your actual credit card number is never revealed to the merchant terminal or network. This means that attacks like the one executed against Target, where the bad guys compromised the network the store terminals were using and snarfed up all of the credit card numbers as they went by, will be rendered drastically less expensive to clean up after, because instead of mailing you a new credit card, all Bank of America has to do is electronically revoke the token your phone used at that store. Yes, the card companies are on the hook for the fraud charges, but if they can catch token reuse (if it even works; I haven't read the full specs but I believe the cryptographic signatures prevent dumb replay attacks like that) and shut it down immediately it saves them money on covering fraudulent transactions and saves the issuing banks millions of dollars in printing replacement cards. This should (okay, this is a big 'should' here) translate to a slower increase, at the very least, in Visa and MasterCard's operating expenses and therefore a slower increase in merchant fees, and, finally, a slower increase in the consumer cost of goods because those fees inevitably work their way back to you somehow. Got it?
posted by spitefulcrow at 7:32 AM on October 28, 2014 [3 favorites]

It's going to be a HUGE drop in operating expenses for Visa/MC/etc. They're transferring the liability for almost all mistakes, plain old fraud as well as clever exploits against the tech, to the merchants. It was massively profitable in Europe when they pulled it off, and it'll be massively profitable for them here.
posted by introp at 7:40 AM on October 28, 2014

Apple Pay activations hit over 1M in first 72 hours, more than all competitors combined. At The Wall Street Journal's inaugural WSJD Live conference on Monday, Apple CEO Tim Cook revealed Apple Pay is off to a booming start, with more than one million card activations in its first 72 hours of service.
posted by entropicamericana at 7:45 AM on October 28, 2014 [3 favorites]

emptythought: Less than 6 months ago. That is when a client of mine was sent the cheap-ass keyboard wedge scanner. (Not actually plugged in to the keyboard port, being USB, but uses the standard USB HID driver just like a keyboard would)

One of the problems with PCI is that it is perfectly PCI compliant for them to use such a thing even though large retailers wouldn't be allowed, because the rules for people who process very small volume are very lax. To some degree that makes sense, since the risk is relatively low. However, there are a lot of them out there, so in aggregate it is still a fairly large risk.
posted by wierdo at 7:50 AM on October 28, 2014

One of the problems with PCI

The root-cause of all PCI compliance is the lack of good-faith implementation combined with a lack of effective enforcement.

I'd like the NYS Department of Tax and finance to pull tax collection authority for PCI compliance violations, myself. That'll get the point across that we're not fucking kidding about information security. Sorry, Target, Sorry Home Depot. Your doors are SHUT in New York until you can certify, under penalty of perjury, that you got your shit together.
posted by mikelieman at 8:01 AM on October 28, 2014

I worked for a newspaper and never get tired of telling this story. When the iPad first came out I asked for one and was told no, since I couldn't tell them what I wanted it for. I worked IT and replied, "Put one in my hands and I'll tell you what they can be used for." Nope. Fair enough. Then the iPad 2 came out and again I asked for one and again was told no. Fair enough, so I bought it on my own. I tried to evangelize for it and say we needed an app and we needed to start offering HTML5 ads, but rather than seeing this as something we needed to adapt to it was seen as something that wouldn't make it. "Does it have Flash? No? End of story!" Then our customers wanted their ads to work on it. Our reps wanted to use them for demos. Finally we got out first app, but it took like 100 million iPads sold before this happened. When we finally got them they looked to me to teach people how to use them and to be the expert. I refused.

You can either skate to where the puck is or to where it's going to be.
posted by cjorgensen at 8:04 AM on October 28, 2014 [6 favorites]

The root-cause of all PCI compliance [violation] is the lack of good-faith implementation combined with a lack of effective enforcement.

Never ascribe to malice that which can be explained by incompetence. You would be shocked and terrified to learn how many e-commerce sites out there that seem modern and responsive, but are built on decrepit old architecture with its bones set into the late '90s that for various reasons can't be updated or replaced without sinking the business outright. Implementing a solution to meet compliance often winds up breaking more things than it fixes, and they don't have the resources or talent to recognize they have a problem, nevermind fix it.
posted by Slap*Happy at 8:11 AM on October 28, 2014 [2 favorites]

I will admit to not knowing exactly how the UK system works so I may be a bit complacent about how superior our systems are but I get the impression that the situation in America is a total f***ing joke!

It reminds me of Nader's "Unsafe at any Speed", your retail corporations pay verbal lip service to customer service and security but in actuality do everything in their own cost-cutting interest. Someone has made the calculation that upgrading your antiqated payment systems is going to be more expensive than dealing with fraud and paying for existing inefficiencies, let alone the inconvenience to customers.

This is a disgrace and Apple has shone a spotlight on the squalid and outdated nature of this particular American retail business method. Surely shops exist to take in money, it should be the thing they are best at.
posted by epo at 8:27 AM on October 28, 2014

Never ascribe to malice that which can be explained by incompetence.

I hear this all the time, but doesn't it just enable the people who are Really-Fucking-Evil to just go 'Duh?', and not be held accountable?

From the Information Security POV, it's all about "Capabilities, not intentions". Which is why we have these controls. With the proper controls, there is no capability, therefore intent is irrelevant and the data is secure.
posted by mikelieman at 8:40 AM on October 28, 2014

With the proper controls, there is no capability, therefore intent is irrelevant and the data is secure.

There's only so much you can do to lock down an inherently insecure system, and this is one area where decentralization and duplication of effort is murdering even moderately competent and non-evil people.

It needs to be taken out of the merchants' hands, and turned over to large institutions who can afford to build and maintain world-class infosec systems. That's Apple, that's Google, that's hypothetical-platform-neutral-NFC-payment-processor. That's emphatically not Target and CVS and Home Depot and Uncle Vinnie's Pizza and SketchyImportProducts.com.
posted by Slap*Happy at 9:14 AM on October 28, 2014

Seems like every gas station known to man is on the list of MCX customers. At least in Oregon, you are legally prohibited from pumping your own gas. As one person put it, "If Oregon goes self-service, nobody will be able to find their drug dealer!"

It's sketchy enough when I hand over a credit card for them to swipe, I don't think I'll be handing over my phone. Now that I think about it, this is going to make Chip & PIN real fun too.
posted by pwnguin at 9:43 AM on October 28, 2014 [1 favorite]

sylvanshine: Go ask a bank how much they charge for issuing commercial change, the coins and bills used to make register floats, and for taking back small bills in the deposit bags. Handling cash costs real money. Like all the other cc or or cheque or debit charges retailers simply absorb this as a cost of business. Electronic payments are popular because it costs many retailers less than handling cash does. It can also be a lot less risky.
posted by bonehead at 10:03 AM on October 28, 2014

I get the impression that the situation in America is a total f***ing joke!

It is. There's a bit of a first mover disadvantage, since we pioneered credit cards, but change is still long overdue.
posted by ChurchHatesTucker at 10:05 AM on October 28, 2014 [2 favorites]

I don't think I'll be handing over my phone

Your phone will not work if you hand it over. You have to be holding it.
posted by soelo at 10:27 AM on October 28, 2014 [2 favorites]

By eating at a given restaurant, you have already agreed that they get to take your thumb.
posted by Drastic at 10:49 AM on October 28, 2014 [1 favorite]

By eating at a given restaurant, you have already agreed that they get to take your thumb.

Still won't work.

I get it, but it does seem to be a popular misconception.
posted by ChurchHatesTucker at 10:57 AM on October 28, 2014 [2 favorites]

I don't think I'll be handing over my phone. Now that I think about it, this is going to make Chip & PIN real fun too.

In Canukistan, two years into the glorious revolution, you either get handed a remote unit or one is built-in on the customer facing side of a register/gas pump. You insert your own card and can type in your pin with some sight security. The card never leaves your possession. With a tap and pay system, you never even let go of it. It's more secure than the old days, harder to do the old double swipe or phony capture scams. I really do prefer the new way of doing things. As well as more secure, it's often faster than even paying with cash.
posted by bonehead at 12:00 PM on October 28, 2014 [1 favorite]

Yea, go look up the video for apple pay at the McDonald's drive through. They have a unit that looks like an old school grocery store price gun they just stick out the window and you tap your phone on. It also has a pin pad for chip and pin.

These are going to be EVERYWHERE in a couple years, in situations like that. That's what your gas station attendants will have clipped to their belts, etc.

Wireless POS stuff like that used to be extravagantly expensive. Now with the advent of smartphones and tablets, all those parts are cheap as fuck and batteries last real life amounts of time where they don't have to constantly be on a dock when not in use. It basically just took verifone slapping them in a box with a pistol grip.
posted by emptythought at 1:29 PM on October 28, 2014 [1 favorite]

When ExpressPay, Paywave, and Paypass first rolled out around 10 years ago several fast food restaurants in my area installed readers mounted outside the drive thru window. Sadly, they mostly quit working after a few years and nobody has bothered to remove them or fix them.
posted by wierdo at 2:01 PM on October 28, 2014

Apple has gone all in on protecting consumer privacy, they won't fold from a little pressure from retailers.

In light of the regulatory vacuum that is privacy law in the US, It is heartening to hear Tim Cook's statements on Apple setting up its technology products to defend customer privacy, not only against quasi-unlawful government intrusion, but also efforts by marketing and advertising businesses to keep tabs on our purchasing behaviors.
posted by a lungful of dragon at 2:05 PM on October 28, 2014

I think for many retail outlets, the reliable cost of a payment processing system is preferable to the combination of predictable and unpredictable loss in a cash system.

I'm not saying this source is unassailable - it's just a google result, but it's a pretty interesting take on cash losses. Here are a few specifically about restaurants (mentioning theft, loss, and armed robbery).

[note, those sources are pretty anti-employee, not cited for viewpoint, just for a list of costs.]
posted by mercredi at 2:58 PM on October 28, 2014

In what is presumably just the first of many, many data breaches to come, CurrentC is reporting it has been hacked.
posted by entropicamericana at 9:16 AM on October 29, 2014 [5 favorites]

Aaaaaand CurrenC has been hacked, what, 2 days after these retailers shut off NFC?
posted by rustcrumb at 9:17 AM on October 29, 2014 [7 favorites]

But it's only your email. :D
posted by sonic meat machine at 9:19 AM on October 29, 2014

These are going to be EVERYWHERE in a couple years, in situations like that. That's what your gas station attendants will have clipped to their belts, etc.

Except not at MCX retailers. Which is quite a daunting list.
posted by smackfu at 10:01 AM on October 29, 2014

Except not at MCX retailers

Depends on when they signed their exclusivity arrangements. I've been told (hearsay!) that it's a three-year lock, so some of the early supporters will shortly be coming out of their lock period.
posted by aramaic at 12:11 PM on October 29, 2014

Interesting twist on the First Mover Advantage. Adopt a standard early, so your competitors are still tied up when you ditch it.
posted by ChurchHatesTucker at 12:14 PM on October 29, 2014 [2 favorites]

Depends on when they signed their exclusivity arrangements.

It's worth remembering that MCX bills itself as being "merchant-owned." This is not a service that merchants are licensing, as much as a conglomerate that merchants are buying into. They have an incentive to make an alternate payment system succeed.
posted by smackfu at 12:22 PM on October 29, 2014

History is littered with failed payment systems that were a better idea and had more impressive backing than MCX.

Weeps for the loss of the still superior SET.
posted by el io at 12:30 PM on October 29, 2014

What's really incredible is that CurrentC experienced a major security breach before it even hit full rollout. CurrentC is going to go over like DivX's version of DivX.
posted by DoctorFedora at 12:58 AM on October 30, 2014 [2 favorites]

Does anyone know where I can convert beenz to CurrentC credit?
posted by bonehead at 7:19 AM on October 30, 2014 [1 favorite]

You have to convert your Beenz to Flooz before you can convert it to CurrentC. No word on when the Gateway stores will be accepting CurrentC though.
posted by entropicamericana at 7:51 AM on October 30, 2014 [4 favorites]

I'll let you know as soon as I get my Swatch .beat converter app up and running.
posted by komara at 10:24 AM on October 30, 2014 [3 favorites]

I was a little sad to CVS included in this consortium. I was all full of good will toward them for dropping tobacco products, and now they go and pull something like this.

Ahaha! "How could the company that just pulled an anti-consumer stunt I agreed with do something anti-consumer choice that I don't agree with?"
posted by deathmaven at 12:41 PM on October 30, 2014 [1 favorite]

Meanwhile, in the UK...
posted by ChurchHatesTucker at 5:46 PM on November 4, 2014

The CEO of MCX says exclusivity will expire in “months, not years.”
posted by exogenous at 9:32 AM on November 5, 2014

« Older Get these M*therf*cking snakes out of my theater! | "What do you do when you think you have a murderer... Newer »

This thread has been archived and is closed to new comments

MetaFilter

Begun, the Wallet Wars, have.
October 27, 2014 9:56 AM Subscribe

Tags

Share

Begun, the Wallet Wars, have. October 27, 2014 9:56 AM Subscribe

Tags

Share

Begun, the Wallet Wars, have.
October 27, 2014 9:56 AM Subscribe