---

@iced wrote:

---

@Anonymous wrote:

Yes that is what i was wondering. what exactly is the security issue?

chip cards are supposed to be more secure...

---

Contactless is more secure. The ability to fraud someone based off the magstripe is much, much .... much, much higher than fraud off the contactless tech.

 

I've seen three general camps of people who fear contactless:

 

1. People who fear anything being done "wireless" - that imaginary fear that all the bad guys just have to stand within 3 feet of you to steal your money. See the article below.

2. People who fear any modern technological change, likely because they don't understand it - that imaginary fear that nothing is as secure as the old paper receipt and imprint to prove you made the transaction. There's not enough tin foil to help these people.

3. The aesthetics people. They don't like the look of contactless cards.

 

Since this is a FICO forum, I'll post a FICO article:

 

https://www.fico.com/blogs/fraud-security/do-contactless-payments-pose-a-greater-fraud-risk/

---

That article seems to be geared towards people in other countries that mainly use PIN for chip purchases. There might need to be a lot more work to be done in the US to convince people of its security, despite contactless and chip being effectively the same in that regard. I know I remember seeing a whole lot of FAQs from banks stating that the "new" chip cards couldn't be used contactless, anyway.

---

@iced wrote:

---

@Anonymous wrote:

That article seems to be geared towards people in other countries that mainly use PIN for chip purchases. There might need to be a lot more work to be done in the US to convince people of its security, despite contactless and chip being effectively the same in that regard. I know I remember seeing a whole lot of FAQs from banks stating that the "new" chip cards couldn't be used contactless, anyway.

---

I agree there is a lack of awareness or education being done in the US about the technology. There is documentation out there about it, but it's not presented in a way that the average person will read or understand.

My personal theory is that issuers and merchants had pretty much agreed that contactless was a bust in the US. There was no desire to implement it any time soon (or possibly ever)--that is, until Apple came on scene. That in itself caused merchants to at least spend the extra money on contactless-capable hardware. Of course, since it became a possibility again, issuers have no idea how to proceed since it wasn't really in consideration before.

Anyway, I think without Apple, there'd be a whole lot of US-specific hardware from the major terminal manufacturers without contactless support at all, including from Verifone and Ingenico. And a lot less of it being customer accessible as well; why bother with full on PIN pads when there's no reason to? Heck, Clover just came out with a POS that has the EMV reader built into the display for the restaurants that don't want to bother with pay at the table/front (which is basically the vast majority of them in my experience)--and this is after Apple Pay became a thing, too.

---

@iced wrote:

EDIT: I should have also included a blurb on RFID. RFID is the more common tech used for contactless card (some use NFC, but it's mostly phones). First-gen RFID was unencrypted, but second-gen and beyond are typically encrypted. The old fear that numbers are being broadcast in the clear are more founded on older cards, but not so much new cards. Furthermore, there's almost no fraud reported from this tech despite it being in pretty widespread use in Europe. Had it been as vulnerable as the fearmongering articles made it, we'd have seen a lot more widespread problem beyond the occasional conceptual demonstration of how such fraud would occur.

---

You can still get the card number and expiration from the latest contactless cards. The cryptogram itself is encrypted but much of the rest of the data is not.

That said, the usefulness of that data is pretty limited since it can't be used to make another physical card nor in many cases for online purchases (due to AVS/CVV2 checks).

Well, isn't that just like the US. Always 4 steps behind in implementing new tech, then having to pay 4 times the cost to update after the fact? All the while certain other countries seem to be at the leading edge in this field.

While we may be considered a first world nation, we lack in so many ways. Internet in most States is a joke as well. 

With all this talk back and forth, I'm not sure whether to just go with contactless, non. Though I am leaning towards chip & Pin in advance of a trip I plan to make in the future.

---

@Anonymous wrote:

Well, isn't that just like the US. Always 4 steps behind in implementing new tech, then having to pay 4 times the cost to update after the fact? All the while certain other countries seem to be at the leading edge in this field.

While we may be considered a first world nation, we lack in so many ways. Internet in most States is a joke as well. 

 

 

With all this talk back and forth, I'm not sure whether to just go with contactless, non. Though I am leaning towards chip & Pin in advance of a trip I plan to make in the future.

---

At least most merchants actually had the foresight to get terminals with contactless hardware, even if it was solely to try to get the types of customers most likely to use Apple products. It very easily could have turned out differently, especially since NFC use is still pretty low (albeit increasing).

As for what to use in Europe, I was able to use contactless almost 100% of the time in the UK, even with train ticket machines. Considering that European merchants are mandated to support contactless, I'm not sure chip and PIN is really all that necessary anymore, although it's still nice to have.