Tap to pay has been so widespread in Canada for almost 10 years now. It always surprises me to go down south and having to insert my card or still sign my name. I can’t remember the last time I did the that in Canada
I live in I’d say one of the Top ~15 largest city in Mexico, it always bothers me that the vendors DO have contactless card readers and the contactless payment sign in their counter yet they ask me to insert my card. Like I just wanna buy this bag of chips and a coke, let me just tap my card and go
It's almost impossible to go anywhere in Australia without "pay wave" or tap to pay being available, then I moved back to New Zealand and it's still slowly becoming more wide spread, but still more widespread than I remember in the US. I was really shocked in the US to swipe my card from New Zealand and only need to sign a piece of paper, I'd always seen it happen on American TV shows and didn't realize it was a real thing.
I was travelling in US in 2013 when I was at an American restaurant that still uses the carbon printing of credit card numbers (by pressing the card against a carbon paper). Omg I was so amazed! Being in my late 30s I have never seen that kind of antique payment method
Given how the US is seen as a leader in tech, its surprising how they lag behind in things like payment technologies. They were behind to adopt chip and pin, now theyre again slow to adopt contactless. Here in the UK Ive been paying using contactless (with my phone) for years.
Yes I agree it's surprising. I remember banks offered cards with NFC back in 2014 and when I replaced the card, the new one came without it. Basically new tech in payment systems just doesn't take off like in other countries. I think part of it is also due to the preference people have to pay with a credit card. Usually these technologies like chip & pin is to make it more secure to take money directly from your bank account, whereas in the US, people like to pay with a credit card because they get points or cash back for using the card, and pretty much all credit cards offer fraud protection, so if you had any fraudulent transaction you just call the credit card and they take it off, you can even do that on the app now, and they send you a new credit card in a day or two. So there isn't really much incentive for people to look for more secure payment methods. But it's now taking off and I think it's mostly because of the speed though
One correction on the video: The NFC chip that stores your card's data is actually not visible. It's hidden inside your card just like the NFC antenna. The visible chip highlighted in this video is specifically for transactions where your card needs to be inserted in the reader.
no, what you see are just the contacts, the chip is below what is visible and in 99,99% of cards, that's the same chip for both nfc and chip & dip/sign/pin transactions
Australia was an early adopter of tap and pay as well as payment via phones and watches. I think the key was that the machines are not owned by the businesses instead they are provided as part of the package with the vendors bank. This means that the banks could push the technology out and our lifestyle of carrying minimal amounts of things when out on the weekend etc made it appealing
Same in Europe, payment terminals are usually owned by the bank the business uses. Whenever the bank decides they just come and change them to a newer model.
@@GeeEee75but we have myki on andriod phone. Top up when walking to the station or use the auto top feature. Not sure if Apple users have this though...
Myki is about to change because it fell behind, particularly for visitors. In Sydney one can simply tap a credit card or phone on public transport to use public transport. The fare charged is exactly the same as using an Opal card. Melbourne does not have this and it is very inconvenient.
What people don't get about magstripe is that all your data is recorded on the stripe (like music on a cassette tape) and easy to read. To clone a credit card's magstripe, you just have to read the stripe and write it to another card. You get a perfect copy. But with chip and pin (and tap and pay - although the mechanism is a bit different) on the chip, there's a section of memory called "write-only memory" where a cryptographic key (half of a pair) is stored. It's called "write only" because you can write to it, but only the processor inside the chip can read it and even then, not directly. There's no reasonable way for a cloner to get the data back out short of decapping the chip (removing the top of it, also known as delidding) and using microprobes to trace the circuits while making a request. The write only memory is attached to a dedicated crypto processor which cannot be asked for the key, rather you give it data and it either encrypts or decrypts using the key in write only memory and then returns the result. Because of how PKI (the system for the keys) work, there are two half keys - A and B and because of the maths involved, if you encrypt a message with A, ONLY B can decode it and if you encode it with B, ONLY A can decode it. If you have either A or B, it's extremely difficult to figure out the other key (it would take hundreds of years minimum even with the most powerful computer, although quantum computers may change that). Your card has one of the two keys assigned to the card (A) - the bank has the other (B) - so when you tap, the terminal picks a random number, asks your card to encrypt it with A, then sends that encrypted message to the bank which then decrypts the message using your B key. It then re-encrypts the message using your B key and sends that back. Remember, if you encrypt with A ONLY B can decrypt, and if you encrypt with B, ONLY A can decrypt. So if the card is valid, the card encrypts it with A which the bank can decrypt with your B. It never looks at the content - it just re-encrypts it with the B key and sends that back. ONLY your A key - the one on the card can decrypt it. And that results in the original random number that was sent. If they match, it's valid. There are very few known ways to trick this system. There was a bug in the early version of the system that, if the attacker got the timing just right, could inject a repeat purchase into the pay terminal (it wasn't a bug with the card) that would look like the first purchase and cause two payouts, but the attacker had 45 seconds to complete it, and the bug has since been patched. Most attacks actually copy the magstripe and then make it look like the tap and pay or the chip card has failed to get you to fallback and use the magstripe.
One more thing In India All NFC Enabled phones can work as Payment Machines for small businesses. If you just have a current account with any bank. No set-up fees or any one-time or monthly fees for the business owners. Just the processing fees.
Ever since I was a kid I've heard about how dangerous swiping you card can be. So its amazing that it took well over a decade since hearing this for the U.S. to widely adopt something like tap-to-pay in which it is considerably safer to use your card, especially after hearing the statistics every year on how much money is lost due to fraud/stolen credentials
@@johnp139 But somebody is paying for it. Usually it's the bank or merchant. So you (and everybody else) pay for it in higher fees and higher costs for everything you buy.
I did some cashiering at a drug store when I was in college in the mid 1980s. I remember how people waiting in that line used to groan when a customer pulled out the credit card -- we had those old machines with carbon copies that we ran a card through, had to use the intercom to ask a manager come for a credit card approval, and they would actually call to make sure the card was valid and good for charges. Now people grumble when someone is NOT quickly swiping or tapping a credit card which is almost instant now, compared to people writing checks (yes, some people still do) or fumbling through their wallets for exact change. My, how times have changed.
I’ve never used swipe. Tap to pay has been a thing in Europe for ages, especially in the UK, it’s very rare not to have it, even nearly all tiny businesses have it.
What I like best about tap to pay is how cheap it is to implement for very small businesses. About 90% of the people who have stalls at my local farmer’s market have a Square device.
It always felt so backwards to go from Europe to the US, where people still used swipe & sign instead of chip & pin, let alone contactless. Glad to see that it finally reached the other side of Atlantic :) Now how about paying service workers at least a minimum wage and stop making people pay 20%+ tips for everything? :)
totally. i been using NFC in Europe for what seems like a decade. entering the Ewe, Es and Aye, feels like arriving in a third world country by comparison (in more ways than one)
As an American, I am glad we finally have it, and I only have to carry my phone now. Especially since now we have our ID cards in Apple Wallet! As for 20% tips, that is still a painful part of my day!
@@scuthan Europe, Canada and the rest of the world i've seen have had tap payment options for 10-15 years. The US is the only country I've ever swiped a credit card.
@@austinbrass Not really, the reason you were able to swipe a card in the US is probably because your credit card was issued by a foreign bank. POS machines here started rejecting credit cards with chips issued by US banks at least 10 yrs ago. As for tap payment options, they became available everywhere overnight ever since apply pay and google pay came out. We never found the payment options in Europe convenient when i visited there before the pandemic. chip-and-pin is too much hassle even compared with swiping and the people are just using the good old cash
What are some real world uses tho. Because I can’t think anything other than an NFC tag that enables a command, but you could do the same without it lol
WJS forgot to mention these facts 1) Bluetooth and Wi-Fi offer better range and faster transfer speeds 2) NFC can store loyalty cards, tickets, passes, and even transit fare cards (not all transit cards work) not to mention home, car and hotel keys 3) Future might have the ability to exchange money between users/phones 4) A digital wallet can possibly hold everything from payment cards to concert tickets 5) TSA is on board with NFC terminals (more in Future) for ID's 6) Pair headphones like Sony's WF-1000XM3 7) Buy NFC tags for under $20 and the world is your oyster (Nintendo Switch with Animal Crossing) 8) You need at least iOS 15 or android 10 to use NFC security features 9) Ultra Wideband (UWB) might dethrone NFC (think about Smart Tag tracking devices) 10) Contrary to those who say it drains battery. Unless you really keep using it the draw on power is negligible
That short distance is not because of the frequency but power of the signal being generated. Obviously that is by design. RFID works at the same frequency but can go distances of above 10 cm
Finally, it's gotten to the point where nearly every business I frequent has tap-to-pay. I rarely find myself pulling my card out to swipe for payment. I do nearly everything with Apple Pay.
Kroger finally fell. I think for large retailers its just Home Depot, Lowes and Wal-Mart. Same with Apple Pay, had my wallet stolen a few years back at a GYM. Forced me to adopt Apple Pay so I could lighten my wallet. So much better from both a physical security as well as digital security going that route.
@@brianc9036 yes finally Kroger did and I was at Lowe's yesterday and they had it too! Have not been to Home Depot yet. Apple Pay is the way to go, especially with Apple Card.
Something i think you missed is that the active device is actually providing a small amount of power to the passive device to receive information, since the passive device actually has a micro processor in it that stores the information, and in order for it to be sent it requires power.
I tap to watch this video to actually try to confirm this, because when I was still in school in Hong Kong more than 20 years ago when the Octopus smart transit card was introduced, I think I read about it taking induction current from the reader, that fascinated the very nerdy kid I was (still is really!). I then always wonder if contactless credit cards today works in similar fashion.
To be more accurate, the terminal is always emitting a radio signal. When you bring your card in range, the antenna in the card turns that radio signal in a small current (that's literally have a radio works) and that tiny signal is enough to power the chip. As long as the card is in range, the card stays powered and has enough power to both process the request and transmit a signal that the terminal can read. BTW, that's why the antenna in the card is so big.
Actually, the electromagnetic radiation conducts through the card's antennae to provide a small electric current to trigger the broadcasting of the card's data to the active reader. It's similar to how you can use metal antennae to get a small current to your TV to watch broadcast television.
I think you all are wrong. In the video it is stated that the card must be within 4 cm to activate the transfer of information. This says to me; that the card is static as they say and the information on the card/chip is available at ALL times. Remember when this tech was being sold to the US; people were freaking out that someone with a reader could stand behind you and 'charge' your card. Hence the need for very close contact. The card is static and contains information that can be read. It doesn't need power of any kind. Just like the mag stripe....
The only issue for tap to pay for me is that there are payment terminals that don’t tell you where to tap specifically. I have to move my card around to figure where to tap on the terminal that don’t have the symbol to pay
Ha ha, I was thinking exactly that. You can waste several seconds tapping your card on every surface of the reader, trying to get your card to scan. And it feels like you're somehow the idiot for not getting it right first time 😂
@spiderdx I have the opposite - one place I often go has a cashier - and it's always the same one - who offers the machine for me to pay, so I put my phone where it's indicated, but then she moves her machine to a different part of my phone, and ends up with the transaction failing!
The transaction itself might be safer than other methods. I use it every day in a European country where it is really common. However, something I am always a little worried about is loosing my wallet and someone using my card to do purchases. You have to insert the card and provide the PIN every 20 transactions or so and for higher payments. Even though according to banks the numbers of fraud happening this way are allegedly small, I see it as a security risk. I wouldn't mind still providing a code when using the NFC functionality or perhaps having your fingerprint stored locally on the card (there are companies working on this) as an additional security layer.
In Canada, tap transactions from stolen cards are insured by the bank or credit institution, as long as you report the card within a reasonable amount of time.
NFC tech is so popular in Japan. The Japanese people have NFC enabled cards called Suica/Pasmo that they use to effortlessly enter/exit subway stations and the ticket fare is accordingly charged.
Here in Latinamerica tap-to-pay is a big security breach. It's very easy for a malicious active terminal to read data from a card inside a person pocket. Most of banks require PIN for a 10 USD or greater check.
Tap-to-pay with your phone solves that - the phone must be more than simply powered on, but the screen be on, too (some phones need to be unlocked, too). If I wave my phone at a payment terminal while the screen is black, nothing happens. Tap the power button to wake it up, and it can pay.
@@clickrick A friend got his account empty because of that specific situation.... I agree with the comment, in LATAM, Tap-to-Pay is a huge risk and a big security breach....
Great video. Hopefully the US adopts tap soon. So weird to travel there and have to dig a card out of your wallet just to have someone at a restaurant walk away with it where they can skim it or do whatever they want in the back.
I work as a cashier. I will take people cards and tap them, just to make sure they don't insert a tap card. Tap to pay is getting more well known but i have a lot of older customers that don't know their cards have tap. It's so much faster and easier for everyone. And this way extra people are not touching my card machine.
Let's be honest. Large retail businesses do not want to activate Pay-To-Pay payments because they will miss out on data that can get since there is a randomized token. They won't be able to see what/where you are buying from. I am looking at HEB, Kroger, Home Depot. The devices in the store already have the NCF hardware in there, but they chose to deactivate it. Kroger was for the longest time forcing customers to use their version of tap to pay, but people did not want to use it because it did not work. They will claim that it will too expensive to activate and accept Tap-To-Pay, but that is simply not true. They won't be able to grab your data since there is a randomized token.
I don’t think what you say is correct. While a randomized token is generated and transmitted, as the video mentions, the fixed/static card information is sent as well as part of the transaction (in cleartext). Importantly however, the video fails to mention that the card’s 3 or 4 digit CVV code is *not* transmitted wirelessly and as such the fixed card information by itself (which theoretically could be skimmed by a rouge NFC reader) is mostly useless were it attempted to be used in card not present (CNP) transactions.
Ummm they are already getting that information whenever you enter your loyalty/club card number at the beginning of the transaction. They use the data collected every time you make a purchase and enter your loyalty card number to aggregate your purchase data and tailor offers to you based on your buying history.
The risk has changed, we have went from using our judgement to look at a card reader to see if a scam is taking place to someone can walk past us on the street and hold a reader to our bodies in a sneaky way and charge money to our card or device (unless you buy yourself something to protect the card). My worry is contactless payment limits, why do banks not allow you to set your own limit, here in the UK its now £100. Someone could come along, brush up against a person in a crowded space and charge £99 to the card and your money is gone, and you dont know about it until you next go to spend money or check your bank account.
Very surprised to learn this is still fairly new in the U.S. it's been commonplace in Canada for a while. I don't remember exactly how long, but I do remember at the start of the pandemic Walmart was basically the only major retailer that didn't have it yet--pretty much every other store had already had it for years by then. But then again we had widespread bank debit payment since the early 90s, and I don't think that became common in the states until much more recent
Contactless payment is not new in the US and has been around for years. Every major retailer excepts contactless payment except Walmart for whatever stupid reason.
@@jadon-sc1zj Thats wild cus Walmart in Canada has been contactless for years. I feel like the only reason the US is moving to contactless is exclusively cus of the fact Phones support it. So having a non-contactless store will most definitely lose you business.
There are still a lot of bugs to be worked out with merchants. A few weeks ago I tried using contactless at a Shell gas station. Both using my phone and tapping the physical card failed. I was given an error message saying it was declined. Inserting the card worked as it should have. This is not an isolated incident. I've had failures with other merchants as well, though some (like Five Guys) have finally fixed their systems to work properly.
Of course, we've coupled contactless with a "no verification" policy (such as a PIN or getting signature verification from a vendor, which granted has all but disappeared anyway.) So as any good hacker knows, there's no need to intercept all that encrypted data when all you really need is to get a hold of the card. If you have the card, you tap, purchase the items with someone else's card, "burn" the card, and sell the items elsewhere. In other words, don't drop your card. You may as well have dropped cash.
Except that you don't actually lose anything, it takes 2 minutes to ring up your card provider to report the card / have it deactivated, and they'll just overnight you a replacement.
@@halfsourlizard9319 Which is great from the moment you realize your card is missing. But if that takes hours, it only takes minutes to do some damage. Also, I have NEVER had them actually overnight me a card. Anytime I have needed a prompt replacement, it has taken 7 - 10 days.
it's crazy to see that tap to pay is not that popular on the US, I'm from Colombia and basically every business that accept credit or debit has tap to pay capable systems so we use it very often
Just watched a DEFCON video showing that 99 percent of the tap to pay sensors are vulnerable and then shown to have weaponized it. All though tapping a cellphone to the reader. The man who did this worked for all of the banks in France. Almost all of them have ridiculously easy exploits, both buffer and heap. Granted it is better to tap then swipe. However it's all security theater.
Watched the video. Great technical content but the reason it has poor adoption in the US is because it doesn’t work very well. As I was thinking anyone who has used it has had to the “Where do I to tap to get this to work” dance and there’s a clip of people going through turnstiles like at a subway entrance…..and the guy right in the foreground taps his card, it doesn’t work and while the voice over runs about how awesome T2P is, the video shows the guy fumbling around with his card trying to get the reader to recognize it. The clip ends before he gets it resolved. EXACTLY!
I'm from Mexico and the implementation of technology in our country usually depends of USA's pace. Contactless paying has recently been introduced here and one issue we have with this is that most terminals don't ask for a PIN/ ask for a PIN after a really big amount of money. Imagine your wallet is stolen (very common) and you suddenly lose 20% of your monthly income. If banks minimize this limit, then the experience would be perfect.
One thing I've noticed is periodically tap is not accepted and I have to insert my card. I suspect this is a security method to keep someone with a stolen card from taking too much.
Tap to pay has been available in Australia for a very long time, too. In Sydney all of our public transport has been tap to pay for many years. 10 years ago in Europe it was disappointing to see how few merchants had tap to pay available (just like the US when we visited 5 years ago). We recently returned to Europe and it's great to see how widely it has been adopted now - even down to small town market merchants in France having contactless payment options. Unfortunately still don't see it much on public transport (other than in London).
well i got new for you: this March the whole of Netherlands got contactless fares enabled on all and for all forms of public transit, at 100% of public transit in 100% of the Netherlands you can now tap to pay with any Maestro, V-Pay, Visa Debit, Visa Credit, Mastercard Debit or Mastercard creditcard, this includes from e-Wallets such as iPhones, watches, android etc. (sadly no support yet for Apple Expres Transit, though we're being told that is coming, as is nationwide support for AMEX cards, apparently...)
A friend of mine from Aus came to visit me here in America a few months back. She was always so amused that I brought my wallet with me everywhere we went, because "in Aus, we just take our phones and use Apple Pay for everything."
We’ve been using tap for years in Canada. I remember using it up here, driving across the border to Niagara Falls and I had to use the swipe in stores there. Found it strange that we were more advanced in technology than the states were.
That's all great unless someone steals your card. A safer approach would be to require a PIN in addition to the tap. Still convenient, but much better protection.
Are you could just use a Apple wallet or Samsung wallet from your smart phone via NFC build in chip. Why do we still use physical cards any more when your smart phone is 100% secure.
NEVER use a PIN. i use NFC on phone requiring finger print to confirm payment....if I do use a card (99% of my transaction are with phone) I use a CC (same with phone).....in fact ALL my transactions are with tap pay/phone pay credit card.....i pay off every month, rack up points. any unauthorized transactions are protected by my credit card user agreement (chase).... NEVER use debit cards I have forgotten my PIN. I never use debit cards, in fact they are in my safe 👍🏻
Extremely interesting video. As a frequent traveller who works in the tech industry and travelling back and forth to Silicon Valley for years, I've always wondered why the US was such a slow adopter of this tech. The first real contactless payment systems were common in Japan, South Korea and later places like Hong Kong. But the first contactless banking cards were offered in the US in 2004. But they really didn't take off. An example: ruclips.net/video/u2gMaSk2tsQ/видео.html What happened to slow the adoption down? Glad this video finally answered the question. I suppose the opposite occurred in Australia. After introducing the cards in 2006, adoption was swift, being to date the fastest adopter of the tech with among the highest usage rates among consumers. Part of that was a very flexible fintech sector where retailers could extremely quickly take up new machines. With tap and pay terminals being ubiquitous only a couple of years after introduction, a lot of people switched. But Australia is also a country that has been quick to introduce anything convenient in fintech. Cheques for example fell out of fashion in the 80's and 90's. With internet banking becoming more common from around 1997, rent would be a simple and free personal bank to business transaction; never a cheque, never in person. Transfers between banks, between people, between business is all integrated into a seamless payment system which also meant there has never been the need for 3rd party solutions, with Australians doing such transfers well before the likes of PayPay and Venmo. I am sure Europeans and British would have similar sentiments. The UK for example, was very quick to abolish signatures being a rapid adopter of chip and PIN as a way to reduce credit card theft and fraudulent use. Australia followed suit, banning the practice as well.
While the whole world is still using card, taptopay and wallets. India's revolutionized the payments shstem by UPI. Literally paying in my country is so easy af.
When you don't have basic things at first implementing new thing will be easy, for example china didn't had to lay thousands km of cable wire for internet they directly used fiber. UPI uses SMS for authentication, it's the weakest form, one disaster away from happening. UPI still need to find a way to charge for transaction, gov can't support it for infinitely, people may go back when it happens.
But UPI biggest flaw is using SMS OTPs and having the need to be always connected. I could tap my card or use Samsung Pay on my phone without internet connection at all. Whereas it's not possible to complete a UPI transaction without internet or a mobile.
It's amazing how the U.S. is so behind the world with payment methods. I don't recall the last time I had to swipe a card, but it's been years. Not only can we tap credit & debit cards, we can also use our phones. The phone also creates it's own receipt. Also, we can tap a transit pass. I have my account configured for me, that is senior's fare. When I want to hop on a bus or commuter train, I just tap my card. I can add funds to my card on line, with their web site, or with a phone app. The card is valid on several transit systems and the fares are integrated, so that the cost over multiple systems is cheaper than the total of the individual fares.
The only benefit of wireless is that the false card reader hack (where a 2nd nefarious magnetic card strip reader is installed to the equipment) can not be used to exploit the card. But for all other times the card is not being used to make a purchase - it is able to be read remotely and exploited. Now the end users need to be educated about rfid, faraday cages, and how to protect their cards.
Exactly. Need to use a metal card holder etc. I was shocked at one point in time that I was around a metre away from the machine. And the reader caught my card. And yet, the cashier hasn't put in the price yet !!! Scary, right ?... Yup!!....
Australia had this widely adopted easily at least 10+ years. I’ve had American customers (I own a business near a large university, with few American academics around) puzzled that my business do not accept cards with signatures.
In Thailand we just use our phone. The street cart vendors etc display QR codes which is their bank account number. We scan the QR code into our bank apps on our phone. Our phone app asks to confirm that we want to transfer money to that account. When we confirm, money is transferred from our bank account to their bank account immediately and a confirmation is received. No cards. No card readers. No Visa, Mastercard etc Just a phone. 👍
Tap and card insert connect to the same chip so have access to the same information. If a reader can be hacked for reading the chip it can be hacked for RFID. Commercial RFID readers may only have a few centimeter range but they can be made to work over longer distances like any other transmitter. So someone can stand near you and read your card. Fairly tough for someone to stand near you and insert your card into a reader.
I had one of those charge me when I accidently held my wallet too close. Fortunately the shop owner saw two entries (I had paid in cash) and refunded. This seems to compare these to security of a magnetic strip (which is weaker) but not the chipped card which is also secure. The concept that a charge can occur over the air is uncomfortable.
I want to better understand how this technology relates to the fraudulent skimming of data from credit cards. Thank you for explaining how touchless technology works.
Been seeing stories of tap cards being accessed while in peoples pockets and purses. One woman had 3 cards accessed in her purse, 2 ft away, for the same purchase 😮
Yep. I was at a terminal ordering a pizza. The clerk handed me my pizza and said have a great day. After I told her I needed to pay, she informed me that I already had. The terminal charged the card that was in my wallet with the tap to pay feature, not the one in my hand that I wanted to use. The one in my hand didn’t have tap to pay. Every since then, I only shop at stores with Apple Pay because I have more control over charges with biometric security.
Here in NZ, we started using it when Covet took over our lives. It made sense rather than touching the keypad. Now however the banks have started to rip everyone off and retailers are charging from 1 to 5% extra for this service. I for one simply will not pay this and have returned to the pin pad payment which is free. Greed always try's too take over.
The biggest problem I have with tap to pay is 90% of places still don’t recognize it. So it’s usually not an option. I wish more places got up to speed with it, it could really make a difference in curbing the number of frauds
@@PassionPno Very much like the answer to every question - money. In the US you will notice that newer, smaller companies will have NFC using one of the services like Stripe. The large companies don't want to spend the money needed to upgrade all their terminals. Many still don't have chip/pin. In Europe, you never let your card out of your sight. In the US, every waitperson takes your card, swipes it in their ancient machine, and then brings you back a ticket to sign - after adding the tip of course. When I visit the US I always ask if they can take apple pay in the restaurant, and a surprisingly small percentage can do that. However, every tiny food truck takes NFC with Stripe or one of their competitors.
Extremely vulnerable. The flipper zero can get CC number and then they can pressure you to giving them bitcoin by telling you they know your CC number (true) and CVC (lie)
Tap-to-pay with your phone solves that - the phone must be more than simply powered on, but the screen be on, too (some phones need to be unlocked, too). If I wave my phone at a payment terminal while the screen is black, nothing happens. Tap the power button to wake it up, and it can pay.
I love that TTP is so secure. Now all we need is for banks and other companies holding our information to stop getting hacked and our data will actually be safe.
I remember going to college in the US in 2017 and being surprised I couldn't use contactless anywhere, while I'd been using it in France since the early 2010s.
I still do not understand why Wal-Mart doesn't have apple pay/tap to pay. Even smaller businesses have access to the tech with companies like square yet a retail powerhouse doesn't have it. 🤨
I remember at one point that the US Walmart was one of the first places I could do chip and PIN at. But for the longest time, even in Canada, they didn't have tap-to-pay. Maybe it's a question of rollout - they didn't want to introduce tap-to-pay until they had enough machines to blanket a geographic area?
The history is, when TFL (Transport for London) was developing their ticketing system to be contactless, they pioneered the technology of contactless Oyster (travel) cards. As 1/6th of the UK’s population lived in London, that put extreme pressure on banks to develop their own contactless, and that (convenience of tapping your bank card and not needing a ticket/top up an Oyster), meant the public wanted the same convenience in retail.
Here's my issue with Tap to pay: Let's say I keep my card in my wallet or a clip in my back pocket (or even the front pocket of my jeans for that matter). What stops someone, with access to an active NFC reader, from coming just close enough to where my card is kept and complete a transaction? That's why I prefer cards with chips even though the transaction might take a measly second longer
most (if not all) of these technologies are American invention / innovation. but there are a few reasons why they may not be wide spread in the US, including inertia, preferences or even regulations. it is easier and cheaper to adopt a new technology if you hadn't spent as much building up complex and expensive infrastructure for the previous version.
@@PLuMUK54 Charles Walton was born in the UK but grew up in NYC and was in the army. He died back in 2011 in California. Many were responsible for RFID, but Walton is considered the largest contributor. South Korea was the first to make contactless payments, but the idea for FOB-like devices have been in use for years. Japan used it aswell in the 90s. Im not sure why yall act like RFID was some insane feat of engineering either. The soviets litterally bugged the US embassy with an RFID device back in the 60s I think.
Yeah it started in India around 4 years ago and I have never pay with card any other way. I have even registered my card to my mobile's NFC so that I can make payments through phone directly don't even have to carry the card around
One issue I have run into a couple of times in the last year (2022) where the card I chose to use and the reader registered a payment before the card got within 6 inches or so of the reader. I now use a blocking wallet.
It's not safer if someone has gotten hold of your card and gone on a tapping spending spree. It's much safer if the tapping is done by a watch or a phone. That way, the person paying has had to unlock the device to actually get they payment to work. I've been using my watch to pay for things in Canada for years. It's nice to see that more places are finally accepting this in the US as well. I still hate the fact that in the US, when you have to pay for a restaurant bill, they nearly always take your card away! In Canada & Europe, we've been told for over 20 years to never let the card out of your sight.
i dont know how its in america, but where im at you can put a limit to how much you can pay with tapping like 30 eur or so, and it will ask for a pin code if you use it many times in row
Oh I'm familiar with RFID as a concealable low energy identifier and tracking device we used on cargo, cars and company property. Funny enough RFID can ping its exact location within a 20 KM range as we used them and even more with more advanced antenna circuits.
Yeah, except tap to pay cards are fundamentally insecure. Someone stole my card with it a couple months ago. All they have to do is use a smart phone to initiate a transaction as they walk by and replay my response at a payment terminal. I asked my bank if I could get a card that doesn't have that feature, and they said no.
Did you not watch the video, it won't work like that because the smart phone is not the same device as the payment terminal, so will not cause the card to generate the same unique code, so when the unique code is sent to the bank it should cause an invalid transaction (aka no money taken)
I have been entering my PIN manually for the longest time until I found out recently it has the tap option and have been using it. But, I am still skeptical that tapping is more secure than swiping... 🤔
The banks are now seeing far lower claims for card misuses than they used to, mostly because there's no longer the opportunity for some miscreant to skim your card - you physically keep hold of it the entire time.
The process is the same, the difference being that you always have to set the system up for the payment. Security and speed do not go hand to hand. The safest way is requiring you to use a code every time you make a new purchase and trust in the establishment. With a SMS reaching you the moment a purchase is made.
Inserting the CC number rather than the card could also be an alternative solution (or a password you have created, that can be changed at any time).
If it’s safer than why are there all these local news stories of people being forced to use tap to withdraw $ from ATMs (the swipe was purposely broken on the machine) and then scammers are able to withdraw all their $ from their bank accounts when they leave?
It feels like there was never a real push to adopt new payment technology in the US until the massive Target data breach ten years ago, after that this stuff was suddenly everywhere. I wonder how much further behind we would have fallen were it not for that catalyst to scare all the retailers awake?
just get an rfid blocking wallet or use multiple cards stacked on top of each other that avoids the reader being able to read that data. on a phone the nfc usually isnt even active when it isnt unlocked.
With mobile payments like Google Pay and Apple Pay, the phone has to be unlocked before tapping it to the POS. That would make it impossible for someone who is using their phone as a card reader to tap someone else's phone and charge their card. It's actually more secure than an NFC-enabled credit or debit card. Even if your phone is stolen, the thief has to unlock your phone to be able to use mobile payments
My issue with tap to pay is that all the readers have the tap spot in different places. If you save 1 second, but you spend an extra 5 tapping the wrong place, it’s better to just insert. If they could standardize the tap location (or, frankly, if I could remember to look every time before I tap), I’d use it more often.
It's standard, the antenna 90% is under the "wifi icon" no matter it's printed on the pos or on the screen. For iPhone, the antenna is under the Apple icon in the back. So try align these two.
While this might be true, there is still a danger of "tapping" your card at an ATM 🏧 machine. Please make sure to log off the screen if you are one who engages with this option.
never seen a tap-in atm. given you are going to be there for more than a second it doesn't seem that much of an advantage.. though i guess it would avoid a lot of the skimming and pin stealing scams from them.
The big security problem with this contactless tap thing is that anybody can use your card! If you drop or lose your card, somebody else can pick it up and use it until you've managed to report it stolen. That could be quite a while, if you don't immediately notice that your card is gone.
@@BexRaymond most banks, you can set the contactless limit. If you exceed the limit, then you will need to enter the pin to make the payment. You can also disable the card from your phone if you loose it.
The reason why some stores and restaurants in the USA do not take contactless payments is that they have card readers of magnetic stripe only. These stores and restaurants do not have credit card machines with buttons or credit card machines with a touchscreen. These types of credit card machines are found in other stores and restaurants in the USA. For the stores and restaurants in the USA that use card readers of magnetic stripe only, they will be required to upgrade in the coming years. Mastercard will remove the magnetic stripe from their cards by 2030.
Tap to pay has been so widespread in Canada for almost 10 years now. It always surprises me to go down south and having to insert my card or still sign my name. I can’t remember the last time I did the that in Canada
Same here in the U.K. I have been completely cashless since 2019 as most retailers have contactless payment methods.
I live in I’d say one of the Top ~15 largest city in Mexico, it always bothers me that the vendors DO have contactless card readers and the contactless payment sign in their counter yet they ask me to insert my card. Like I just wanna buy this bag of chips and a coke, let me just tap my card and go
It's almost impossible to go anywhere in Australia without "pay wave" or tap to pay being available, then I moved back to New Zealand and it's still slowly becoming more wide spread, but still more widespread than I remember in the US. I was really shocked in the US to swipe my card from New Zealand and only need to sign a piece of paper, I'd always seen it happen on American TV shows and didn't realize it was a real thing.
I was travelling in US in 2013 when I was at an American restaurant that still uses the carbon printing of credit card numbers (by pressing the card against a carbon paper). Omg I was so amazed! Being in my late 30s I have never seen that kind of antique payment method
@@BlairAnsor I use my ohone
Given how the US is seen as a leader in tech, its surprising how they lag behind in things like payment technologies. They were behind to adopt chip and pin, now theyre again slow to adopt contactless. Here in the UK Ive been paying using contactless (with my phone) for years.
Yes I agree it's surprising. I remember banks offered cards with NFC back in 2014 and when I replaced the card, the new one came without it. Basically new tech in payment systems just doesn't take off like in other countries. I think part of it is also due to the preference people have to pay with a credit card. Usually these technologies like chip & pin is to make it more secure to take money directly from your bank account, whereas in the US, people like to pay with a credit card because they get points or cash back for using the card, and pretty much all credit cards offer fraud protection, so if you had any fraudulent transaction you just call the credit card and they take it off, you can even do that on the app now, and they send you a new credit card in a day or two. So there isn't really much incentive for people to look for more secure payment methods. But it's now taking off and I think it's mostly because of the speed though
key word here is "seen"....it's an illusion 😉
10 years in my case
Lol it’s been around in the US for more than 10 years. What are u talking about?
@@timoooo7320 Credit cards have been contactless just as long as debit cards
One correction on the video: The NFC chip that stores your card's data is actually not visible. It's hidden inside your card just like the NFC antenna. The visible chip highlighted in this video is specifically for transactions where your card needs to be inserted in the reader.
no, what you see are just the contacts, the chip is below what is visible and in 99,99% of cards, that's the same chip for both nfc and chip & dip/sign/pin transactions
Guess what's on the back of that visible chip bruh
@David Daniel Wouters No? You say the same thing I just said, and then say no, lol.
@Joonil Oh its still technically a different chip bro.
@@kevindavis8762 And the back of a penny is technically a different coin too, right?
Australia was an early adopter of tap and pay as well as payment via phones and watches. I think the key was that the machines are not owned by the businesses instead they are provided as part of the package with the vendors bank. This means that the banks could push the technology out and our lifestyle of carrying minimal amounts of things when out on the weekend etc made it appealing
Yes, but we do need to catch up with enabling tap to pay on public transport systems (I'm looking at you, Victoria!).
Same in Europe, payment terminals are usually owned by the bank the business uses. Whenever the bank decides they just come and change them to a newer model.
@@GeeEee75but we have myki on andriod phone. Top up when walking to the station or use the auto top feature. Not sure if Apple users have this though...
Banks still haven't adopted 2FA so I wouldn't bet on them being the forerunner of anything else.
Myki is about to change because it fell behind, particularly for visitors. In Sydney one can simply tap a credit card or phone on public transport to use public transport. The fare charged is exactly the same as using an Opal card. Melbourne does not have this and it is very inconvenient.
What people don't get about magstripe is that all your data is recorded on the stripe (like music on a cassette tape) and easy to read. To clone a credit card's magstripe, you just have to read the stripe and write it to another card. You get a perfect copy.
But with chip and pin (and tap and pay - although the mechanism is a bit different) on the chip, there's a section of memory called "write-only memory" where a cryptographic key (half of a pair) is stored. It's called "write only" because you can write to it, but only the processor inside the chip can read it and even then, not directly. There's no reasonable way for a cloner to get the data back out short of decapping the chip (removing the top of it, also known as delidding) and using microprobes to trace the circuits while making a request.
The write only memory is attached to a dedicated crypto processor which cannot be asked for the key, rather you give it data and it either encrypts or decrypts using the key in write only memory and then returns the result.
Because of how PKI (the system for the keys) work, there are two half keys - A and B and because of the maths involved, if you encrypt a message with A, ONLY B can decode it and if you encode it with B, ONLY A can decode it. If you have either A or B, it's extremely difficult to figure out the other key (it would take hundreds of years minimum even with the most powerful computer, although quantum computers may change that).
Your card has one of the two keys assigned to the card (A) - the bank has the other (B) - so when you tap, the terminal picks a random number, asks your card to encrypt it with A, then sends that encrypted message to the bank which then decrypts the message using your B key. It then re-encrypts the message using your B key and sends that back. Remember, if you encrypt with A ONLY B can decrypt, and if you encrypt with B, ONLY A can decrypt. So if the card is valid, the card encrypts it with A which the bank can decrypt with your B. It never looks at the content - it just re-encrypts it with the B key and sends that back. ONLY your A key - the one on the card can decrypt it. And that results in the original random number that was sent. If they match, it's valid.
There are very few known ways to trick this system. There was a bug in the early version of the system that, if the attacker got the timing just right, could inject a repeat purchase into the pay terminal (it wasn't a bug with the card) that would look like the first purchase and cause two payouts, but the attacker had 45 seconds to complete it, and the bug has since been patched.
Most attacks actually copy the magstripe and then make it look like the tap and pay or the chip card has failed to get you to fallback and use the magstripe.
What about people using Flipper Zero? Can they bypass this?
@MMALifestyle1972 He doesn't have to be. A decent dev will know how simple PKIs work.
All of this and it's still laughably easy to clone a card's chip.
Happens even on your bank's ATM.
You so smart!!! 😮
Wait what. I thought only web stuff used PKI. Fascinating. Thanks for sharing.
One more thing In India All NFC Enabled phones can work as Payment Machines for small businesses. If you just have a current account with any bank. No set-up fees or any one-time or monthly fees for the business owners. Just the processing fees.
Nice
I feel like those fees are what's stopping shops in my third world country from setting up NFC payments.
HSBC bank
I have never seen any small/big business using NFC via phone in Pune. Can you tell which network you imply and in which city?
No ones using them here
Ever since I was a kid I've heard about how dangerous swiping you card can be. So its amazing that it took well over a decade since hearing this for the U.S. to widely adopt something like tap-to-pay in which it is considerably safer to use your card, especially after hearing the statistics every year on how much money is lost due to fraud/stolen credentials
You are not responsible for fraudulent transactions, so it’s NOT DANGEROUS!!!!!!!
Up to a point AFAIK. What do people do if they got their info stolen and the hacker spent past that point?
@@johnp139 But somebody is paying for it. Usually it's the bank or merchant. So you (and everybody else) pay for it in higher fees and higher costs for everything you buy.
Lies again? Tesla Porsche USD SGD
Also, getting your card swiped is not that great.🤣
I did some cashiering at a drug store when I was in college in the mid 1980s. I remember how people waiting in that line used to groan when a customer pulled out the credit card -- we had those old machines with carbon copies that we ran a card through, had to use the intercom to ask a manager come for a credit card approval, and they would actually call to make sure the card was valid and good for charges. Now people grumble when someone is NOT quickly swiping or tapping a credit card which is almost instant now, compared to people writing checks (yes, some people still do) or fumbling through their wallets for exact change.
My, how times have changed.
I remember when some stores and restaurants would ask you to write your address and phone number on the credit card receipt.
I’ve never used swipe. Tap to pay has been a thing in Europe for ages, especially in the UK, it’s very rare not to have it, even nearly all tiny businesses have it.
Try INDIA UPI scan from your phone and pay
What I like best about tap to pay is how cheap it is to implement for very small businesses. About 90% of the people who have stalls at my local farmer’s market have a Square device.
It always felt so backwards to go from Europe to the US, where people still used swipe & sign instead of chip & pin, let alone contactless. Glad to see that it finally reached the other side of Atlantic :)
Now how about paying service workers at least a minimum wage and stop making people pay 20%+ tips for everything? :)
totally.
i been using NFC in Europe for what seems like a decade.
entering the Ewe, Es and Aye, feels like arriving in a third world country by comparison (in more ways than one)
As an American, I am glad we finally have it, and I only have to carry my phone now. Especially since now we have our ID cards in Apple Wallet! As for 20% tips, that is still a painful part of my day!
surprised that Europe has this type of technology. Didn't Europeans use cash most of time?
@@scuthan Europe, Canada and the rest of the world i've seen have had tap payment options for 10-15 years. The US is the only country I've ever swiped a credit card.
@@austinbrass Not really, the reason you were able to swipe a card in the US is probably because your credit card was issued by a foreign bank. POS machines here started rejecting credit cards with chips issued by US banks at least 10 yrs ago. As for tap payment options, they became available everywhere overnight ever since apply pay and google pay came out. We never found the payment options in Europe convenient when i visited there before the pandemic. chip-and-pin is too much hassle even compared with swiping and the people are just using the good old cash
The NFC tech is actually really useful… far more than just this kinda stuff.
Do you recommend some products or readings?
What are some real world uses tho. Because I can’t think anything other than an NFC tag that enables a command, but you could do the same without it lol
I’m wondering what you’re referring to. Mostly I can think of authentication purposes because there’s minimal data that can be passed back and forth.
WJS forgot to mention these facts
1) Bluetooth and Wi-Fi offer better range and faster transfer speeds
2) NFC can store loyalty cards, tickets, passes, and even transit fare cards (not all transit cards work) not to mention home, car and hotel keys
3) Future might have the ability to exchange money between users/phones
4) A digital wallet can possibly hold everything from payment cards to concert tickets
5) TSA is on board with NFC terminals (more in Future) for ID's
6) Pair headphones like Sony's WF-1000XM3
7) Buy NFC tags for under $20 and the world is your oyster (Nintendo Switch with Animal Crossing)
8) You need at least iOS 15 or android 10 to use NFC security features
9) Ultra Wideband (UWB) might dethrone NFC (think about Smart Tag tracking devices)
10) Contrary to those who say it drains battery. Unless you really keep using it the draw on power is negligible
NFC used to be used for transferring files
That short distance is not because of the frequency but power of the signal being generated. Obviously that is by design. RFID works at the same frequency but can go distances of above 10 cm
Or more, much more.
this is astounding to me. we’ve had this in the UK for at least ten years!
It’s been here too. People just don’t bother using it that much.
Finally, it's gotten to the point where nearly every business I frequent has tap-to-pay. I rarely find myself pulling my card out to swipe for payment. I do nearly everything with Apple Pay.
Kroger finally fell. I think for large retailers its just Home Depot, Lowes and Wal-Mart. Same with Apple Pay, had my wallet stolen a few years back at a GYM. Forced me to adopt Apple Pay so I could lighten my wallet. So much better from both a physical security as well as digital security going that route.
Mark of the beast coming soon
@@brianc9036 yes finally Kroger did and I was at Lowe's yesterday and they had it too! Have not been to Home Depot yet. Apple Pay is the way to go, especially with Apple Card.
Like the good NPC you are.
Even in Romania it's been here for almost 10 years. It was adopted quite well and fast.
Dude, are you really assuming they know where Romainia is? :)
Something i think you missed is that the active device is actually providing a small amount of power to the passive device to receive information, since the passive device actually has a micro processor in it that stores the information, and in order for it to be sent it requires power.
I tap to watch this video to actually try to confirm this, because when I was still in school in Hong Kong more than 20 years ago when the Octopus smart transit card was introduced, I think I read about it taking induction current from the reader, that fascinated the very nerdy kid I was (still is really!). I then always wonder if contactless credit cards today works in similar fashion.
To be more accurate, the terminal is always emitting a radio signal. When you bring your card in range, the antenna in the card turns that radio signal in a small current (that's literally have a radio works) and that tiny signal is enough to power the chip. As long as the card is in range, the card stays powered and has enough power to both process the request and transmit a signal that the terminal can read. BTW, that's why the antenna in the card is so big.
Actually, the electromagnetic radiation conducts through the card's antennae to provide a small electric current to trigger the broadcasting of the card's data to the active reader.
It's similar to how you can use metal antennae to get a small current to your TV to watch broadcast television.
I think you all are wrong.
In the video it is stated that the card must be within 4 cm to activate the transfer of information.
This says to me; that the card is static as they say and the information on the card/chip is available at ALL times.
Remember when this tech was being sold to the US; people were freaking out that someone with a reader could stand behind you and 'charge' your card.
Hence the need for very close contact.
The card is static and contains information that can be read.
It doesn't need power of any kind.
Just like the mag stripe....
Mark of the beast coming soon
The best explanation on the topic I have seen to date. WSJ knocks it out of the park again 👏
The only issue for tap to pay for me is that there are payment terminals that don’t tell you where to tap specifically. I have to move my card around to figure where to tap on the terminal that don’t have the symbol to pay
Ha ha, I was thinking exactly that. You can waste several seconds tapping your card on every surface of the reader, trying to get your card to scan. And it feels like you're somehow the idiot for not getting it right first time 😂
One grocery store near me, the card has to be hovering very slightly above the terminal and nothing can touch at all or it'll fail to read.
@spiderdx I have the opposite - one place I often go has a cashier - and it's always the same one - who offers the machine for me to pay, so I put my phone where it's indicated, but then she moves her machine to a different part of my phone, and ends up with the transaction failing!
The transaction itself might be safer than other methods. I use it every day in a European country where it is really common. However, something I am always a little worried about is loosing my wallet and someone using my card to do purchases. You have to insert the card and provide the PIN every 20 transactions or so and for higher payments. Even though according to banks the numbers of fraud happening this way are allegedly small, I see it as a security risk. I wouldn't mind still providing a code when using the NFC functionality or perhaps having your fingerprint stored locally on the card (there are companies working on this) as an additional security layer.
Some stores here in the US will still ask you for a PIN even if you tapped the card. Grocery stores for example.
In Canada, tap transactions from stolen cards are insured by the bank or credit institution, as long as you report the card within a reasonable amount of time.
even if that does happen it's still incredibly easy to log in to your card account online and dispute fraudulent charges lol
In Australia the machine often asks for a pin for transactions over $100 to help with this.
5:50
A truly beatiful and unique signature.
NFC tech is so popular in Japan. The Japanese people have NFC enabled cards called Suica/Pasmo that they use to effortlessly enter/exit subway stations and the ticket fare is accordingly charged.
Since it was invented by Japanese!!
we have it in metro cards in India too right
@@18890426no its not
Here in Latinamerica tap-to-pay is a big security breach. It's very easy for a malicious active terminal to read data from a card inside a person pocket. Most of banks require PIN for a 10 USD or greater check.
Here, we can use wallets or card holders that do not allow anyone to steal information.
Tap-to-pay with your phone solves that - the phone must be more than simply powered on, but the screen be on, too (some phones need to be unlocked, too).
If I wave my phone at a payment terminal while the screen is black, nothing happens. Tap the power button to wake it up, and it can pay.
never show your phone on the street in latinamerica
@@clickrick A friend got his account empty because of that specific situation....
I agree with the comment, in LATAM, Tap-to-Pay is a huge risk and a big security breach....
Great video. Hopefully the US adopts tap soon. So weird to travel there and have to dig a card out of your wallet just to have someone at a restaurant walk away with it where they can skim it or do whatever they want in the back.
Only that doesn’t happen.
They already have. My card has it.
What do you mean, you hope? Most merchants in USA accept it. I used Apple Pay almost exclusively on my last visit…
Thank WSJ to share NFC and RFDI to us and how tap to pay works
Everytime i visited the US in the past, it felt like stepping back in time from a payment systems perspective.
In New York, for the MTA, there's Tap to Pay, Swipe to Pay, as well as Hop to Ride.
Thats how transit has worked everywhere on earth for at least 10 years
@@austinbrass pretty sure hop to ride is prevalent in the US only
They should provide jumpers to hop over the turnstile for the gravitationally challenged. The system has to be inclusive.
No tokens?😂
I work as a cashier. I will take people cards and tap them, just to make sure they don't insert a tap card. Tap to pay is getting more well known but i have a lot of older customers that don't know their cards have tap. It's so much faster and easier for everyone. And this way extra people are not touching my card machine.
Let's be honest. Large retail businesses do not want to activate Pay-To-Pay payments because they will miss out on data that can get since there is a randomized token. They won't be able to see what/where you are buying from. I am looking at HEB, Kroger, Home Depot. The devices in the store already have the NCF hardware in there, but they chose to deactivate it. Kroger was for the longest time forcing customers to use their version of tap to pay, but people did not want to use it because it did not work.
They will claim that it will too expensive to activate and accept Tap-To-Pay, but that is simply not true. They won't be able to grab your data since there is a randomized token.
Or maybe it's just because the United States is still stuck in the 80's when it comes to payment.
I don’t think what you say is correct. While a randomized token is generated and transmitted, as the video mentions, the fixed/static card information is sent as well as part of the transaction (in cleartext). Importantly however, the video fails to mention that the card’s 3 or 4 digit CVV code is *not* transmitted wirelessly and as such the fixed card information by itself (which theoretically could be skimmed by a rouge NFC reader) is mostly useless were it attempted to be used in card not present (CNP) transactions.
@@MaxPower-11 You can tell in this comments section who works in fields related to card processing. :)
Ummm they are already getting that information whenever you enter your loyalty/club card number at the beginning of the transaction. They use the data collected every time you make a purchase and enter your loyalty card number to aggregate your purchase data and tailor offers to you based on your buying history.
Great news, heb is rolling out tap to pay to all locations.
The risk has changed, we have went from using our judgement to look at a card reader to see if a scam is taking place to someone can walk past us on the street and hold a reader to our bodies in a sneaky way and charge money to our card or device (unless you buy yourself something to protect the card).
My worry is contactless payment limits, why do banks not allow you to set your own limit, here in the UK its now £100. Someone could come along, brush up against a person in a crowded space and charge £99 to the card and your money is gone, and you dont know about it until you next go to spend money or check your bank account.
Very surprised to learn this is still fairly new in the U.S. it's been commonplace in Canada for a while. I don't remember exactly how long, but I do remember at the start of the pandemic Walmart was basically the only major retailer that didn't have it yet--pretty much every other store had already had it for years by then. But then again we had widespread bank debit payment since the early 90s, and I don't think that became common in the states until much more recent
Contactless payment is not new in the US and has been around for years. Every major retailer excepts contactless payment except Walmart for whatever stupid reason.
@@jadon-sc1zj Thats wild cus Walmart in Canada has been contactless for years.
I feel like the only reason the US is moving to contactless is exclusively cus of the fact Phones support it. So having a non-contactless store will most definitely lose you business.
There are still a lot of bugs to be worked out with merchants. A few weeks ago I tried using contactless at a Shell gas station. Both using my phone and tapping the physical card failed. I was given an error message saying it was declined. Inserting the card worked as it should have. This is not an isolated incident. I've had failures with other merchants as well, though some (like Five Guys) have finally fixed their systems to work properly.
I suspect having to insert occasionally might be a security feature, to prevent someone from taking out too much from someone else's account.
I contacted Shell, they told me it wasn’t enabled… that was a year ago and it still hasn’t been enabled…
Of course, we've coupled contactless with a "no verification" policy (such as a PIN or getting signature verification from a vendor, which granted has all but disappeared anyway.) So as any good hacker knows, there's no need to intercept all that encrypted data when all you really need is to get a hold of the card. If you have the card, you tap, purchase the items with someone else's card, "burn" the card, and sell the items elsewhere.
In other words, don't drop your card. You may as well have dropped cash.
Except that you don't actually lose anything, it takes 2 minutes to ring up your card provider to report the card / have it deactivated, and they'll just overnight you a replacement.
@@halfsourlizard9319 Which is great from the moment you realize your card is missing. But if that takes hours, it only takes minutes to do some damage.
Also, I have NEVER had them actually overnight me a card. Anytime I have needed a prompt replacement, it has taken 7 - 10 days.
Was in NY last week; first time without cash. The tap to pay, very normal in the Netherlands, works great.
it's crazy to see that tap to pay is not that popular on the US, I'm from Colombia and basically every business that accept credit or debit has tap to pay capable systems so we use it very often
Just watched a DEFCON video showing that 99 percent of the tap to pay sensors are vulnerable and then shown to have weaponized it. All though tapping a cellphone to the reader.
The man who did this worked for all of the banks in France.
Almost all of them have ridiculously easy exploits, both buffer and heap.
Granted it is better to tap then swipe. However it's all security theater.
Watched the video. Great technical content but the reason it has poor adoption in the US is because it doesn’t work very well. As I was thinking anyone who has used it has had to the “Where do I to tap to get this to work” dance and there’s a clip of people going through turnstiles like at a subway entrance…..and the guy right in the foreground taps his card, it doesn’t work and while the voice over runs about how awesome T2P is, the video shows the guy fumbling around with his card trying to get the reader to recognize it. The clip ends before he gets it resolved. EXACTLY!
I'm from Mexico and the implementation of technology in our country usually depends of USA's pace.
Contactless paying has recently been introduced here and one issue we have with this is that most terminals don't ask for a PIN/ ask for a PIN after a really big amount of money. Imagine your wallet is stolen (very common) and you suddenly lose 20% of your monthly income. If banks minimize this limit, then the experience would be perfect.
In India, we can enable/disable contactless payments if and whenever we want to. We also have the option to set its limit.
One thing I've noticed is periodically tap is not accepted and I have to insert my card. I suspect this is a security method to keep someone with a stolen card from taking too much.
financial crimes
Theft is covered by insurance, you will be refunded if you lodged a complaint.
Mark of the beast coming soon
THE WAY I WENT TO CHECK THE DATE THIS VIDEO WAS UPLOADED!! 😲
*giggles in UK*
We have been using it for years in South Africa! In face we have moved in from that since COVID.
Tap to pay has been available in Australia for a very long time, too. In Sydney all of our public transport has been tap to pay for many years. 10 years ago in Europe it was disappointing to see how few merchants had tap to pay available (just like the US when we visited 5 years ago). We recently returned to Europe and it's great to see how widely it has been adopted now - even down to small town market merchants in France having contactless payment options. Unfortunately still don't see it much on public transport (other than in London).
well i got new for you: this March the whole of Netherlands got contactless fares enabled on all and for all forms of public transit, at 100% of public transit in 100% of the Netherlands you can now tap to pay with any Maestro, V-Pay, Visa Debit, Visa Credit, Mastercard Debit or Mastercard creditcard, this includes from e-Wallets such as iPhones, watches, android etc. (sadly no support yet for Apple Expres Transit, though we're being told that is coming, as is nationwide support for AMEX cards, apparently...)
Contactless in the UK is all over, especially in public transport. It was hard-pushed during the pandemic and pretty much every business has it now
wait until they charge your card in the street.
@@tube.brasil NFC has an extremely short range so that would be really hard to do. Plus if you use your phone instead it needs to be unlocked to work.
A friend of mine from Aus came to visit me here in America a few months back. She was always so amused that I brought my wallet with me everywhere we went, because "in Aus, we just take our phones and use Apple Pay for everything."
I've been struggling to find a trading mentor, but your videos have filled that void. Thank you for being such a great teacher.
Unfortunately it's not possible to require pin every time so if someone steals your card or phone you're in trouble.
We’ve been using tap for years in Canada. I remember using it up here, driving across the border to Niagara Falls and I had to use the swipe in stores there. Found it strange that we were more advanced in technology than the states were.
That's all great unless someone steals your card. A safer approach would be to require a PIN in addition to the tap. Still convenient, but much better protection.
people will become more responsible after somebody steals their credit card. A benefit to humanity :D
In my country you only can pay up to 50€ and three transactions after that it asks for the pin
Are you could just use a Apple wallet or Samsung wallet from your smart phone via NFC build in chip. Why do we still use physical cards any more when your smart phone is 100% secure.
NEVER use a PIN.
i use NFC on phone requiring finger print to confirm payment....if I do use a card (99% of my transaction are with phone) I use a CC (same with phone).....in fact ALL my transactions are with tap pay/phone pay credit card.....i pay off every month, rack up points. any unauthorized transactions are protected by my credit card user agreement (chase)....
NEVER use debit cards
I have forgotten my PIN. I never use debit cards, in fact they are in my safe 👍🏻
@@terrydean3802 mines are all in my digital wallet on my iPhone. I don’t even remember what a 20 dollar bill look like 😂
We’ve had contactless payments since 2013 in Saudi Arabia 🇸🇦 😊
It felt so natural going to Europe from Canada. I feel even more foreign in the US.
Makes card cloning easier 🎉
Extremely interesting video. As a frequent traveller who works in the tech industry and travelling back and forth to Silicon Valley for years, I've always wondered why the US was such a slow adopter of this tech.
The first real contactless payment systems were common in Japan, South Korea and later places like Hong Kong. But the first contactless banking cards were offered in the US in 2004. But they really didn't take off.
An example: ruclips.net/video/u2gMaSk2tsQ/видео.html
What happened to slow the adoption down? Glad this video finally answered the question.
I suppose the opposite occurred in Australia. After introducing the cards in 2006, adoption was swift, being to date the fastest adopter of the tech with among the highest usage rates among consumers. Part of that was a very flexible fintech sector where retailers could extremely quickly take up new machines. With tap and pay terminals being ubiquitous only a couple of years after introduction, a lot of people switched.
But Australia is also a country that has been quick to introduce anything convenient in fintech.
Cheques for example fell out of fashion in the 80's and 90's. With internet banking becoming more common from around 1997, rent would be a simple and free personal bank to business transaction; never a cheque, never in person.
Transfers between banks, between people, between business is all integrated into a seamless payment system which also meant there has never been the need for 3rd party solutions, with Australians doing such transfers well before the likes of PayPay and Venmo.
I am sure Europeans and British would have similar sentiments. The UK for example, was very quick to abolish signatures being a rapid adopter of chip and PIN as a way to reduce credit card theft and fraudulent use. Australia followed suit, banning the practice as well.
financial crimes is too easy
SIngapore will also now start charging a fee for cheques from 2025, probably to discourage their use
I have finished the job watching, commenting, liking and subscribing
While the whole world is still using card, taptopay and wallets. India's revolutionized the payments shstem by UPI. Literally paying in my country is so easy af.
When you don't have basic things at first implementing new thing will be easy, for example china didn't had to lay thousands km of cable wire for internet they directly used fiber.
UPI uses SMS for authentication, it's the weakest form, one disaster away from happening. UPI still need to find a way to charge for transaction, gov can't support it for infinitely, people may go back when it happens.
But UPI biggest flaw is using SMS OTPs and having the need to be always connected. I could tap my card or use Samsung Pay on my phone without internet connection at all. Whereas it's not possible to complete a UPI transaction without internet or a mobile.
It's amazing how the U.S. is so behind the world with payment methods. I don't recall the last time I had to swipe a card, but it's been years. Not only can we tap credit & debit cards, we can also use our phones. The phone also creates it's own receipt. Also, we can tap a transit pass. I have my account configured for me, that is senior's fare. When I want to hop on a bus or commuter train, I just tap my card. I can add funds to my card on line, with their web site, or with a phone app. The card is valid on several transit systems and the fares are integrated, so that the cost over multiple systems is cheaper than the total of the individual fares.
Tao to pay is so useful. It’s amazing ❤
The only benefit of wireless is that the false card reader hack (where a 2nd nefarious magnetic card strip reader is installed to the equipment) can not be used to exploit the card. But for all other times the card is not being used to make a purchase - it is able to be read remotely and exploited. Now the end users need to be educated about rfid, faraday cages, and how to protect their cards.
Exactly. Need to use a metal card holder etc. I was shocked at one point in time that I was around a metre away from the machine. And the reader caught my card. And yet, the cashier hasn't put in the price yet !!! Scary, right ?... Yup!!....
Australia had this widely adopted easily at least 10+ years.
I’ve had American customers (I own a business near a large university, with few American academics around) puzzled that my business do not accept cards with signatures.
We can't do that anymore correct. I remember reading somewhere that signatures for payments are now depreciated.
In Thailand we just use our phone.
The street cart vendors etc display QR codes which is their bank account number.
We scan the QR code into our bank apps on our phone.
Our phone app asks to confirm that we want to transfer money to that account.
When we confirm, money is transferred from our bank account to their bank account immediately and a confirmation is received.
No cards. No card readers.
No Visa, Mastercard etc
Just a phone. 👍
Tap and card insert connect to the same chip so have access to the same information. If a reader can be hacked for reading the chip it can be hacked for RFID. Commercial RFID readers may only have a few centimeter range but they can be made to work over longer distances like any other transmitter. So someone can stand near you and read your card. Fairly tough for someone to stand near you and insert your card into a reader.
I had one of those charge me when I accidently held my wallet too close. Fortunately the shop owner saw two entries (I had paid in cash) and refunded.
This seems to compare these to security of a magnetic strip (which is weaker) but not the chipped card which is also secure. The concept that a charge can occur over the air is uncomfortable.
In order of most to least secure:
- Samsung Pay/Apple Pay/Google Pay
- tap and pay on a card
- inserting the chip on a card
- swipe with a card
That's why I never cary my debt card with NFC, and use my phone, because I can turn off NFC!😊
I want to better understand how this technology relates to the fraudulent skimming of data from credit cards. Thank you for explaining how touchless technology works.
Tap-to-pay is very popular in Canada. It's odd it's not as popular in the USA.
We've been using it here for years.
Been seeing stories of tap cards being accessed while in peoples pockets and purses. One woman had 3 cards accessed in her purse, 2 ft away, for the same purchase 😮
It happened to me a couple months ago!
Happened to me in Spain this month.
I've used a wallet/card holder that blocks signals for years. Whilst in the wallet, they cannot be read.
Yep. I was at a terminal ordering a pizza. The clerk handed me my pizza and said have a great day. After I told her I needed to pay, she informed me that I already had. The terminal charged the card that was in my wallet with the tap to pay feature, not the one in my hand that I wanted to use. The one in my hand didn’t have tap to pay. Every since then, I only shop at stores with Apple Pay because I have more control over charges with biometric security.
@@CS-qc7np seems like they need to add a pin function to these cards
Here in NZ, we started using it when Covet took over our lives. It made sense rather than touching the keypad. Now however the banks have started to rip everyone off and retailers are charging from 1 to 5% extra for this service. I for one simply will not pay this and have returned to the pin pad payment which is free. Greed always try's too take over.
The biggest problem I have with tap to pay is 90% of places still don’t recognize it. So it’s usually not an option. I wish more places got up to speed with it, it could really make a difference in curbing the number of frauds
I’m from a 3rd world country. We have this tap to pay since 8 years ago and literally every store accepts it. Why is the US so behind?
@@PassionPno Very much like the answer to every question - money. In the US you will notice that newer, smaller companies will have NFC using one of the services like Stripe. The large companies don't want to spend the money needed to upgrade all their terminals. Many still don't have chip/pin. In Europe, you never let your card out of your sight. In the US, every waitperson takes your card, swipes it in their ancient machine, and then brings you back a ticket to sign - after adding the tip of course. When I visit the US I always ask if they can take apple pay in the restaurant, and a surprisingly small percentage can do that. However, every tiny food truck takes NFC with Stripe or one of their competitors.
Majority of places accept it now and you can looks on Apple Maps or Google Maps and tells you in the info card
@@PassionPnoIt’s quicker and cheaper to adopt brand new tech instead of upgrading from existing ones.
It's actually the opposite, 90% of the places I visit here in the US let me tap. The rest at least can read the chip.
What's to stop someone from putting a card reader near your wallet in your pocket and taking your funds that way?
How vulnerable are the tap to pay cards to being read by others while in your purse or wallet?
Very. I was a victim of that kind of fraud this month in Spain.
Extremely vulnerable. The flipper zero can get CC number and then they can pressure you to giving them bitcoin by telling you they know your CC number (true) and CVC (lie)
I use a wallet that blocks signals. Whilst in the wallet the cards cannot be read.
Tap-to-pay with your phone solves that - the phone must be more than simply powered on, but the screen be on, too (some phones need to be unlocked, too).
If I wave my phone at a payment terminal while the screen is black, nothing happens. Tap the power button to wake it up, and it can pay.
I love that TTP is so secure. Now all we need is for banks and other companies holding our information to stop getting hacked and our data will actually be safe.
This method is much safer!*
*please purchase a RFID blocking wallet to ensure safety 😊
I remember going to college in the US in 2017 and being surprised I couldn't use contactless anywhere, while I'd been using it in France since the early 2010s.
I still do not understand why Wal-Mart doesn't have apple pay/tap to pay. Even smaller businesses have access to the tech with companies like square yet a retail powerhouse doesn't have it. 🤨
They want you to use Walmart Pay
They have their own loyalty app or card and want you to use that. BTW, Walmart in Canada uses regular tap-and-pay.
I remember at one point that the US Walmart was one of the first places I could do chip and PIN at. But for the longest time, even in Canada, they didn't have tap-to-pay. Maybe it's a question of rollout - they didn't want to introduce tap-to-pay until they had enough machines to blanket a geographic area?
Wallymarts in Canada accept tap.
Aside from being faster it helps lessen the wear on my chip
It's one step closer to the dystopian future of "In Time."
The history is, when TFL (Transport for London) was developing their ticketing system to be contactless, they pioneered the technology of contactless Oyster (travel) cards. As 1/6th of the UK’s population lived in London, that put extreme pressure on banks to develop their own contactless, and that (convenience of tapping your bank card and not needing a ticket/top up an Oyster), meant the public wanted the same convenience in retail.
Here's my issue with Tap to pay:
Let's say I keep my card in my wallet or a clip in my back pocket (or even the front pocket of my jeans for that matter). What stops someone, with access to an active NFC reader, from coming just close enough to where my card is kept and complete a transaction?
That's why I prefer cards with chips even though the transaction might take a measly second longer
Who will issue you a card that doesn't have NFC in 2024?
@@halfsourlizard9319 you can deactivate the NFC
When I go for a run. I usually don't carry my credit card. NFC is a godsend if I need to get something in a pinch.
most (if not all) of these technologies are American invention / innovation. but there are a few reasons why they may not be wide spread in the US, including inertia, preferences or even regulations. it is easier and cheaper to adopt a new technology if you hadn't spent as much building up complex and expensive infrastructure for the previous version.
Japan has had them since the late 90s.
exactly
PIN numbers - Scottish invention
Contactless cards - French/Austrian invention
Smart cards (precursor to contactless payment cards) - South Korean invention
@@PLuMUK54 Charles Walton was born in the UK but grew up in NYC and was in the army. He died back in 2011 in California.
Many were responsible for RFID, but Walton is considered the largest contributor.
South Korea was the first to make contactless payments, but the idea for FOB-like devices have been in use for years. Japan used it aswell in the 90s.
Im not sure why yall act like RFID was some insane feat of engineering either.
The soviets litterally bugged the US embassy with an RFID device back in the 60s I think.
Yeah it started in India around 4 years ago and I have never pay with card any other way. I have even registered my card to my mobile's NFC so that I can make payments through phone directly don't even have to carry the card around
One issue I have run into a couple of times in the last year (2022) where the card I chose to use and the reader registered a payment before the card got within 6 inches or so of the reader. I now use a blocking wallet.
It's not safer if someone has gotten hold of your card and gone on a tapping spending spree.
It's much safer if the tapping is done by a watch or a phone. That way, the person paying has had to unlock the device to actually get they payment to work. I've been using my watch to pay for things in Canada for years. It's nice to see that more places are finally accepting this in the US as well.
I still hate the fact that in the US, when you have to pay for a restaurant bill, they nearly always take your card away! In Canada & Europe, we've been told for over 20 years to never let the card out of your sight.
i dont know how its in america, but where im at you can put a limit to how much you can pay with tapping like 30 eur or so, and it will ask for a pin code if you use it many times in row
whenever I forget my wallet I'm glad to know I can always pay for things with my phone
Oh I'm familiar with RFID as a concealable low energy identifier and tracking device we used on cargo, cars and company property. Funny enough RFID can ping its exact location within a 20 KM range as we used them and even more with more advanced antenna circuits.
Better than those QR codes commonly used in mainland China
Yeah, except tap to pay cards are fundamentally insecure. Someone stole my card with it a couple months ago. All they have to do is use a smart phone to initiate a transaction as they walk by and replay my response at a payment terminal. I asked my bank if I could get a card that doesn't have that feature, and they said no.
Your bank doesn't allow you to manage the various functions of your card?
You can “punch out” the RFID antenna.
@@johnp139 That's a great idea. Thanks!
Did you not watch the video, it won't work like that because the smart phone is not the same device as the payment terminal, so will not cause the card to generate the same unique code, so when the unique code is sent to the bank it should cause an invalid transaction (aka no money taken)
Tap to pay is accepted almost everywhere in Colombia, specially after the pandemic.
I have been entering my PIN manually for the longest time until I found out recently it has the tap option and have been using it. But, I am still skeptical that tapping is more secure than swiping... 🤔
The banks are now seeing far lower claims for card misuses than they used to, mostly because there's no longer the opportunity for some miscreant to skim your card - you physically keep hold of it the entire time.
The process is the same, the difference being that you always have to set the system up for the payment.
Security and speed do not go hand to hand.
The safest way is requiring you to use a code every time you make a new purchase and trust in the establishment. With a SMS reaching you the moment a purchase is made.
Inserting the CC number rather than the card could also be an alternative solution (or a password you have created, that can be changed at any time).
However NFC paired with UPI ( free money transfer of India) could be a game changer
It's not free, gov paying for it.
If it’s safer than why are there all these local news stories of people being forced to use tap to withdraw $ from ATMs (the swipe was purposely broken on the machine) and then scammers are able to withdraw all their $ from their bank accounts when they leave?
It’s due to STUPID PEOPLE NOT LOGGING OUT!!!!!
It feels like there was never a real push to adopt new payment technology in the US until the massive Target data breach ten years ago, after that this stuff was suddenly everywhere.
I wonder how much further behind we would have fallen were it not for that catalyst to scare all the retailers awake?
convenient but increases theft risk
just get an rfid blocking wallet or use multiple cards stacked on top of each other that avoids the reader being able to read that data. on a phone the nfc usually isnt even active when it isnt unlocked.
Nice to see the USA is finally catching up....
Card reader on mobile phones, an easy way to pick pocket people without touching them
in the Driodverse we have this thing called "Biometrics". fixst. 😄
With mobile payments like Google Pay and Apple Pay, the phone has to be unlocked before tapping it to the POS. That would make it impossible for someone who is using their phone as a card reader to tap someone else's phone and charge their card. It's actually more secure than an NFC-enabled credit or debit card.
Even if your phone is stolen, the thief has to unlock your phone to be able to use mobile payments
@@terrydean3802 I think they mean tapping a card reader on someone's wallet
Yeah... we've been doing this for more than 10 years in Australia. I'm always amazed at how behind the US is...
Sucks to be Australian.
My issue with tap to pay is that all the readers have the tap spot in different places. If you save 1 second, but you spend an extra 5 tapping the wrong place, it’s better to just insert. If they could standardize the tap location (or, frankly, if I could remember to look every time before I tap), I’d use it more often.
It's standard, the antenna 90% is under the "wifi icon" no matter it's printed on the pos or on the screen. For iPhone, the antenna is under the Apple icon in the back. So try align these two.
Exactly!!!
5 taps would not result in 5 payments. The first one is the only one that works.
@@James_Knott maybe, but my comment didn’t say or imply multiple (successful) taps.
In Europe it's mandatory for all businesses to have NFC readers. My card don't even have a visible chip
While this might be true, there is still a danger of "tapping" your card at an ATM 🏧 machine. Please make sure to log off the screen if you are one who engages with this option.
never seen a tap-in atm. given you are going to be there for more than a second it doesn't seem that much of an advantage.. though i guess it would avoid a lot of the skimming and pin stealing scams from them.
Isn’t that common sense?
We have had tap to pay in Canada for years before the pandemic.
The big security problem with this contactless tap thing is that anybody can use your card! If you drop or lose your card, somebody else can pick it up and use it until you've managed to report it stolen. That could be quite a while, if you don't immediately notice that your card is gone.
That's something that still gives me questions about this method
@@BexRaymond most banks, you can set the contactless limit. If you exceed the limit, then you will need to enter the pin to make the payment.
You can also disable the card from your phone if you loose it.
@@Stefan-jk5gxwhat if u don't know that u have lost ur card....
The reason why some stores and restaurants in the USA do not take contactless payments is that they have card readers of magnetic stripe only. These stores and restaurants do not have credit card machines with buttons or credit card machines with a touchscreen. These types of credit card machines are found in other stores and restaurants in the USA. For the stores and restaurants in the USA that use card readers of magnetic stripe only, they will be required to upgrade in the coming years. Mastercard will remove the magnetic stripe from their cards by 2030.
I haven’t used cash in years and will never go back.Just tap and go with my phone.
It's 9 years now. Rwandans have been using this tech to pay for travel in Kigali, #Tap&Go, & it takes almost 1 second for a payment.