Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rite Aid and CVS Block Apple Pay and Google Wallet

Posted by samzenpus on from the your-money-is-no-good-here dept.

An anonymous reader writes CVS and Rite Aid have reportedly shut off the NFC-based contactless payment option at point of sale terminals in thousands of stores. The move will make it impossible to pay for products using Apple Pay or Google Wallet. Rite Aid posted at their stores: "Please note that we do not accept Apple Pay at this time. However we are currently working with a group of large retailers to develop a mobile wallet that allows for mobile payments attached to credit cards and bank accounts directly from a smart phone. We expect to have this feature available in the first half of 2015."

11 of 558 comments (clear)

  1. Good luck with that. by Noxal · · Score: 5, Insightful

    CurrentC seems way too involved for most people to ever give a shit about.

    1. Re:Good luck with that. by Anonymous Coward · · Score: 5, Interesting

      Not only that, but it's a huge pile of data mining/theft. They requires direct access to take money from your current account (it bypasses the credit card companies, which is why they want to use it), and it requires access to your health data (for no known reason, but it requires it). Basically, it's a cluster fuck of ID theft.

    2. Re:Good luck with that. by whoever57 · · Score: 5, Informative

      Current account? It's your checking account.

      UK terminology.

      --
      The real "Libtards" are the Libertarians!
    3. Re:Good luck with that. by theshowmecanuck · · Score: 5, Interesting

      Bullshit. Canada was using direct debit with Interac since the early 80s. It is run by a group of banks and hits your bank account directly. It doesn't go through credit card companies. It is the most common form of payment here. I could go into a mom and pop corner store and pay this way for 30 years. People like it. It is not for profit but was formed by the banks and run on a private network. People didn't and don't want single companies like Visa or Google or Mastercard or Apple having all the power doing this. Companies that are for profit that want to take an even bigger cut of your money, run on public networks, and make money selling your data. I have a debit card that is very thin. It even fits in with the rest of my ID that I take everywhere anyway, and it is only online on a private network when I make a purchase... when the card is in the machine. Please explain what is so fucking great about Apple or Google pay on phones that run all the time on public networks, open to possible hacks.

      --
      -- I ignore anonymous replies to my comments and postings.
    4. Re:Good luck with that. by ShanghaiBill · · Score: 5, Insightful

      My bank account is just as protected as my credit cards are, possibly more so.

      Not true at all. Credit cards have explicit legal protections for consumers. Also, merchants must go through an approval process before they can charge credit cards. Additionally, you keep your money while the dispute is resolved. If instead, they deduct directly from your bank account, the money is GONE, and it might already be gone from the recipient account, and in the hands of some Nigerian prince, before you even file your dispute. Unlike with a credit card, your bank has no direct financial interest in resolving the dispute.

    5. Re:Good luck with that. by Minupla · · Score: 5, Interesting

      Actually, post Chip+Pin (and RFID interact flash for that matter) this sort of attack isn't possible. That's because the chip inside the card creates a unique one time approval for the transaction. The approval is un-replayable,

      At worst, attack wise, you might be able to perform a turnstile attack on it (Interac flash reader, taped to a turnstile say), but transactions over Interac flash are capped at under 100$ and every 5 transactions you have to re-auth with a full chip and pin, so the banks' risk is pretty limited there.

      Disclaimer: I've not done an indepth analysis of the security controls myself. I know there were some weaknesses in the Euro implementation around not signing the list of allowable transaction verification mechanisms or somesuch (look up the blackhat talk if you need to know) but it's a LOT more difficult these days then inserting a skimmer on the terminal and video recording the pin. (Interac was always two factor, until interac flash).

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
    6. Re:Good luck with that. by tlhIngan · · Score: 5, Interesting

      Because it's tapping your checking account directly, customers are not going to like this. And to use CurrentC, you have to open up an app on your smartphone and scan a QR code to make the transaction; with NFC, you just bring your phone up to a point near the register until the register recognizes a near-field chip, ready to ring up the sale as soon as you authenticate, which in Apple's case means placing your thumb on your phone's reader. NFC transactions are so fast that customers are going to want them used for everything. There are already vending machines that support it.

      Actually, the QR code is because iPhones didn't come with NFC. And Apple isn't allow app access to NFC yet (most likely because the NFC APIs aren't stable yet, but we can pretend it's to kill bad ideas like CurrenC as well).

      The only reason for the fingerprint reader usage is because EMV demands it to access the secure element (Note: iPad Air 2 actually has an NFC chip in it, but no NFC antenna! It's suspected at least part of the secure element is the NFC chip, otherwise why have a completely useless chip htere?).

      Apple Pay is just a fancy implementation of the EMV payment spec - it actually doesn't really have much "Apple" to it other than spiffing it up to make it all shiny and usable Apple-style. The spec is from EMV and that dictates how it all works.

      People didn't and don't want single companies like Visa or Google or Mastercard or Apple having all the power doing this.

      Apple doesn't control squat. All Apple Pay is is a virtual credit card implementing the spec with EMV. That's why it works practically everywhere with ZERO retailer involvement - as long as their terminals can do NFC purchases, Apple Pay will work. It does require the payment processor and the banks to have their end of the EMV spec done, which is why it only works with a few banks right now.

      This is unlike Google Wallet, which is a payment system like Paypal - Google gets all your transaction information because they need to charge you. In Apple Pay, it's just using another representation of your credit card, which means Apple doesn't get involved in the transaction. It's why Apple Pay gets charged out at Card-Present rates, while Google Wallet only gets Card Not Present (higher fees because higher fraud).

  2. DOA due to Liability shift to consumer... by kbonin · · Score: 5, Insightful

    It appears that CurrentC moves liability exposure almost entirely onto the consumer, whereas Visa limits consumer exposure to $50 that most banks waive in actual fraud. Add full access to your bank account to make the worst-case liability exposure whatever you have in your account, and privacy terms that allow them to use health related data that could have been protected under HIPPA. Tell me again why I would want to use this?

    1. Re:DOA due to Liability shift to consumer... by Solandri · · Score: 5, Insightful

      It appears that CurrentC moves liability exposure almost entirely onto the consumer, whereas Visa limits consumer exposure to $50 that most banks waive in actual fraud.

      They are two sides of the same coin. One shifts liability from the merchants to the consumer, the other shifts liability from the consumer to the merchants.

      If we really want security in the electronic transaction system, liability has fall upon the organization(s) operating the transaction system - Visa, the banks, etc. If they don't pay a financial cost for fraud, they have no incentive to improve the system to prevent fraud. Penalizing consumers just drives them to use cash. Penalizing merchants just drives them to stop accepting cards and electronic payment. It's only when you penalize the folks who control the electronic transaction systems that you'll see improvements to said system.

  3. Re:No thanks. by hey! · · Score: 5, Funny

    Yes but we're Americans. If we pay attention to what works for you then the socialists have won.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  4. Re:No thanks. by CaptainDork · · Score: 5, Insightful

    Apple has negotiated a lower fee and banks are agreeable to absorb initial revenue loss in an effort to make NFC a standard.. The fees are needed mostly to pay off credit card fraud and Apple Pay reduces that liability (so the reasoning goes). Rumor has it that the Apple Pay user will be liable for fraud to a much larger degree because it's so hard for the process to be abused.

    The competing CurrentC standard, supported by major retailers, kills credit card fees and puts the fraud burden 100% on the consumer. For that reason, retailers favor CurrentC over Apple Pay and Google Wallet, both of which use NFC.

    While Google Wallet and Apple Pay are available now, CurrentC is going to be late to the party by about a year.

    That delay is what's prompting Rite Aid and CVS (supporters of CurrentC) to pull NFC from their POS.

    --
    It little behooves the best of us to comment on the rest of us.