Rite Aid and CVS Block Apple Pay and Google Wallet

← Back to Stories (view on slashdot.org)

Rite Aid and CVS Block Apple Pay and Google Wallet

Posted by samzenpus on Sunday October 26, 2014 @05:52AM from the your-money-is-no-good-here dept.

An anonymous reader writes CVS and Rite Aid have reportedly shut off the NFC-based contactless payment option at point of sale terminals in thousands of stores. The move will make it impossible to pay for products using Apple Pay or Google Wallet. Rite Aid posted at their stores: "Please note that we do not accept Apple Pay at this time. However we are currently working with a group of large retailers to develop a mobile wallet that allows for mobile payments attached to credit cards and bank accounts directly from a smart phone. We expect to have this feature available in the first half of 2015."

31 of 558 comments (clear)

Min score:

Reason:

Sort:

Good luck with that. by Noxal · 2014-10-26 05:54 · Score: 5, Insightful

CurrentC seems way too involved for most people to ever give a shit about.
1. Re:Good luck with that. by Anonymous Coward · 2014-10-26 05:58 · Score: 5, Interesting
  
  Not only that, but it's a huge pile of data mining/theft. They requires direct access to take money from your current account (it bypasses the credit card companies, which is why they want to use it), and it requires access to your health data (for no known reason, but it requires it). Basically, it's a cluster fuck of ID theft.
2. Re:Good luck with that. by whoever57 · 2014-10-26 06:52 · Score: 5, Informative
  
  Current account? It's your checking account.
  UK terminology.
  
  --
  The real "Libtards" are the Libertarians!
3. Re:Good luck with that. by Applehu+Akbar · 2014-10-26 06:56 · Score: 4, Insightful
  
  Because it's tapping your checking account directly, customers are not going to like this. And to use CurrentC, you have to open up an app on your smartphone and scan a QR code to make the transaction; with NFC, you just bring your phone up to a point near the register until the register recognizes a near-field chip, ready to ring up the sale as soon as you authenticate, which in Apple's case means placing your thumb on your phone's reader. NFC transactions are so fast that customers are going to want them used for everything. There are already vending machines that support it.
4. Re:Good luck with that. by theshowmecanuck · 2014-10-26 07:32 · Score: 5, Interesting
  
  Bullshit. Canada was using direct debit with Interac since the early 80s. It is run by a group of banks and hits your bank account directly. It doesn't go through credit card companies. It is the most common form of payment here. I could go into a mom and pop corner store and pay this way for 30 years. People like it. It is not for profit but was formed by the banks and run on a private network. People didn't and don't want single companies like Visa or Google or Mastercard or Apple having all the power doing this. Companies that are for profit that want to take an even bigger cut of your money, run on public networks, and make money selling your data. I have a debit card that is very thin. It even fits in with the rest of my ID that I take everywhere anyway, and it is only online on a private network when I make a purchase... when the card is in the machine. Please explain what is so fucking great about Apple or Google pay on phones that run all the time on public networks, open to possible hacks.
  
  --
  -- I ignore anonymous replies to my comments and postings.
5. Re:Good luck with that. by PopeRatzo · 2014-10-26 07:33 · Score: 4, Insightful
  
  Think of the soccer mom scenario...
  Lady enters checkout line with baby on hip and two kids in cart. She's tired of wrangling, wants to leave ASAP.
  Apple/Google: Using one hand, pulls phone out of purse, taps, enter pin on phone.
  CurrentC: Pull phone out of purse. Unlock phone. Launch CurrentC app. Due to poor cell signal in store, app takes a long time to connect. Enter app pin. Request new transaction. Wait for QR code to show. Explain to the cashier you need them to scan this code. Wait for the second code to appear on Casher's screen. Scan that. Wait some more. Kids screaming murder now. Poor lady begins to cry.
  or...
  Credit Card: One hand. Swipe. Finished.
  Why does anyone think that it's "more convenient" to use NPC than swiping a credit card?
  
  --
  You are welcome on my lawn.
6. Re:Good luck with that. by ShanghaiBill · 2014-10-26 08:07 · Score: 5, Insightful
  
  My bank account is just as protected as my credit cards are, possibly more so.
  Not true at all. Credit cards have explicit legal protections for consumers. Also, merchants must go through an approval process before they can charge credit cards. Additionally, you keep your money while the dispute is resolved. If instead, they deduct directly from your bank account, the money is GONE, and it might already be gone from the recipient account, and in the hands of some Nigerian prince, before you even file your dispute. Unlike with a credit card, your bank has no direct financial interest in resolving the dispute.
7. Re: Good luck with that. by PopeRatzo · 2014-10-26 08:55 · Score: 4, Insightful
  
  Yeah, that is so much easier.
  
  There must be something wrong with me. Not once have I ever purchased something in a store and thought, "Gee, conducting that transaction was incredibly difficult. I wish someone would make an easier way to pay for this bag of groceries than this complex and difficult process of swiping a credit card."
  
  --
  You are welcome on my lawn.
8. Re:Good luck with that. by whoever57 · 2014-10-26 09:44 · Score: 4, Informative
  
  I do not intend to own a credit card, I do not need one, as the same is with most people.
  Need, perhaps not. Nevertheless, it is a smart decision to use one. Need to dispute a charge -- with a credit card, you have protections under Federal law. Using a debit card, you have fewer protections. Want to rent a car? Good luck doing that without a credit card. I could go on, but the list is too long.
  
  Bottom line, unless you have very poor impulse control, not having a credit card is a poor financial decision.
  
  --
  The real "Libtards" are the Libertarians!
9. Re:Good luck with that. by AuMatar · 2014-10-26 10:21 · Score: 4, Informative
  
  In several ways
  1)Debit cards don't build credit history. This makes it hard to get a car or house loan at good rates.
  2)Credit cards have 0% interest if you pay at the end of the month every month.
  3)Debit cards do not earn you interest. If you have an interest checking account (rare, and usually such a low rate that its a joke, sub 1% in most cases), you earn that money regardless of if you have or use a debit card.
  4)In the US, many purchases such as hotel, rental car, and gas put a hold on your account for more money than the actual charge. This hold goes away once the car is returned/hotel is checked out/a few days (for gas), but in the meantime that's additional money you can't access.
  5)Emergencies/hard times. Sometimes shit happens. You may lose your job and run low on cash. You may have a series of car and house repairs. Its always a good idea to have an additional emergency fun you can call on for short term cash.
  6)Your bank may put a hold on your debit card for suspicious activities. In that case, your card is useless. Having a backup is always a good idea. There's been several times this has saved my ass when traveling.
  
  --
  I still have more fans than freaks. WTF is wrong with you people?
10. Re:Good luck with that. by Minupla · 2014-10-26 16:49 · Score: 5, Interesting
  
  Actually, post Chip+Pin (and RFID interact flash for that matter) this sort of attack isn't possible. That's because the chip inside the card creates a unique one time approval for the transaction. The approval is un-replayable,
  At worst, attack wise, you might be able to perform a turnstile attack on it (Interac flash reader, taped to a turnstile say), but transactions over Interac flash are capped at under 100$ and every 5 transactions you have to re-auth with a full chip and pin, so the banks' risk is pretty limited there.
  Disclaimer: I've not done an indepth analysis of the security controls myself. I know there were some weaknesses in the Euro implementation around not signing the list of allowable transaction verification mechanisms or somesuch (look up the blackhat talk if you need to know) but it's a LOT more difficult these days then inserting a skimmer on the terminal and video recording the pin. (Interac was always two factor, until interac flash).
  Min
  
  --
  On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
11. Re:Good luck with that. by tlhIngan · 2014-10-26 17:52 · Score: 5, Interesting
  
  Because it's tapping your checking account directly, customers are not going to like this. And to use CurrentC, you have to open up an app on your smartphone and scan a QR code to make the transaction; with NFC, you just bring your phone up to a point near the register until the register recognizes a near-field chip, ready to ring up the sale as soon as you authenticate, which in Apple's case means placing your thumb on your phone's reader. NFC transactions are so fast that customers are going to want them used for everything. There are already vending machines that support it.
  Actually, the QR code is because iPhones didn't come with NFC. And Apple isn't allow app access to NFC yet (most likely because the NFC APIs aren't stable yet, but we can pretend it's to kill bad ideas like CurrenC as well).
  The only reason for the fingerprint reader usage is because EMV demands it to access the secure element (Note: iPad Air 2 actually has an NFC chip in it, but no NFC antenna! It's suspected at least part of the secure element is the NFC chip, otherwise why have a completely useless chip htere?).
  Apple Pay is just a fancy implementation of the EMV payment spec - it actually doesn't really have much "Apple" to it other than spiffing it up to make it all shiny and usable Apple-style. The spec is from EMV and that dictates how it all works.
  
  People didn't and don't want single companies like Visa or Google or Mastercard or Apple having all the power doing this.
  
  Apple doesn't control squat. All Apple Pay is is a virtual credit card implementing the spec with EMV. That's why it works practically everywhere with ZERO retailer involvement - as long as their terminals can do NFC purchases, Apple Pay will work. It does require the payment processor and the banks to have their end of the EMV spec done, which is why it only works with a few banks right now.
  This is unlike Google Wallet, which is a payment system like Paypal - Google gets all your transaction information because they need to charge you. In Apple Pay, it's just using another representation of your credit card, which means Apple doesn't get involved in the transaction. It's why Apple Pay gets charged out at Card-Present rates, while Google Wallet only gets Card Not Present (higher fees because higher fraud).
No thanks. by grub · 2014-10-26 06:00 · Score: 4, Insightful

A token based system vs. direct access to my personal data and bank account? I'll take Apple Pay, thanks.

--
Trolling is a art,
1. Re:No thanks. by Alain+Williams · 2014-10-26 06:28 · Score: 4, Informative
  
  since magstripe cards are woefully insecure
  In Europe we moved to EMV some 6-9 years ago. It is not without its problems, but cloning cards & other fraud is much harder. A resulting problem is that the banks try to claim that it is 100% secure and so claim that any fraud must be with the knowledge of the card holder- or due to their carelessness.
2. Re:No thanks. by hey! · 2014-10-26 06:31 · Score: 5, Funny
  
  Yes but we're Americans. If we pay attention to what works for you then the socialists have won.
  
  --
  Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
3. Re:No thanks. by CaptainDork · 2014-10-26 07:00 · Score: 5, Insightful
  
  Apple has negotiated a lower fee and banks are agreeable to absorb initial revenue loss in an effort to make NFC a standard.. The fees are needed mostly to pay off credit card fraud and Apple Pay reduces that liability (so the reasoning goes). Rumor has it that the Apple Pay user will be liable for fraud to a much larger degree because it's so hard for the process to be abused.
  The competing CurrentC standard, supported by major retailers, kills credit card fees and puts the fraud burden 100% on the consumer. For that reason, retailers favor CurrentC over Apple Pay and Google Wallet, both of which use NFC.
  While Google Wallet and Apple Pay are available now, CurrentC is going to be late to the party by about a year.
  That delay is what's prompting Rite Aid and CVS (supporters of CurrentC) to pull NFC from their POS.
  
  --
  It little behooves the best of us to comment on the rest of us.
4. Re:No thanks. by TubeSteak · 2014-10-26 08:22 · Score: 4, Informative
  
  In Europe we moved to EMV some 6-9 years ago. It is not without its problems, but cloning cards & other fraud is much harder.
  MasterCard, Visa, Discover and American Express set a USA deadline of October 2015.
  After that deadline passes, any merchant who hasn't switched over to a chip & pin/signature setup will be liable for credit card fraud that happens in their stores.
  Naturally, no one actually expects 100% compliance by the deadline, so who knows how it will actually shake out.
  Keywords: Liability Shift
  
  --
  [Fuck Beta]
  o0t!
5. Re:No thanks. by rahvin112 · 2014-10-26 17:18 · Score: 4, Informative
  
  Don't be foolish. The laws that govern this have no requirement that a "credit card" be involved. The law is called the Federal Credit Billing Act [FCBA] and it covers any use of interstate consumer credit. The only reason debit cards aren't covered is because credit is never extended, the transaction is a banking transaction that falls under separate banking laws which treat a debit transaction as an electronic check. To avoid the FCBA requirements Apple would be required to essentially act as a bank, which they aren't, and process the transaction as debit cards. This would mean preloading money into the account before you could spend it.
  If Apple were stupid enough to attempt what you suggest they would get smacked down so hard they wouldn't stop spinning for a month. The FCBA is incredibly strict and provides guaranteed consumer rights and very harsh penalties for violations including the immediate suspension of business if caught violating it. I sincerely doubt Apple's lawyers are that dumb so this "rumor" your heard is the made up variety that is quite common with Apple.
  http://www.consumer.ftc.gov/ar...
  
  The law applies to "open end" credit accounts, like credit cards, and revolving charge accounts, like department store accounts. It doesnâ(TM)t cover installment contracts â" loans or extensions of credit you repay on a fixed schedule. People often buy cars, furniture, and major appliances on an installment basis, and repay personal loans in installments, as well.
  This should bloody well be common knowledge. The FCBA is the only reason credit cards ever became successful and was a major act of congress that superseded many state laws. It covers pretty much any act of credit except for a few very special exceptions.
Good luck with that. by pla · 2014-10-26 06:03 · Score: 4, Interesting

How does this not violate these stores' agreements with Visa (etc), which have explicitly partnered with Apple and Google to provide Pay and Wallet as a valid method of using their (virtual) cards at the register?

And worse than simply not accepting it, they did so because they plan to come up with their own competing product??? WTF, Rite Aid, do you really think people will rush to use yet another crappy store-specific solution, rather than look confused at the cashier for a few seconds before walking away, leaving their stuff at the register?
DOA due to Liability shift to consumer... by kbonin · 2014-10-26 06:07 · Score: 5, Insightful

It appears that CurrentC moves liability exposure almost entirely onto the consumer, whereas Visa limits consumer exposure to $50 that most banks waive in actual fraud. Add full access to your bank account to make the worst-case liability exposure whatever you have in your account, and privacy terms that allow them to use health related data that could have been protected under HIPPA. Tell me again why I would want to use this?
1. Re:DOA due to Liability shift to consumer... by Solandri · 2014-10-26 07:32 · Score: 5, Insightful
  
  It appears that CurrentC moves liability exposure almost entirely onto the consumer, whereas Visa limits consumer exposure to $50 that most banks waive in actual fraud.
  
  They are two sides of the same coin. One shifts liability from the merchants to the consumer, the other shifts liability from the consumer to the merchants.
  
  If we really want security in the electronic transaction system, liability has fall upon the organization(s) operating the transaction system - Visa, the banks, etc. If they don't pay a financial cost for fraud, they have no incentive to improve the system to prevent fraud. Penalizing consumers just drives them to use cash. Penalizing merchants just drives them to stop accepting cards and electronic payment. It's only when you penalize the folks who control the electronic transaction systems that you'll see improvements to said system.
Re:This'll end up in court... by silfen · 2014-10-26 06:09 · Score: 4, Insightful

This isn't the sort of thing that "the market" can decide. I expect that it'll end up in court.

Why can't the market decide this? Why should this end up in court? We currently have deeply entrenched market dominance by credit card companies. Alternative payment schemes are coming out and attacking that dominance, and that only works if a critical mass of retailers actually stand up to the currently dominant players. If courts intervene, it will lock in the dominance and monopoly profits the credit card companies are extracting. Why do you think that would be a good thing?
The customer is wrong, wrong, wrong. by Primate+Pete · 2014-10-26 06:13 · Score: 4, Insightful

Shitty customer service is not a strategy.
Re:I don't blame the retailers by gnasher719 · 2014-10-26 06:31 · Score: 4, Interesting

While Google Wallet and Apply Pay may be free to the end-user, I highly doubt that it is free for the retailer.

Apple doesn't get a penny from the end user or from the retailer, so I suppose Google doesn't either. With Apple Pay the retailer pays the lowest rate available (percentages depend on how secure the payment method is; the more secure, the cheaper for the merchant). Apple gets some money from the bank; the bank saves money by having less fraud.
Re:I'm waiting to see who gets compromised first. by Karlt1 · 2014-10-26 06:38 · Score: 4, Informative

Do I really believe even for a moment that letting google, apple, or someone else manage my cards for me will stop that? Can you imagine a situation where one of these companies is compromised and not just one but maybe all of your accounts become compromised with it?
Apple never stores your credit card. You enter your credit card into the phone, it is sent to the credit card issuer and the credit card issuer sends one time use tokens directly to your phone. Those one time use tokens can only be used by authenticating with your fingerprint.
Re:Good for them by Zontar+The+Mindless · 2014-10-26 06:38 · Score: 4, Informative

What magstripe? I live in Europe, where we dropped that nonsense in favour of chip+PIN years ago.

--
Il n'y a pas de Planet B.
There is absolutely no good reason for this. by grahamsaa · 2014-10-26 07:38 · Score: 4, Insightful

I used to use Google Wallet / tap to pay at Rite-aid frequently as there's one across the street from my office. I liked it. The other day when I went in and tried and got a message about Apple pay not being supported, I was pretty confused. I don't use Apple pay. Why disable functionality that was previously working and that customers want to use? Google wallet does not charge merchants at all (http://www.google.com/wallet/business/faq.html). If stores want to set up their own competing wallet apps, that's fine, but disabling something that previously worked and that costs them nothing is really stupid.

--
Facts have a liberal bias.
Re:Gruber at DaringFireball nails it by AmiMoJo · 2014-10-26 08:06 · Score: 4, Interesting

You realise Google Wallet is pretty much the same. Unlock your phone, touch the pad. No data handed over, one time code that can't be reused so cloning is pointless.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Read the fine print. by Mr_Wisenheimer · 2014-10-26 09:02 · Score: 4, Informative

Except for the fact that when you dispute a transaction on a credit card, the worst thing that happens to you is that your card may be frozen or the line of credit may be reduced by the disputed amount.
When you dispute a check or a debit transaction, your money is gone until the dispute is resolved and the bank may freeze all of your accounts during the investigative process, meaning you may essentially have no access to the money in your checking or savings account for a month or more.
Overwhelm them with complaints. Use these links by grahamsaa · 2014-10-26 09:27 · Score: 4, Informative

https://www.riteaid.com/custom...
http://www.cvs.com/help/email-...

Here's the message I sent. If you're lazy, feel free to use it:
Disabling Apple Pay and Google Wallet, which were previously accepted is not OK. If you want to come up with your own competing system and give people rewards to use it, that's fine, but don't break existing functionality. Google Wallet just works. Apple and Google's solutions don't cost you any more money than a credit card transaction. Your payment app isn't even available yet and relies on QR codes, which means that when it does launch it will likely be very clunky by comparison.

If you can't come up with a sane response to this, I guess I'll be switching to Walgreens.

--
Facts have a liberal bias.
Re:Gruber at DaringFireball nails it by Overzeetop · 2014-10-26 12:32 · Score: 4, Insightful

Google knows only one thing more than Apple does - the value of your purchase. Apple knows which store you went to and when you paid (you are using their hardware; yes, they know). If you're paranoid enough to worry about the difference, you're probably paranoid enough to know that the Bank is tracking your purchase and selling your information on the open market and you should be paying with cash.
I'll say this, though - these merchants are NEVER getting a direct connection to my bank account. To me, Visa/MC/Amex's role is to buffer me from fraud and abuse. I realize that the merchants chafe over rates, swipe fees, and liability (I do to), but they seem to care very little about security and I really don't want their hand in my till.

--
Is it just my observation, or are there way too many stupid people in the world?