101 comments

[ 3.2 ms ] story [ 163 ms ] thread
Edit: it is sad that my comment that is relevant and contains nothing but facts is downvoted... What has HN become?

Say what you want about Bitcoin, but it does solve credit card theft for good. If I could use my Bitcoin hardware wallet¹ to pay Sonic, I wouldn't be affected by this security breach.

¹ No Bitcoin theft has ever occurred on a hardware wallet thanks to their tamper proof isolation of private keys.

If someone else uses my cc, I’m not paying it. If someone steals my bitcoins, they’re fucking GONE.
(comment deleted)
Wrong. In the US you may be liable for the full amount stolen if you fail to notice the theft in 30 days. Even if you report the theft promptly, the law allows your issuer to make you liable for the first $50.

Also you completely ignored my point about hardware wallets making theft a non-problem.

Sure, so don’t ignore your finances for a month.
You will still be liable for $50. And you again ignored my point about hardware wallets making theft a non-problem.
(comment deleted)
Actually it can still be stolen, but like an impenetrable safe full of money, of no use to the thief. You’d still be screwed though!
Not screwed, because a hw wallet can easily be backed up by writing down the 12/24-word seed in a safe/hidden spot.

Our discussion thread demonstrates that more education is needed around hardware wallets, as most people have no idea how they work or even that they exist.

I know how they work and that they exist. However, I use cash as little as possible, and really don't need a cash substitute. The few times I use cash it is for small consumable purchases and things paid with a few quarters. No need for the waiting for a bitcoin transaction to clear.

There are people that prefer cash. Of those people, a large portion of them are old or luddites/anti-tech (I actually don't mean this pejoratively as I sympathize with this view), but these people probably won't be too keen on Bitcoin as a replacement. The other portion are those seemingly like yourself that are all embracing of alternative payment methods or basically e-gold. That's great, but you are a niche bunch and I assume a pretty self-selected group.

The mainstream wants convenient credit with decent consumer protections for the many advantages it brings to their boring, mainstream life. This is not ignorance.

My credit cards give me extended warranties, travel protection. I just got a courtesy credit for a purchase well outside the return window, and I just was reimbursed a few hundred bucks for a computer that failed out of warranty. Meanwhile, I have had to call the credit card company once in 5 years for an unauthorized $200 charge. And no, I was not liable for a penny of it. I don't know where you keep getting off on this $50 stuff, but it's complete nonsense. No one ever pays $50 in practice. And most cards the window is 90 days for a dispute.

There is no major credit card company in the US that doesn't have a $0 liability policy.
Can't you steal a hardware wallet ?
They are typically PIN-protected. And you can back them up by writing the 12/24-word seed in a safe/hidden spot.
What assurance do I have that the HW wallet vendor doesn't have my seed written down for when they decide to retire?
If you are paranoid you can choose your own random seed when initializing the wallet.
> the law allows your issuer to make you liable for the first $50

This has never happened to me, and ive had a CC compromised a few times.

If someone steals your hardware wallet, what do you consider that?

Physically stealing a hardware wallet is typically not usefull because they are PIN-protected. And you can back them up by writing the 12/24-word seed in a safe/hidden spot.
Hardware wallets Do not prevent you from voluntarily giving up your money to thiefs. Social engineering doesn't go away. There are still plenty of ways to steal money from someone, whatever the form. I could always just rubberhose your wallet, is it immune to that? This is a problem with credit cards, but there is a great recourse for it.

2) No credit card I use today (and I use lots for rewards) has any term less than 90 days for dispute. Also all 3 major credit card companies offer $0 liability as part of their terms.

Pretty much this. Bitcoins are like carrying around cash. Most folks will not argue that you own it, since it's in your pocket, but if someone picks your pocket in a crown then there's no way you're getting it back.
No they aren't.

When did cash get 2 factor auth?

2FA is not inherently part of bitcoin's design. It's something that can be enabled, but not all implement it.
So I ask again... Where's Cash's 2 factor auth.

All of the major wallets/traders use 2FA and all the hardware wallets have it too.

It's like saying... Well there's safes and banks for cash but its something that not everyone "enables" but you and I both know they use it.

When has 2fa stop a bullet or knife?

Very little cash is stolen by pick-pockets or home burglars. People open their wallets because they fear pain, it doesn't matter how many locks are on the wallet.

relevant xkcd: https://xkcd.com/538/

Timelock stops bullets and knives.
Have you ever been robbed? Tell the wrong person you don't have money, and they'll attack just to make sure.
If someone steals my wallet with my cash, its GONE.
(comment deleted)
But if someone steals your credit card and buys $10,000 worth of stuff, you're probably getting that money back.
Sounds more like an argument against cash, than an argument for Bitcoin...
Credit Cards can co-exist with bitcoin, while btc solves some CC issues its target replacement is still cash.
So does using a chip reader. Assuming its up to current standards the card's information is cryptographically locked to Sonic's vendor ID and any stolen stored CC info could only be used at other Sonics.

Chip + Pin solves it even better by forcing the attacker to learn the pin for the card. We're not there yet in the US but once everyone has modern chip readers, adding pins will be trivial.

Also as a customer I'm not liable for these issues. The vendor is. With cryptocurrency, if there's a hack against me and my coins are gone, well, they're gone forever.

Sure beats giving up on cc's entirely for cryptocurrency, which comes with its own headaches and problems, especially Bitcoin which as a network wouldnt be able to cover 1 hour of credit transactions in the states.

The US will not be getting PINs for cards. It would put liability on the bank rather than the merchant. And it only affects cloned card fraud, it doesn't affect online transactions. As far as banks are concerned, the chip itself provides enough protection, and they have no interest in helping reduce merchant losses.
> cryptographically locked to Sonic's vendor ID and any stolen stored CC info could only be used at other Sonics.

That's not how chip cards work.

Bitcoin is more analogous to gold bricks or cash, not credit cards.

Credit cards are built on underlying currencies, offering easy short-term debt and a simpler payment process (compared to check/cash)... I expect that bitcoin credit cards are another prerequisite for consumer adoption.

Yeah, if I keep my credit card in a safe and never use it, no fraud is going to happen. If I use it to pay for things multiple times a day, this happens. It's not like if there hasn't been bitcoins stolen in the past.
100% of the bitcoin thefts up to this day could have been avoided if people had used hardware wallets. I'm serious when I said hw wallets make theft a non-problem.
Bitcoins can only be transferred if you approve it with your private key; which the other party never sees. You can go lock the bitcoin private key up again, and not worry someone is going take more coins while you're sleeping. All that you have to trust is that the device storing your private key (hardware wallet, phone, whatever) isn't compromised.

This also roughly applies to chip-and-pin systems, where the chip holds the private key. They're both like cash in a wallet -- giving someone cash from your wallet doesn't give them the ability to magically disappear more money while your wallet's sitting beside your bed later that night.

Whereas with a (non-chip) credit card, once another party has your information just once, a theft can happen anytime from then until years later when the CC expires.

It sure can happen: breach at the bank, predictable patterns used, intercepted mail. I'm sure there are more situations I haven't thought of.
Agreed. Credit card nums, social security, etc all suffer from the lack of private keys and signed transactions.
You're getting downvoted because everyone hates when Bitcoin idiots force it into every damn conversation.
To your edit: Saying bitcoin solves credit card theft for good is like saying gold bars or even just cash solves credit card theft for good. News flash buddy, bitcoin is not a credit system. So it really doesn't solve shit. HN has become a shit show thanks to poorly thought out comments like yours and then the subsequent whinging.

Even forgetting the whole, how do I pay with credit issue. Your post is not terribly insightful, and the facts are thin. It removes particular problems with credit cards and replaces them with others. It doesn't solve theft where you end up (through trickery or otherwise) effectively voluntarily sending your money to a thief, because Bitcoin does not give you any way to reverse charges. It just changes the small details of theft attacks on consumer spending, it doesn't fix a god damn thing.

How does bitcoin solve credit? Last I checked, bitcoin isn't a credit platform.. So even if you want to use bitcoin... you still need a credit card.

In the US, I am basically not fully liable for any credit payment I make for 90 days. I can dispute any charge for that time and it is on the onus of the bank to do something about it or not get their money. The incentives in this case are very pro-consumer.

Your digital wallet gives up consumer protections such as chargebacks which is a regression in consumer benefits. It is also accepted approximately nowhere, with very little incentive for merchants to add support.

Apple Pay and related solutions offer "tamper proof isolation of private keys" while still offering all of the consumer protections of cards, plus broad and growing acceptance via compatibility with standard contactless card terminals and POS systems.

«gives up consumer protections such as chargebacks»

True. On the flip side, most merchants are honest so chargebacks are rarely needed. It's a different tradeoff: credit cards open you to ID theft, which is a lot more prevalent than the need for a chargeback, so personally I prefer Bitcoin.

«accepted approximately nowhere»

Any new technology, such as Bitcoin or Apple Pay, has to start from zero. So it is an irrelevant argument anyway. Today Bitcoin is in fact accepted at about 160,000 merchants.

«very little incentive for merchants to add support»

Not true. The biggest, and arguably most important, incentive for merchants to accept Bitcoin is that it allows them to avoid chargeback fraud (payments are irreversible.)

Apple Pay & similar technologies are a huge step up from plain credit/debit cards. Really, it's important to recognize this. But they still have multiple drawbacks. For example, (1) it has transaction limits, (2) it isn't usable for person-to-person payments (eg. paying back lunch money to a coworker), (3) purchases are still subject to authorization so in a way you don't have 100% control of your own money (eg. the system could accidentally flag the transaction as fraudulent and prevent you from buying something.)

> On the flip side, most merchants are honest so chargebacks are rarely needed.

You also lose the convenience factor of that I don't need to care if a merchant is honest. If it's a merchant I haven't heard of it, I can just make the order without worrying too much (providing there are no obvious red flags) as there's very little risk. On the other hand, Bitcoin's irreversibly would mean I'd have to look into the company before ordering, and I'd probably avoid smaller merchants as a result.

> it allows them to avoid chargeback fraud (payments are irreversible.)

How big of an issue is this in practice? My gut reaction is most customers are honest so it's not big enough incentive to add another payment flow, but I've got no idea if that is accurate or not.

«If it's a merchant I haven't heard of it...»

You are right. However, examine your pattern of purchases: if you are like the typical consumer, most of your purchases are made at the same merchants that you have been shopping at for years and already trust.

«How big of an issue is this in practice»

It's a huge issue in some markets (eg. online shopping.) I can't remember the stats but CC fraud actually has bankrupted some merchants because it is so prevalent. Dishonest clients are a lot more common than dishonest merchants. It's easy to understand why: by being dishonest, a merchant damages its reputation instantly, however if someone attempts to use a stolen CC and gets flagged, he would simply try another CC number or try another merchant.

(comment deleted)
This is just poor reasoning. There would be more dishonest merchants if the possibility of chargebacks ceased to exist. Your reasoning is like saying look how safe this town is, guess we don’t need police anymore.

And to say that virtually no merchant acceptance[1] is an “irrelevant argument” is laughable. Merchants have little incentive to spend money and effort to add support for an obscure payment method that virtually no one uses and likely never will, due to its reduction in consumer benefits. Apple Pay piggybacked the rollout of contactless terminals which gave it support at millions of locations out of the gate, and fully supports standard consumer protections and reward programs.

Finally, “person-to-person payments” is completely irrelevant to person-to-business transactions. But even in that corner Apple Pay will very soon be superior to any other method for “paying back lunch money to a coworker”. They are rolling out P2P this fall which supports all debit cards, is free, instantaneous, and you can spend the money right away at any Apple Pay merchant or send it to your bank account.

That cuts your argument down to just avoiding transaction limits and authorization at merchants you trust. Extremely narrow use case, so no way there’s going to be enough consumer interest to drive merchant adoption.

[1] https://www.bloomberg.com/news/articles/2017-07-12/bitcoin-a...

«There would be more dishonest merchants if the possibility of chargebacks ceased to exist»

Yes there will probably be a minor uptick in merchants being dishonest. But I doubt it will be as bad as you make it to be. Many other factors push merchants to stay honest: legal repercussions, damaged reputation, etc.

«And to say that virtually no merchant acceptance[1] is an “irrelevant argument” is laughable»

Irrelevant was the wrong word. I meant illogical. Your argument is like saying in the early days of Blu-ray that "no one will buy Blu-ray discs because no one has Blu-ray players".

«Merchants have little incentive»

Second time you say it, second time you are wrong. I already pointed out their main (largest!) incentive to accept BTC is to avoid chargeback fraud. This fraud is a major problem for merchants. They can go bankrupt (eg. https://www.youtube.com/watch?v=6Chp12sEnWk&t=45m0s) or be drawn into costly suits with no way to recover the money (https://www.reddit.com/r/legaladvice/comments/5r9nqi/credit_...).

Apple Pay P2P will be riddled with roadblocks. For starters most people will not be able to use it as it requires a $500 device (iPhone). I guarantee you there will be transaction limits, delays in access to funds, etc. All things that Bitcoin solves.

> Yes there will probably be a minor uptick in merchants being dishonest. But I doubt it will be as bad...

Simply wishful thinking. If that were the case consumer protections never would have been a very interesting feature. But they are. Especially for ecommerce.

> Your argument is like saying in the early days of Blu-ray that "no one will buy Blu-ray discs...

No and I clearly stated otherwise. Apple Pay is more like launching a new disc standard that is compatible with millions of existing players already deployed, compared to one that requires brand new hardware and has fewer features. No contest.

You also ignored -- probably because it is in your interest to ignore it -- that the reason merchants have no incentive to adopt is that nobody uses it. Payments are a two-sided market. Advances need to offer benefits to both sides of the market. You've only cited an advantage to one side, the merchant, which comes directly at the cost of a regression in benefits to the other side, the consumer.

Bitcoin as it stands is a major regression in consumer benefits, and you've only managed to cite one extremely narrow case where it offers any advantage whatsoever (no transaction limits or approval step). This is nowhere near enough to offer a compelling value proposition to consumers.

As for P2P, your own use case was sending lunch money. You've offered nothing to suggest that Apple Pay won't dominate this category. You're also incorrect in your "guarantee" about delays in access to funds; they are debit transactions that process instantly.

«Simply wishful thinking»

People will pay in BTC only merchants that they already trust. Think high-reputation businesses like Amazon, Costco. Do you really think companies like that would start being dishonest if they accepted bitcoins?

«compared to one that requires brand new hardware»

No, accepting Bitcoin doesn't require new hardware. It's a software update to a website or to a point-of-sale.

«You also ignored -- probably because it is in your interest to ignore it -- that the reason merchants have no incentive to adopt is that nobody uses it»

You can continue writing they have "no incentive" but it doesn't make it true. This is the 3rd time you ignore it, and the 3rd time I point it out: their #1 incentive to accept BTC is to avoid chargeback fraud. Will I have to repeat it a 4th time?

As to "nobody uses it", I am not ignoring you, it is simply that you are wrong. Usage is growing: we got from 0 to 160,000 merchants in a few years, the transaction rate is doubling every 18 months (not due to speculation: https://news.ycombinator.com/item?id=15281860)

«Bitcoin as it stands is a major regression in consumer benefits»

It is a (small) regression, yes, no denying that, but it is far outweighed by the advantages: permissionless, near-instant international payments, no inflation, censorship-resistant, gives access to the underbanked/unbanked, etc.

As to Apple P2P, it is pointless to continue discussing it before it is rolled out and before we have a clear idea of its advantages and inconvenients. But I maintain my position that, if not delays, there will be transactions limits, and it also won't ever be used widely (for starters, only 2-3% of the world population has an iPhone.)

(comment deleted)
> Say what you want about Bitcoin, but it does solve credit card theft for good

Bitcoin is very similar to cash in many respects, especially when compared to credit cards.

I doubt anyone would say this:

> Say what you want about cash, but it does solve credit card theft for good. If I could use my cash wallet to pay Sonic, I wouldn't be affected by this security breach

It's obviously true, but it's also trivial and pointless. Saying Bitcoin instead of cash doesn't change any of that.

You can't have 'free money' in Bitcoin in the same way a lot of people (ab)use their credit cards.
Maybe I'm a little ignorant on how/why companies store this sort of info. Someone at work informed me that Target storing CC numbers at least made sense when you needed to make a return. But at a Sonic Drive-In? I'm not returning my burger+shake combo.

What is possessing Sonic to keep the number any longer than the period it takes to receive money from the CC company? And why is this period any longer than the 20 or so seconds it takes to process the card at a machine? Are all of these magnetic-only or do they store CC numbers with chip cards as well?

> What is possessing Sonic to keep the number

They don't. From the article:

"Malicious hackers typically steal credit card data from organizations that accept cards by hacking into point-of-sale systems remotely and seeding those systems with malicious software that can copy account data stored on a card’s magnetic stripe. Thieves can use that data to clone the cards and then use the counterfeits to buy high-priced merchandise from electronics stores and big box retailers."

"The last known major card breach involving a large nationwide fast-food chain impacted more than a thousand Wendy’s locations and persisted for almost nine months after it was first disclosed here. The Wendy’s breach was extremely costly for card-issuing banks and credit unions, which were forced to continuously re-issue customer cards that kept getting re-compromised every time their customers went back to eat at another Wendy’s."

That provides an interesting lesson for vendors doing CC transactions: card compromise does not impact repeat business, so don't worry about breaches.

That's assuming the consumers were informed about the source of the compromise.
To this point, my bank replaced my card due to a breach that they refused to disclose to me. I'd like to know the source so I can avoid shopping there, but cannot.
Ignoring batch processing, they're also keeping this information in case of fraud issues, refunds, customer tracking for marketing purposes, etc. Even with PCI compliance you can store card information. You only can't store the CCV number. If your storing methods uses easy to circumvent encryption, then, ta-da, the hackers get all the credit cards.
> ... Target storing CC numbers at least made sense when you needed to make a return.

This is why I think the merchant processors should be instead be doing this by some kind of transaction ID. I.e. send the refund amount to the processor with the transaction ID instead of sending a new transaction to the card. It's more secure, and less error prone since you could build in checks for the amount returned and other such bits.

Every Payment processing system I have worked on did work that way, I did not need the card number to issue a refund only the AUTH Code
I don't believe in this case the hack targeted any cards held on file, as the article suggests it may have been a hack of the POS software system that would allow the thieves to copy the info from the magnetic strip as it was captured in real-time and then clone the card.
It is a good way to track customer's buying habits. eg how many people go weekly, or to different stores, or buy same products etc. eg HomeDepot tracks credit card back to userid https://consumerist.com/2013/01/16/home-depot-sort-of-explai...
For that it should be good enough to just store the first 6 digits and the last 4 digits of the card number. You might occasionally get two different customers whose first 6/last 4 are the same but it should not happen often enough to be a significant issue.

If even that small risk of conflating two different customers is too high, you could go with a hash of the credit card number.

If you go with the hash, then don't ALSO store first 6/last 4. A typical credit card number is 16 digits, and one of those is a check digit. If someone gets a hold of the hash, and first 6/last 4, then there are only 100 000 possible values for the missing 6 digits (10^5, not 10^6, because for any guess for 5 of the digits there is only one possible 6th digit that will make the checksum work). Unless you use a very very slow hash function, brute forcing 100 000 possibilities will be quick.

The first four digits are pretty generic. They tell you who issued the card. Many people will have the same first four digits. Maybe the second set of four and the last set of four would be better?

Usually the first four is the issuer and whatever numbers signify the specific type of card. The next set is the bank, I think. The third set is, as I recall, the account number, and the last numbers equate to your routing number.

Actually, just the last eight digits should be adequate. Hash them with a salt based on the last name and collisions are very, very unlikely. Don't store them at all, just store the hashes.

I can’t tell if you are playing, but by storing the most unique part of the credit card with last name you are not reducing the desirability of the target much.
You don't store the name. You use the name to generate the salt and hash the results. You only store the hashes.
You are still doing a near lossless transformation of the unique part of the credit card and name as one of your goals is zero (minimized) hash collisions. The character set and length of the input plus reasonable assumptions about the salt and hash make it very likely "reversible" using rainbow tables or other brute force techniques.

Choose metadata that doesn't have such high financial value. Additionally, it's been years since I've been involved in e-commerce and the details are now foggy, but if I recall storing those addition credit card digits, even transformed, will prevent you from achieving the industrial certifications.

This is what hashing is for.
RSA sells a very nice hardware device that will tokenize credit cards such that it's safe to store the tokenized value _AND_ you can detokenize it in order to charge (or refund) the card.
If there is a fingernail in my milkshake you can bet I will get a refund. That's still no excuse to be storing this information because as pointed out they should only need the transaction ID to issue refunds.
Target wasn't storing credit cards. They installed spyware onto the POS systems, and the CC numbers were not stored in memory on the actual register. So there was a point in time that they could be pulled from system memory. There was an in-depth analysis I'm struggling to find at the moment. But Krebs shines a bit more light on it.

https://krebsonsecurity.com/2014/02/target-hackers-broke-in-...

While Target does store transaction information, they don't store the actual credit card info. That's why you need to provide the physical credit card to do a return, or they give you store credit.

So I'm pretty ignorant to the history of personal identity/credit breaches, but for those who aren't, is this only getting to get worse? More and more companies are holding more and more data, to the point that these breaches seem to affect so many people. I entered the credit card game pretty recently, and almost immediately I'm affected by the Equifax breach. As a young person, this doesn't make the future of privacy/security seem so promising.
Someone should plot them to get an idea of how worse things are getting but it feels like we had one major data breach nearly every week for about 3 years now.
As it says in the article, this should get better once chips become standard. At that point, the chip will be doing something like an encrypted transaction with the bank, so listening in on any stage of the transaction shouldn't matter (not that I have any details on the process).
The news looks bad, but reality is worse. Remember that huge trove of NSA hacking tools and exploits that dumped last year? And the numerous follow-up dumps? There are LOTS of new weapons in the hands of everyone from everyday script kiddies to organized crime to enemy nations.

It's possible Equifax was the only credit agency with enough information to require public disclosure... if Transunion doesn't have the right logs or monitors, they may never find out they've been breached, and nor will we.

At this point, I assume everything on a computer can become public.

I've operated under the assumption that anything that leaves my computer will eventually become public since the 90's.

One of the few times I don't enjoy been right, I'm fortunate in that I'm vanilla, FSM help people under repressive regimes or who hold opinions that worry those in authority wherever they are.

We managed to combine a panopticon with a Skinner box somehow and people like it because it's shiny.

No computer system, or even individual computer that has the ability to be turned on, is 100% safe. Every system can be compromised, if the attackers have enough time and resources.

So, your last sentence is true.

However, there are ways to secure things in a practical manner and ways to detect, and stop, intrusions - though those ways look nothing like they do in the movies.

There are practical ways to limit exposure and to make data exfiltration more difficult. There are layers and practices that can be put in place to make it more difficult to do and easier to notice.

They are expensive and they do impact efficiency and may impact efficacy.

The easiest way to avoid data exfiltration is to not store it in the first place. But, that means they are less able to track the consumer and then less able to do effective targeting of ads and things like that.

The bottom line is it is expensive to reasonably secure your systems and the penalty for not doing so is less than the profits being made from not securing their systems in a reasonable manner.

Without larger penalties, this is unlikely to change. Maybe, just maybe, enough people will be impacted to where they actually start imposing serious penalties for negligence or willfully neglecting security. Maybe...

This talk seems to always be relevant:

https://vimeo.com/135347162

Abstract: In this bleak, relentlessly morbid talk, James Mickens will describe why making computers secure is an intrinsically impossible task. He will explain why no programming language makes it easy to write secure code. He will then discuss why cloud computing is a black hole for privacy, and only useful for people who want to fill your machine with ads, viruses, or viruses that masquerade as ads. At this point in the talk, an audience member may suggest that Bitcoins can make things better. Mickens will laugh at this audience member and then explain why trusting the Bitcoin infrastructure is like asking Dracula to become a vegan. Mickens will conclude by describing why true love is a joke and why we are all destined to die alone and tormented. The first ten attendees will get balloon animals, and/or an unconvincing explanation about why Mickens intended to (but did not) bring balloon animals. Mickens will then flee on horseback while shouting “The Prince of Lies escapes again!”

That is the most hilarious abstract I have ever read in my life.
The talk itself is just as funny too, please do watch it fully. It's not chock full of evidence, but it has some good points and some great entertainment.
I don't know who this James Mickens fellow is, but I like the cut of his jib.
I'm surprised Krebs end up plugging chip-and-PIN instead of the current leapfrog technology exemplified by Apple Pay. I feel there is not enough awareness of just how much more secure this is.

A huge advantage of Apply Pay is that you get the security of a PIN without the hassle of entering a PIN -- or the risk of it being stolen during PIN entry. You just authenticate with your fingerprint or, soon, your face. (Please no comments speculating that this is less secure than a fingerprint. It's premature to say and unless you know something Apple doesn't, you're probably wrong.)

Another less understood advantage is that Apple Pay takes the strongest approach to tokenization, which makes it effectively immune to merchant hardware compromises. Even chip cards rely on the card readers at points of sale to handle tokenization, so a hacked reader could in theory leak PANs. On top of that, lots of merchants/processors don't even bother with tokenization, so it's a crap shoot with every merchant.

Apple Pay tokenizes when you enroll your card, so the PAN (primary account number) never passes through any merchant systems anywhere ever. This means the tokenized numbers that hackers could steal from merchants are useless outside of two-factor-secured Apple Pay.

> without the hassle of entering a PIN

You're right except when your bank is a bunch of consumer hostile idiots that still make you enter the PIN.

Which bank is that?
> A huge advantage of Apply Pay is ... without the hassle of entering a PIN

You are forgetting that tools like Apple Pay are not hassle free for most people, especially those outside of IT circles. Millions of people struggle to use anything beyond basic technology (American banks have even decided that PIN's are too confusing! A four digit number that has been common in the rest of the world for decades!). Combine that with other factors like fears of being caught with a flat battery or businesses that are reluctant to spend money on new POS devices - it's unlikely that plastic cards are going away anytime soon.

Also, I'm not sure entering a PIN is really any more hassle than using a phone as a payment device (I use Android Pay whenever I can due to the added security features but the POS readers are often incredibly slow).

Not sure what you're talking about. Apple Pay is so much easier and more pleasant to use than chip-and-PIN. It is designed to be easier for the average consumer.

And in terms of speed, are we living on the same planet? Chip-and-PIN is notoriously slow in the U.S. Apple Pay takes a second.

Also I'm not saying plastic will go away anytime soon. There will be legacy terminals. I'm saying Apply Pay and its ilk are superior to chip-and-PIN, a two decade old technology.

> are we living on the same planet?

Are we? I assume you have never experienced the requests for support from tech illiterate relatives since childhood for assistance with VCR's, PC's, basic cell phones, printers, anything USB related in the 90's, scanners, cable boxes, modems, endless websites/web applications, and of course, smartphones. Demographic changes are shifting the definition of "average consumer" but boomers still dominate and many of them struggle with technology.

Chip and PIN is indeed slow in the US (I grew up elsewhere and travel regularly so it drives me insane) but the experience with Android Pay isn't necessarily faster or more convenient. Like I said, I use Android Pay whenever I can but I don't recall ever seeing another person using their smartphone to pay in a store.

A quick search seems to suggest this is more than just anecdotal:

http://fortune.com/2017/08/04/apple-pay-samsung-mobile-payme...

"Despite much publicity upon launch, Apple Pay, Samsung Pay, and Android Pay have struggled to gain traction," the analysts concluded. "Mobile wallet adoption has been underwhelming to date by nearly every objective standard, including initial penetration of smartphone users and repeat usage rate. While up to one-third of U.S. phone owners have enrolled in the payment plans, frequent usage is uncommon, the analysts said. Only 8%, 6%, and 3% of people use Apple Pay, Samsung Pay, and Android Pay at least once per week."

I've switched to Android Pay pretty much everywhere because it's nearly instantaneous, whereas chip transactions require 10-20 seconds of awkward waiting around. Before I had a phone with a fingerprint reader it took more effort to wake and unlock the device, but now that part is frictionless.
Android Pay is almost always as slow as chip transactions here in Minnesota. The app seems to work quickly but the POS machine is always slow to complete it's part of the transaction. It seems to vary depending upon the POS machine - for example Trader Joe's is always quick but those in the larger grocery chains or local sandwich shop are painfully slow.

From the downvotes I assume it's a regional thing!

Don’t be mislead by the headline. “Up to one-third of U.S. phone owners have enrolled” and a collective 17% of “people” use it regularly. That is not bad! It is still early days; new payment systems take time to roll out. But once you use it you become a fan, as you’ve discovered.

And did you just compare enrolling in Apple Pay to a VCR? All you have to do is point your camera at your card. That’s pretty much it. It is very consumer friendly.

I 100% agree with you. It's so much better and faster that it's almost confusing. The chip reader POS devices almost all make it seem as though an error has occurred when the transaction succeeds. When the Apple Pay transaction just magically happens I'm left wondering what else I need to do.

I would use Apple Pay all the time if more of the places I frequent supported it.

The banks can "decide" all they want, but virtually every American with a bank account already has a PIN for their ATM card.
A huge disadvantage of Apple Pay is that you must have an Apple device.
Android Pay is accepted everywhere Apple Pay is.
Same problem, different name.
Exactly. Between Apple and Android/Samsung there is broad support for this payment method across consumer devices.

My argument is not "merchant's shouldn't support chip-and-PIN." It's a fine fallback method. I'm just surprised Krebs mentioned that instead of Apple Pay.

Can we all now move to Bitcoin? We have enough evidence with all the breaches so far. This is not going to stop anytime soon.
Does that actually help all that much? I doubt most people know how to, or want to, keep their keys secure enough, so you'd likely end up with them being managed by central services anyway.
I sense an opportunity here for someone to figure out better UX when it comes to managing keys. A lot of folks do dabble and use 1password or lastpass, etc.
Millions of people eat at Sonic?!