CVS and Rite Aid turn off NFC readers

rpadula said:
First I'd heard of CurrentC. Sounds like a complete pain in the rear.
Click to expand...

Funded by WalMart, et al, to avoid CC fee structure.

There is a long list of retailers who are disabling NFC.
 
But... but... QR codes are awesome!!

In reality this is stupid... how many times have retailer-developed pay systems worked? Heck, even the credit card companies are having a difficult time getting their own version of Google Wallet/Apple Pay (previously called ISIS, can't remember the new name) up and running.
 
Fredbob711 said:
But... but... QR codes are awesome!!

In reality this is stupid... how many times have retailer-developed pay systems worked? Heck, even the credit card companies are having a difficult time getting their own version of Google Wallet/Apple Pay (previously called ISIS, can't remember the new name) up and running.
Click to expand...

Well, someone has funneled money to Intuit to pay for CC reader upgrades to all of their merchants accounts (including one I have). Yes, Intuit Merchant Services is providing *free* new CC/Pin-pad readers to all of their customers, which will include NFC capabilities. I'm highly suspect of anything "free" from Intuit. Someone paid them to do this. My bet is Apple, and then Apple will get a cut of all of the Apple Pay sales. I'm sure I'll end up paying for this in the end...
 
So we will see a bunch more cash only shops, where they can get away with it. Plus we should start seeing no cash shops...
 
Jeff Oslick said:
Well, someone has funneled money to Intuit to pay for CC reader upgrades to all of their merchants accounts (including one I have). Yes, Intuit Merchant Services is providing *free* new CC/Pin-pad readers to all of their customers, which will include NFC capabilities. I'm highly suspect of anything "free" from Intuit. Someone paid them to do this. My bet is Apple, and then Apple will get a cut of all of the Apple Pay sales. I'm sure I'll end up paying for this in the end...
Click to expand...

Yeah, they probably got a healthy payday from Apple for it. Plus whatever maintenance fees and whatever else they can charge you for over the lifetime of the pin pad.

No such thing as 'free' when it comes to major corporations.
 
Personally, I think you have to be half insane to use any electronic payment system that stores your card numbers.

I'm currently on my third year of free identity theft protection from the four times that my card information has been compromised from supposedly "secure" systems. Home Depot was the most recent, and I will activate their free year as soon as the current year's (courtesy of Food Town) expires. The two years prior were courtesy of Target and Adobe.

I have also canceled my accounts with almost all vendors that require that I keep a credit card other than their own on file. Adobe's the lone holdout, and only because I need their software more than they need me. They have a card number that gets used for nothing other than their bills. Everyone else who insisted on having a payment method on file either got canceled, or else I obtained the vendor's own card and let them store that number.

In short, NO ONE gets to hold my card numbers any more. I seriously think someone would have to have rocks in their head to entrust all their card numbers to any company -- Apple, Google, or otherwise -- just so they can pay by waving their phone at a machine, I mean, seriously, gimme a break.

The only way I could see myself using a service like this would be if they only had a single card on file, preferably their own, which was used for nothing else. This way when their system inevitably gets hacked, I'd only have one card to cancel.

Rich
 
Last edited:
Why the paranoia? If you have fraudulent charges, one call to the bank typically gets them refunded no questions asked.
 
dans2992 said:
Why the paranoia? If you have fraudulent charges, one call to the bank typically gets them refunded no questions asked.
Click to expand...

Yeah, okay. Talk to me after you've had to get all your cards replaced for the fourth time in three years because someone's "secure" system was hacked. You may feel differently about it then.

Rich
 
Why did you need to replace _all_ of them?

I've had to replace cards before. It's a minor inconvenience.
 
RJM62 said:
Personally, I think you have to be half insane to use any electronic payment system that stores your car numbers.

I'm currently on my third year of free identity theft protection from the four times that my card information has been compromised from supposedly "secure" systems. Home Depot was the most recent, and I will activate their free year as soon as the current year's (courtesy of Food Town) expires. The two years prior were courtesy of Target and Adobe.

I have also canceled my accounts with almost all vendors that require that I keep a credit card other than their own on file. Adobe's the lone holdout, and only because I need their software more than they need me. They have a card number that gets used for nothing other than their bills. Everyone else who insisted on having a payment method on file either got canceled, or else I obtained the vendor's own card and let them store that number.

In short, NO ONE gets to hold my card numbers any more. I seriously think someone would have to have rocks in their head to entrust all their card numbers to any company -- Apple, Google, or otherwise -- just so they can pay by waving their phone at a machine, I mean, seriously, gimme a break.

The only way I could see myself using a service like this would be if they only had a single card on file, preferably their own, which was used for nothing else. This way when their system inevitably gets hacked, I'd only have one card to cancel.

Rich
Click to expand...

There are only a few companies I trust to keep my card on file. Google is one of those, because they're a company that understands the need for data security. Yes, I realize I'm a product to Google, and I don't particularly care. If I started seeing signs that Google was no longer going to be the company I've admired since they went public, I'd start moving away from their products. I just haven't seen anything like that yet.

As for Google Wallet transactions, they use (and have been using) the same method Apple Pay does where each transaction is given a unique token and that's all the retailer gets from the transaction. Means less companies will have my card number on hand that are likely to get hacked.

I view the chances of Google, Apple, Amazon, any of the big tech companies getting hacked for credit card info as pretty low, especially compared to companies like McDonald's, Home Depot, Target, etc.

Of course this is all my personal opinion. To each their own.
 
RJM62 said:
Yeah, okay. Talk to me after you've had to get all your cards replaced for the fourth time in three years because someone's "secure" system was hacked. You may feel differently about it then.

Rich
Click to expand...

I would hesitate to call Home Depot, Target, or Food Town secure. Companies that have been around for a long time are struggling to catch up with what the definition of data security means now.

That experience does suck though, and I thankfully have only had one instance where I was hacked (through PayPal, promptly closed my account) and another where my credit card company had to replace my card (Target hack).
 
RJM62 said:
Personally, I think you have to be half insane to use any electronic payment system that stores your card numbers.
Click to expand...

I think anyone who develops a system that stores card numbers is insane. Get the number, send it to Visa, get a hash code back for authentication, never a need to store the number...ever.
 
dans2992 said:
Why did you need to replace _all_ of them?

I've had to replace cards before. It's a minor inconvenience.
Click to expand...

Because before I got smart, I actually carried all my cards around with me; so multiple cards were often used at the same merchants. Nowadays, all but one card at a time stay in the safe, and I keep a record of every purchase I make. I also prefer single-merchant cards when they're available (that is, a card good at only one store, not a co-branded MC or Visa). Yeah, it's a pain in the ass, but I've come to view the next hack as inevitable.

Letting someone else store all my card numbers would be just as retarded, in my opinion, as what I used to do. There's no such thing as a system that can't be hacked. There are only systems that haven't been hacked yet.

Rich
 
JeffDG said:
I think anyone who develops a system that stores card numbers is insane. Get the number, send it to Visa, get a hash code back for authentication, never a need to store the number...ever.
Click to expand...

Congratulations! You just reinvented Google Wallet and Apple Pay!

By the way, these NFC systems do not bypass the normal credit card surcharge systems.

Apple Pay is a particularly clever system.
 
RJM62 said:
Because before I got smart, I actually carried all my cards around with me; so multiple cards were often used at the same merchants. Nowadays, all but one card at a time stay in the safe, and I keep a record of every purchase I make. I also prefer single-merchant cards when they're available (that is, a card good at only one store, not a co-branded MC or Visa). Yeah, it's a pain in the ass, but I've come to view the next hack as inevitable.

Letting someone else store all my card numbers would be just as retarded, in my opinion, as what I used to do. There's no such thing as a system that can't be hacked. There are only systems that haven't been hacked yet.

Rich
Click to expand...


Some things you can't subscribe to without them having a card on file though - ie. XM radio, Hertz Gold Club, etc.

Recently, I started using a Capital One Visa for just about _every_ purchase and paying it off every month. This yields two benefits. First, basically 1.5% off of _everything. Secondly, one payment a month out of your checking account instead of lots of small ones makes cash flow planning easier. I don't like to keep "extra" money in checking where it earns no interest.
 
JimNtexas said:
Congratulations! You just reinvented Google Wallet and Apple Pay!

By the way, these NFC systems do not bypass the normal credit card surcharge systems.

Apple Pay is a particularly clever system.
Click to expand...

They could just do it with POS systems. There's no need to ever transmit the card number to the store's computers, if you ask me.
 
JeffDG said:
I think anyone who develops a system that stores card numbers is insane. Get the number, send it to Visa, get a hash code back for authentication, never a need to store the number...ever.
Click to expand...

This is how the system we use in our store operates (Intuit Point of Sale). There is no "storage" of the CC number, except encrypted for just as long as it takes for the transaction to get authorized. I can't do a refund without getting the card back (we can see the last 4 #s) to swipe again. The only risk of a hack getting into our system would be somehow intercepting between the PIN pad, the software and the transmission to Intuit for authorization, but it's all Intuit's proprietary stuff, so they're (largely) on the hook to keep the connections secure. We keep our network locked down as tight as we can reasonably achieve, don't even use wifi for our network connection.
 
How much more does the merchant have to pay on Apple Pay? Every time someone touches money, they want a piece of it.
 
dans2992 said:
Some things you can't subscribe to without them having a card on file though - ie. XM radio, Hertz Gold Club, etc.

Recently, I started using a Capital One Visa for just about _every_ purchase and paying it off every month. This yields two benefits. First, basically 1.5% off of _everything. Secondly, one payment a month out of your checking account instead of lots of small ones makes cash flow planning easier. I don't like to keep "extra" money in checking where it earns no interest.
Click to expand...

SiriusXM has a prepaid card that you can buy in most electronics stores. That's how I pay them.

Rich
 
dmspilot said:
Why would you give out all of them? Isn't one enough? :confused:
Click to expand...

Well, that's what I said. If I had to use Apple Pay (or Google Wallet, etc.), I'd give them one card number. This way WHEN their system gets hacked, it would only be that one card that I would have to cancel. But frankly, the need to wave my favorite toy at the register whenever I buy something, just so the rest of the world can see how cool I am, is not so overwhelming that I'd bother.

I mean, seriously. Does the iPhone have a vibrator attachment, too? Its devotees seem to want it to do everything else, so why not that, as well?

Rich
 
RJM62 said:
I mean, seriously. Does the iPhone have a vibrator attachment, too? Its devotees seem to want it to do everything else, so why not that, as well?

Rich
Click to expand...

Actually, yes, I believe it does.
 
We actually manufacture one of these... I was rather surprised when they asked to open up the firewall to (ahem) certain sites that would normally be restricted in a manufacturing company.
 
dans2992 said:
We actually manufacture one of these... I was rather surprised when they asked to open up the firewall to (ahem) certain sites that would normally be restricted in a manufacturing company.
Click to expand...

Actually, I was joking... lol

Rich
 
RJM62 said:
Well, that's what I said. If I had to use Apple Pay (or Google Wallet, etc.), I'd give them one card number. This way WHEN their system gets hacked, it would only be that one card that I would have to cancel. But frankly, the need to wave my favorite toy at the register whenever I buy something, just so the rest of the world can see how cool I am, is not so overwhelming that I'd bother.

I mean, seriously. Does the iPhone have a vibrator attachment, too? Its devotees seem to want it to do everything else, so why not that, as well?

Rich
Click to expand...

Yes, there is an App for that, several in fact.:rofl::rofl::rofl:

I too don't really get the iPay or whatever, but I really wish everyone would figure to combine everything on one RFID type fob, drivers license, professional licenses, security clearances, passport, my FAA Medical, my Financial Card Number(s) I want to designate to it....

But I don't want it on my phone, I want it as a key fob. I want to get rid of my freaking Kastanza wallet. Check in a hotel? Swipe. Check in for a flight? Swipe, Renting a plane? Swipe. The fob should be such that it provides a screen to keep the data unscannable until you open a shutter for scanning.

I don't want to rely on my phone for this, if anything I would want them to back each other up. But until government (Our representatives in the matter) and industry get together and set some protocols and start participating with each other, I'll just stick with cards and cash with a smattering of PayPal.
 
Henning said:
Yes, there is an App for that, several in fact.:rofl::rofl::rofl:

I too don't really get the iPay or whatever, but I really wish everyone would figure to combine everything on one RFID type fob, drivers license, professional licenses, security clearances, passport, my FAA Medical, my Financial Card Number(s) I want to designate to it....

But I don't want it on my phone, I want it as a key fob. I want to get rid of my freaking Kastanza wallet. Check in a hotel? Swipe. Check in for a flight? Swipe, Renting a plane? Swipe. The fob should be such that it provides a screen to keep the data unscannable until you open a shutter for scanning.

I don't want to rely on my phone for this, if anything I would want them to back each other up. But until government (Our representatives in the matter) and industry get together and set some protocols and start participating with each other, I'll just stick with cards and cash with a smattering of PayPal.
Click to expand...

http://www.youtube.com/watch?v=yoPf98i8A0g

Rich
 
Www.plastc.com looks interesting. Claims to even do security prox cards, but I'll believe it when I see it.

If it does what they claim, I will buy one if/when released.
 
RJM62 said:
Personally, I think you have to be half insane to use any electronic payment system that stores your card numbers.
Click to expand...

JeffDG said:
I think anyone who develops a system that stores card numbers is insane. Get the number, send it to Visa, get a hash code back for authentication, never a need to store the number...ever.
Click to expand...

Apple Pay does not store the card number anywhere. Check it out:

http://www.macrumors.com/2014/10/02/comprehensive-look-at-apple-pay-security/
 
Henning said:
Yes, there is an App for that, several in fact.:rofl::rofl::rofl:

I too don't really get the iPay or whatever, but I really wish everyone would figure to combine everything on one RFID type fob, drivers license, professional licenses, security clearances, passport, my FAA Medical, my Financial Card Number(s) I want to designate to it....

But I don't want it on my phone, I want it as a key fob. I want to get rid of my freaking Kastanza wallet. Check in a hotel? Swipe. Check in for a flight? Swipe, Renting a plane? Swipe. The fob should be such that it provides a screen to keep the data unscannable until you open a shutter for scanning.

I don't want to rely on my phone for this, if anything I would want them to back each other up. But until government (Our representatives in the matter) and industry get together and set some protocols and start participating with each other, I'll just stick with cards and cash with a smattering of PayPal.
Click to expand...

Remember this thing?

https://www.speedpass.com

Apple is going in that direction. Don't forget, the forthcoming Apple Watch will also support Apple Pay as it appears to have NFC in it also.

http://www.macrumors.com/2014/10/27/nfc-public-transit-security/
 
RJM62 said:
Personally, I think you have to be half insane to use any electronic payment system that stores your card numbers.

I'm currently on my third year of free identity theft protection from the four times that my card information has been compromised from supposedly "secure" systems. Home Depot was the most recent, and I will activate their free year as soon as the current year's (courtesy of Food Town) expires. The two years prior were courtesy of Target and Adobe.

I have also canceled my accounts with almost all vendors that require that I keep a credit card other than their own on file. Adobe's the lone holdout, and only because I need their software more than they need me. They have a card number that gets used for nothing other than their bills. Everyone else who insisted on having a payment method on file either got canceled, or else I obtained the vendor's own card and let them store that number.

In short, NO ONE gets to hold my card numbers any more. I seriously think someone would have to have rocks in their head to entrust all their card numbers to any company -- Apple, Google, or otherwise -- just so they can pay by waving their phone at a machine, I mean, seriously, gimme a break.

The only way I could see myself using a service like this would be if they only had a single card on file, preferably their own, which was used for nothing else. This way when their system inevitably gets hacked, I'd only have one card to cancel.

Rich
Click to expand...

That's not how the tech works.

The apple device never transmits your card number, it sends a
token, kinda like PayPal. It's actually more secure compared to swiping.
 
Well, I don't use it and I don't really want to. But - when I read something like "algorithmically-generated; dynamic; cryptogram; token" my BS meter pegs pretty hard.

No one can fix the human part. Ever. It won't be long before it's cracked, just like all the previous security protocols.
 
Script kiddies can exchange credit card numbers. Sure, this may be hackable, but the number of hackers with the resources to do it is greatly reduced.
 
Henning said:
How much more does the merchant have to pay on Apple Pay? Every time someone touches money, they want a piece of it.
Click to expand...

It will likely be some fractional percent, like 0.002 or something like that, but that adds up rapidly if you have a user base in the millions spending thousands of dollars a year. Figure 20 million users, spending $500/month using Apple Pay, at 0.2%, that's a cool $240 M/year. Nice racket. Probably why Apple (and yes, I'm assuming it was them) paid Intuit for a bunch of new NFC card readers.
 
James331 said:
That's not how the tech works.

The apple device never transmits your card number, it sends a
token, kinda like PayPal. It's actually more secure compared to swiping.
Click to expand...

Yes, yes, I understand that. But somewhere in Apple's system lies the ability to convert the device information, biometric data, or whatever else they may want to implement on the POS side of things, to a charge against a card. Thus it still asks me to place my faith in Apple's (or Google's, or Anyone Else's) invulnerability to data breaches, and I am unwilling to do that.

What Apple and Google extoll as an additional layer of security, I disdain as an additional layer of vulnerability. It's one more entity that has possession of my financial information. To take that risk for something as trivial as being able to wave a phone at a reader rather than using an individual card strikes me as utterly pointless and vain.

I'd rather take my chances with EMV Chip +PIN. It's not invulnerable either because banks and other card issuers are not invulnerable (as this past summer's breaches of Chase and other banks made painfully clear). But using an individual card, at least my vulnerability is limited to that one card and that one issuer, not all of the cards stored by a third-party service -- in whatever form -- on its servers.

Of course, you can store only one card on the payment service and minimize the risk. Great idea! Except that if you're going to do that, then what the hell is the point of the service other than to show everyone around you at the register what a cool phone you have? You don't even get a thinner wallet out of the deal.

Note that I didn't mention the Big Brother aspect of it all. That's because any time you use plastic to make a purchase, your purchase information will be sold to the highest bidder before you get back to your car, anyway. Same goes for loyalty cards. The only way to keep your purchasing habits private is to pay with cash or use anonymous gift cards. So any privacy-based objection is moot with regard to any of these payment services.

Rich
 
So, out of curiosity, I checked out CurrentC. I added my email to their 'Notify Me' database to keep up with launch information.

Today, I get this email about a breach in their system, and a 3rd party gaining access to the email database. Some security. ....and you want me to give you my checking account number?? Karma.

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.
 
You must log in or register to reply here.
Back
Top