Slashdot Mirror
Rite Aid and CVS Block Apple Pay and Google Wallet
An anonymous reader writes CVS and Rite Aid have reportedly shut off the NFC-based contactless payment option at point of sale terminals in thousands of stores. The move will make it impossible to pay for products using Apple Pay or Google Wallet. Rite Aid posted at their stores: "Please note that we do not accept Apple Pay at this time. However we are currently working with a group of large retailers to develop a mobile wallet that allows for mobile payments attached to credit cards and bank accounts directly from a smart phone. We expect to have this feature available in the first half of 2015."
CurrentC seems way too involved for most people to ever give a shit about.
This isn't the sort of thing that "the market" can decide. I expect that it'll end up in court.
I wouldn't be surprised if patents come into it too, and since retailers aren't technology companies, they probably won't have the patents to even develop what they want without licensing, and tech companies with those patents are under no obligation to license them.
Do not look into laser with remaining eye.
Once competition decides what service we decide to favor. A bunch of services will fail, 3 or 4 will remain and be universally accepted. Just look at the credit card networks for reference as to how this will play out.
NFC is disabled on all my devices that support it, and it'll stay that way.
Il n'y a pas de Planet B.
tech companies with those patents are under no obligation to license them
I thought that in order for something to be incorporated into an industry standard, patent holders had to offer their essential patents for license under a uniform royalty regime (sometimes called "FRAND").
A token based system vs. direct access to my personal data and bank account? I'll take Apple Pay, thanks.
Trolling is a art,
We don't need Apple, Google, or anyone else who sells us the devices and software managing our money. Let a dedicated provider own managing the public standards, or at least the credit card providers. The VISA system isn't cheap but it works very well. That way open platforms can use it too with equal footing.
To push away the two leading mobile solutions especially when you're in the midst of losing smokers in CVS (a good move health-wise but consequential for sales nonetheless)? Heck they wouldn't even do Passport.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
How does this not violate these stores' agreements with Visa (etc), which have explicitly partnered with Apple and Google to provide Pay and Wallet as a valid method of using their (virtual) cards at the register?
And worse than simply not accepting it, they did so because they plan to come up with their own competing product??? WTF, Rite Aid, do you really think people will rush to use yet another crappy store-specific solution, rather than look confused at the cashier for a few seconds before walking away, leaving their stuff at the register?
eom
The reason they are doing this is that they don't want to keep paying inflated fees to credit card companies because they are tired of getting screwed. They may also not be serious about it; it may simply be a pressure tactic to get credit card companies to lower fees "or else".
Getting payment options other than the big credit card companies and their inflated fees necessarily involves inconvenience. Obviously, consumers are too lazy to do it by themselves, but retailers may have enough power to make this happen.
It appears that CurrentC moves liability exposure almost entirely onto the consumer, whereas Visa limits consumer exposure to $50 that most banks waive in actual fraud. Add full access to your bank account to make the worst-case liability exposure whatever you have in your account, and privacy terms that allow them to use health related data that could have been protected under HIPPA. Tell me again why I would want to use this?
There are a lot of hidden costs associated with using cards and other technologies with payment terminals. When you pay $6.00 for your purchase, the retailer doesn't get all that money.The processing company that processes all the transactions paid for with cards at a retailer gets a cut of every transaction. If it is a credit card, like Visa or MC, then the credit card company also takes a small percentage.
While Google Wallet and Apply Pay may be free to the end-user, I highly doubt that it is free for the retailer. Google and Apple are likely taking another slice of the pie. So... percentage for the processing company, percentage for the credit card company and a percentage for Google or Apple. It's not beyond belief that this could easily exceed 5% of the purchase price, which could be about 10% of the profit margin. That's a huge number, even if it only amounts to $0.30 on a $6.00 purchase.
It's an annoying hassle for CVS customers to have to wait and deal with another mobile payment system, but it easily means millions in savings each year, nationwide.
There are absolutely no laws that keep standards (or anyone else) safe from patent claims.
Some standards organizations try to require members to license patents under "Reasonable and Non-discriminatory" terms, but the whole thing is nonsense. What is "reasonable"? The answer is, "as much as I can get from you!". And what is non-discrimantory? By definition most RAND terms discriminate against FLOSS, and they also always discriminate against organizations without the patents (since they have to pay for the patents, while others do not). In addition, for software patents and business patents, in general no one (not even the patent author) actually knows what the patent covers and what it does not, for a variety of unfortunate reasons.
I actually think that patents have their place in the physical world, but not at all in the software world.
- David A. Wheeler (see my Secure Programming HOWTO)
Shitty customer service is not a strategy.
They're implying that their solution will work with iPhone instead of Apple Pay. Problem is that's a misleading or a lie. It may work but it'll be QR code based since Apple locks down NFC to only be used with Apple Pay.
CurrentC will NOT use NFC for iPhone.
Either way fuck CVS I switched to Walgreens.
Let's face it. With the exception of cash, there isn't an easy way to pay where you cannot become compromised. It seems like every week another retailer has their databases compromised. Do I really believe even for a moment that letting google, apple, or someone else manage my cards for me will stop that? Can you imagine a situation where one of these companies is compromised and not just one but maybe all of your accounts become compromised with it?
Eliza: You seem angry. Would you like to talk about your mother?
A CVS fanboi?
If this isn't a poster child for the 'long tail of the Internet' I don't know what is.
Faster! Faster! Faster would be better!
If this becomes popular, what makes you think that the banks won't start charging YOU the customer for the debit transaction or money transfer?
Gruber at DaringFireball nails it:
Apple's great strategic advantages over Google, is that they put their customers (i.e. the people who buy Apple's goods and services) needs over their partners needs to be able to data mine those users.
"Free software as in beer, copy protection as in racket" - Telsa Gwynne
First, CurrentC involves scanning TWO QR Codes. Wow. It's almost like we should use a radio to exchange the data. Durr. Second, Target, KMart, and Walmart are involved with this... KMart and Target are idiots; Walmart has an empire, what are they colluding with them? Apple customers are elitist that will go out of their way to use their fancy phones to do anything (ex: boarding passes). Whichever one of these retailers wakes up first and embraces secure technology wins a whole lot of new business.
CurrentC dips directly into your checking account, just like a debit card. Good luck disputing charges. And have fun paying overages.
Mod +1.
I love Eliza.
I ran it on a TRS-80 and it recorded interactions with it.
My sister got hold of it and took it very seriously. The transcript was hilarious as she tried to get Eliza to make a goddam commitment instead of asking leading questions.
It little behooves the best of us to comment on the rest of us.
Every corp will want in on the wallet system, you will need several apps installed to cover all of them, and most will be insecure I'll wager.
"If any question why we died, Tell them because our fathers lied."
I don't want a "smart" phone. They just want to eliminate cash and force all of us to pay hundreds of dollars a year for a phone that we don't want. I look around, and it's like society has gone off the rails. You're paying $100s a year so you can stare into a little screen, you walk into walls because you don't look,, etc.
The page on Google Wallet for businesses states that they (Google) do not charge for the service, but your payment processor can charge for the service.
Typcally, payment processor charges are determined based upon industry, credit rating, transaction volume, average transaction amount, disputed charges, and fraud potential.
That last factor --- fraud potential --- is the only one that their processor won't have any data on. None the less, I'd be extremely surprised if the processor charged either Rite Aid or CVS more than 2% of the transaction. On second thoughts, even 1.5% would be too high.
Today is not 1975, when transaction costs were 10% for Amex, and 5% for Visa, when the "lowest" cost terms were negotiated. Rather, today is when any Joe can accept Amex for 5%, and Visa for 2.25%.
All forms of payment, including cash, have an associated processing cost.
Consequently, claiming transaction costs are the reason for not accepting this form of payment is an invalid claim.
What everyone needs to do is load up a cart of perishable items. When you get to the checkout and refuse to take your apple pay. Simply say "So Sorry. I only have my phone with Apple Pay or Google Wallet" and walk away. Do that every time you go to walmart, cvs or any other foolish retailer that wants to buck the system.
When your credit card is compromised, the bank takes the loss and gives you a new credit card. When your phone is compromised, does Apple take the loss and give you a new phone?
I used to use Google Wallet / tap to pay at Rite-aid frequently as there's one across the street from my office. I liked it. The other day when I went in and tried and got a message about Apple pay not being supported, I was pretty confused. I don't use Apple pay. Why disable functionality that was previously working and that customers want to use? Google wallet does not charge merchants at all (http://www.google.com/wallet/business/faq.html). If stores want to set up their own competing wallet apps, that's fine, but disabling something that previously worked and that costs them nothing is really stupid.
Facts have a liberal bias.
I already carry something around in my wallet for paying for things that's convenient, secure, (as long as I don't lose my wallet,) and accepted virtually everywhere I go.
It's called, "cash."
Are there downsides to using "cash" for paying for things? Sure, you have to remember to get it before spending it, and generally you have to earn it before you can use it. On the upside... you have to remember to get it before spending it, reducing frivolous and mindless, impulse-buy spending, and you have to earn it before you can use it, reducing the odds of going into debt.
It also assures me of privacy, (it's way harder to track than credit/debit cards, mobile payment systems, etc.) doesn't cause me to get e-mailed or snail-mailed spam or junk-mail, etc., I don't have to worry that some ass-hat will think my "spending habits" are "irregular" and decide to decline my "cash" payment, or that some jack-booted government thug will decide my spending habits are too similar to someone else' spending habits and that I'm therefor up to no good...
"Cash" is the best mobile-payment system ever created, which is why its catch-phrase has hung around so long... "Cash is king."
But enjoy your magical, hackable "near-field" bullshit, and your "magnetic-stripe" crap. I tried many such things, and have gone back to cash. Accepted pretty much everywhere I ever go, or might go, trace-free, and if you're really worried about cooties... you're much more likely to get sick from inhaling the air than from touching money. Best of luck to you all. I'm going to go hit the ATM. (Since I use a credit union, and not a bank, and I use the network ATM's, I don't pay any fees either.)
Cheers!
For the explanation.
I expect the feds to rule on the fraud aspect once word gets out, to prevent the burden going to cardholders.
I expect all these new systems will indeed reduce fraud. The USA is the last to use chip and pin cards (we have had them here in Canada for 2 years). Chip and pin has stopped most frauds.
I think competitive forces will cause people to avoid shopping at those places for a year, and CVS etc will find it costly to deny both Apple and ANdroid NFC systems, once their competitors get on board.
There was an article in NYTimes recently, written by a mother whose autistic son had bonded with Siri. It was a very sweet story.
Every retail chain store is going to want their own system in place so THEY get the transaction fees and THEY get to mine your personal data to sell. Fracturing the market is a good way for all parties to fail.
Both the CurrentC and MCX websites are awfully thin on actual information, I can't seem to find any information on what others are claiming (that they require access to your medical data). If true it should be avoided like the plague.
Best Buy used to take Google Wallet and other NFC payments then they did a similar thing a few months ago and started blocking them. They are on the merchant list for CurrentC. Question answered.
But now my big question is: Why doesn't the big 4 (Visa, MC, Discover and Amex) just smack them around and say "this is how it's going to be"? I'm sure their member banks would rather have one secure payment standard floating around out there too. This CurrentC thing just looks like a big identity theft cluster f*** data breach waiting to happen.
Google will probably buy out CVS now and rename the stores Google $ Apple Stores where they only take google wallet and apple pay..
Sounds a bit glib but this is totally about retailers data mining you. The banks are giving Apple a cut from their side of the fees so it costs the merchants nothing. In fact it lowers their liability because the ApplePay numbers are single use tokens, not credit card numbers. But that means they can't track your purchase history.
Google Wallet (as far as I can tell) does not use one time numbers; I presume that's why they never card about it.
Natural != (nontoxic || beneficial)
It's more convenient and secure than magstripes.
Learn to love Alaska
Except for the fact that when you dispute a transaction on a credit card, the worst thing that happens to you is that your card may be frozen or the line of credit may be reduced by the disputed amount.
When you dispute a check or a debit transaction, your money is gone until the dispute is resolved and the bank may freeze all of your accounts during the investigative process, meaning you may essentially have no access to the money in your checking or savings account for a month or more.
https://www.riteaid.com/custom...
http://www.cvs.com/help/email-...
Here's the message I sent. If you're lazy, feel free to use it:
Disabling Apple Pay and Google Wallet, which were previously accepted is not OK. If you want to come up with your own competing system and give people rewards to use it, that's fine, but don't break existing functionality. Google Wallet just works. Apple and Google's solutions don't cost you any more money than a credit card transaction. Your payment app isn't even available yet and relies on QR codes, which means that when it does launch it will likely be very clunky by comparison.
If you can't come up with a sane response to this, I guess I'll be switching to Walgreens.
Facts have a liberal bias.
and that varies by location. With friends who are a store manager and regional manager, according to them it's going to be wait-and-see if the smokers just move on to another drug store - taking the rest of their business with them.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Lal. yeah right. They also offer better access to your private pics to hacker which is nice.
Apple and Google are on the same side in this one, in opposition to CurrentC.
Thank you. I wasn't aware of it.
It little behooves the best of us to comment on the rest of us.
I have. Very interesting. One "feature" of debit cards is that if you use them at a cash machine and you don't get what you ask for, too bad, you lose. Now, if you get more than you ask for the financial institution will be all over you. And of course, as pointed out by many posters, there is protection against fraud for credit cards but not debit cards, at least in the USA. These are the reasons our family does not use a debit card.
One possibility credit card issuers could implement is to deny retailers the ability to accept their credit and debit cards unless they allowed the use of credit card electronic systems for their cards such as Apple Pay or Google Wallet. It might hurt the issuers for a while but the retailers more. Returning to cash and paper checks would impose enormous overhead to retailers reconciling mounds of cash and paper checks. Large retail stores will need fork lifts to move all that paper around.
The thing that makes Apple Pay so intriguing is that each transaction produces and transmits a unique code for each purchase that does not include the credit card number. I'm assuming the code is encrypted, but even if it's not, that code will not be used again so if it's intercepted it's useless to the thief. Not sure if the Google system uses the same process, but it would be easy for them to adopt it.
In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
These idot merchants behind CurrentC can't even secure their own point-of-sale terminals from financial data stealing malware.
So because Apple will block any NFC based payment that they do not get a cut of, CVS is the asshole? Check.
...is that MCX, the "company" behind CurrentC, thinks this will save them from the ACH fees they currently pay to Amex/Visa/MC. But if the banks charge less NOW, why does MCX think that will stay the same? MCX was started by Walmart, Target, and a bunch of other large retailers. My local bank would salivate at the prospect of raising their fees to get a chunk of Walmart & Targets pie.
I'd rather be a customer of electronics hardware than be a hateful sadistic homophobe. Sort out your priorities, asshat.
I expect all these new systems will indeed reduce fraud. The USA is the last to use chip and pin cards (we have had them here in Canada for 2 years). Chip and pin has stopped most frauds.
Do your research before making a statement like that. Chip and pin has stopped the easier forms of fraud that simply copied the magstripe, but that merely makes the criminals work harder. Chip and pin gets a similar level of fraud, just the barrier to entry are distinctly higher.
So the companies behind CurrentC are claiming that retail locations must pay between $100 and $150 per POS terminal to upgrade their hardware to support NFC/Apple Pay.
Did they explain how these same retail outfits must pay upwards of $30K just to view powerpoint slides regarding how CurrentC works? Or how to really get onboard with the program, they need to pay around $250-500K?
These same retailers are also asked to commit to a 3 year mobile payment exclusivity agreement. So many of these companies are essentially legally bound to refuse to support any other mobile payment technology, NFC or otherwise, while paying for a system that's not even generally available yet!
Seems to me a consumer-oriented system with more security AND lower cost per terminal would be an ideal solution!
Boycott CVS & Rite Aid
http://youtu.be/9ZHusVNa1_A
Apple pay is the quickest, fastest, most secure and easiest form of paying for an item in a store I have seen. I do not agree with these stores that are now disabling their NFC systems to not accept Apple Pay. I think they are cutting off their respective nose's to spite their face.
(1) Apple pay would drastically reduce time spent in line. Because every time I have used Apple pay so far in the 6 days since it's initiation it only took 2 seconds max to get an approval and a receipt on apple pay.
(2) It is not good business sense to piss off your customers.
(3) Since the majority of I-Phone 6 and 6+ owners usually have a higher buying power. These merchants will be left with only the poor patronizing their stores.
(4) It however, seems that they are mostly after the poor with the adaptation of the MCX or CurrentC system they want to utilize. Since this will give them direct access to peoples bank accounts. I'll be damned if I will give them access to my account.
(4) It would not be so bad if their current system did not allow for the use of Apple Pay. However it does because it is the NFC system. Both CVS and Rite Aid's system accepted payments by way of Apple pay for the first three days of this week. Now to willfully disconnect the machines from the NFC system to me is malicious. This shows little disregard for their clients and prospective clients. (Their machines now say " We do not accept Apple Pay") That had to be programmed into the machines.
I am suggesting a boycott of these two stores. Since I know for certain they accepted apple pay and then and now refusing. It is a simple and easy boycott see link http://youtu.be/9ZHusVNa1_A
Why would CVS or RiteAid want Apple Pay anyway? If a shopper has bothered to come to the store, select items to buy and then go checkout, chances are they want the items relatively more than someone who hasn't gone to that effort. The stores of course support several different existing methods of payment which work just fine from their perspective. The customer is likely to pay anyway.
Perfect? No. There are middlemen involved in the transaction but it's a system everyone more or less tolerates. Extremely complicated financial deals are behind every card terminal you see in a store. None of that stuff just happens. It's all very carefully planned.
Along comes Apple which puts themselves into play as yet another layer of middlemen, one which the stores have zero control over and one which is outside their established payment process. It also runs counter to their own payment initiative which they have agreed to support exclusively. So what Apple tried to do was an end-run around the established players AND they did it using the existing installed card terminals. NOBODY piggybacks like Apple tried to do without having some major skin in the game. You try stunts like that, you are going to get your hand burned.
So, Apple is at once both another layer of middlemen interference and also potentially a contract issue for the other payment product. Apple was too late to the game. And from the store's perspective again, you have a cart full of stuff, you aren't going to just walk away, you'll probably pay with another method so they have nothing to lose really buy rejecting Apple Pay. Same for GooglePay which I never saw in the wild. Whatever.
Apple has a habit of intruding on entrenched turf and taking on the existing players. They did it with phones. But payment systems are a much more spread out target where everyone has their own idea of what they want and most of them think it works just fine as is, including the customers. Nobody who mattered much was asking for NFC payments. Apple has been pushing this, suddenly, so it's up to Apple to tell everyone why they should want it. It's totally on them. Until they do that, until they make some inroads at the card terminal issuers, Apple Pay is going to be limited.
Sig for hire.
The liability has shifted, and the security is significantly better.
Unless you can steal someone's thumb, phone, passcode, you are going to have a hard to getting their money. Also, these massive CC database breaches you read about every other week where the details of 10M+ people gets stolen, that doesn't happen.
The idea that CVS, RiteAid and other retail stores are taking the stance against 3rd Party NFC payment solutions struck me, initially, negatively as well. However, as a customer of CVS, I think I can see why they, at least, are opposed to Apple Pay and Google Wallet. The reason? Anonymity of the purchase.
CVS has a model where a customer is asked to present their CVS ExtraCare card. If you don't have it with you, they can look it up by phone number. Barring that , they can swipe a store card. The customer's purchases are discounted if they have earned enough ExtraCare points and they receive ExtraCare coupons based on their ExtraCare card. To a consumer, those ExtraCare coupons are golden and develop brand loyalty.
Naturally, CVS is tracking how and what the customer purchases. Linking the CC number to the holder's ExtraCare card makes sense to them. Using Apple Pay or GW eliminates all personally identifiable information during the transaction. This breaks their model at the POS terminal.
One solution is to develop a mobile app for each of the platforms they wish to support. Apple has made it difficult to track users by device during recent changes to their privacy policy. Things like the UUID, VendorID or AdvertiserID have been either eliminated or their use highly controlled. And, of course, VendorID and and AdvertiserID can be reset by the user limiting their use as a tracking mechanism.
Somehow, during the NFC payment process, with all personal details stripped out of the transaction, there remains the need to transmit the user's id (like how Starbucks integrates with ApplePay and still presents a barcode that can be scanned at the POS and the account debited. I haven't analyzed their barcode myself. But, I would think that they present the Starbucks userid in some form - they seem to know what name to put the order and personalize the experience.
The downside to the approach is that the vendor has to maintain gift card info (with balances) and, possibly, the CC info (for auto-reloads, etc). Given the number of compromised POS systems at the retail outlets, they need to find a happy medium between their business model and consumer privacy and protection. We, on the other hand, prefer to have them side more with consumer privacy and protection. This is why we like Apple Pay and Google Wallet or even services such as Stripe which anonymize the CC info and protect our privacy and payment accounts.
A simple solution, if one is using magstripe cards, is to use something like Google Authenticator associated with the card. At time of payment, the user is required to enter a PIN (optional) and/or present the Google Authenticator value for their card (secret issued by the bank). This could be presented as a barcode and scanned by the POS. Heck, the CC info could be included in the barcode saving a step. The card and auth token are validated by the CC company before permitting the transaction to go through. If the connection is down, then the user must present a valid form of ID and the card so it can be processed the old fashioned way.
If a user has a rewards card, they can either present it manually or have it included in the barcode displayed by a custom app. If the user loses their phone or physical card, they can simply go the bank's site, report the card or device stolen, and get a new secret key issued. This would, immediately, make the CC number useless as they won't be able to generate the time based token. On the flip side, it will make hacking a CC company's system a lot more valuable.
I don't know what, exactly, gets exchanged by the NFC terminal between it and a device. If customer info can be exchanged in the process of making the payment, it could prevent those retailers trying to develop their own solution and make them receptive to accept Apple Pay and GW.
I don't trust Apple or Google enough to use their NFC payment systems. On the other hand, I trust a private consortium of retailers a whole lot less. So far as I'm concerned, there's still no viable NFC system on the horizon.
Yes, yes. You are a much better, nicer and more intelligent person than I because you use cash. I'll bet you're a Vegan and only watch PBS telethons.
Cash is simply inconvenient and risky. If I lose my wallet or am mugged, I can't just "turn off" my cash. It's gone and yes, it's completely my fault for losing the wallet or getting mugged. I've tried several times to put my cash into the DVD slot on my PC when buying off of Amazon. It just never works!
Transaction by NFC (at least apple pay) at this point in time, is far more secure than cash.
They should want it because WE want it. It's a customer-focused system that is more secure and convenient for the customer.
My only issue with google's system is storing my data in the cloud. I'm old enough to not trust the cloud to keep my data secure. Apple is showing up at *exactly* the right time as thousands (millions?) of people are being hacked due to the antiquated systems currently in place. Apple pay is a disruptive technology and will change the way brick-and-mortar transactions are handled.
I'm putting CVS and RiteAid in the "Ballmer" classification of forward thinkers.
MCX is the retail-conglomerate-backed standard that data mines, that CVS is switching to. Google's NFC payment technology is actually very similar to Apple PayÃ"in fact, many newer POS systems accept both out-of-the-box.
But thanks for spreading pro-Apple FUD. I actually am glad that Apple entered this spaceÃ"I do respect that they always raise the bar on ease of use when they do somethingÃ"but Google and Apple are actually allies here, thanks. Go to reddit, and you'll find the r/apple and r/android subreddits are actually talking to each other, exchanging MCX boycott lists and the like.
Hey. Do you do children's' birthday parties?
Not only complain, but every time you make a purchase from any of these merchants: http://www.mcx.com/ be sure and use a credit card so they'll have to pay the processing fees. They want to gather customer information with a direct connection to our bank accounts? Fuck 'em.
None of the comments seem to address the crux of the issue. From the article: "This is huge for the merchants who are losing a significant amount of money on every credit card transaction."
Credit card fees are HUGE. Imagine if ACH deducted 2-3% of your paycheck every week. You'd scream bloody murder! The article doesn't even mention chargebacks...
I'd consider this a "shot over the bow" towards credit card fees and chargebacks. Apple or Google's system may win in the end; but Visa and Amex will need to lower their fees significantly.
No, I will not work for your startup