393 comments

[ 2.9 ms ] story [ 222 ms ] thread
Sorry if this isn’t directly relevant to the article. It’s paywalled, so I can’t read it, but perhaps this is a good place to vent anyway.

My issue with Apple Pay is that it’s more tedious than just using a credit card. Especially with tap to pay, I can pull a credit card out of my wallet and tap it on the reader in a second or two. Apple Pay requires me to tap my phone to the terminal, hold it aligned to my face for a few seconds, maybe it will succeed or maybe I’ll have to redo it or type in my alphanumeric password, and I need to select the card I want which is a swipe and then another tap or two (it always assumes I want the default card, which is not always the case), and then I need to re-tap it on the terminal again. I also sometimes need to double tap the power button, but not always. And sometimes I accidentally turn it off when I am pressing the power button, and then I have to start over. I’ve tried it many times (at one point I had a business debit card that was shared among multiple people so we all just used digital copies of it), and it always feels awkward and time-consuming and like I’m holding up the line behind me. I really don’t understand the appeal.

Digital transit cards like the new digital wallet clipper card in the bay area are cool though. I definitely see the appeal of that. I happily used one for a few months, and then I upgraded to a new iPhone and it didn’t transfer over during the transfer process. Still haven’t figured out if it’s possible to transfer it over or not. So I tried signing up for a new digital clipper card, but I lost cell signal during the process, and now it’s stuck in some weird half signed up state where I paid $20 but the Apple wallet app won’t actually activate the card or let me start over. It’s been like this for a couple months now. So back to physical clipper cards for me.

Sometimes new technology is really just overcomplicating things.

If you already have your phone in your hand it’s faster for sure come on
Between the face ID part, the awkward interaction for selecting the card, and the inconsistency for loading the wallet app, I disagree in my personal experience. Plus, how often do you have your phone in your hand when you’re checking out somewhere? Realistically, I’m either taking my phone out of one pocket or my wallet out of a different pocket, there’s not a huge difference in time or effort. And one of them I know will work quickly and seamlessly, the other one works most of the time with a few extra steps.
> the awkward interaction for selecting the card

Do you juggle a lot of different cards? My guess is that most people have a default.

> how often do you have your phone in your hand when you’re checking out somewhere?

Pretty much always when I’ve been in line at the grocery store.

I agree with you. My guess is these people are a bit older and have different habits. Also lmao at “awkward interaction for selecting the card” as if people don’t have to select the card out of their physical wallet in the same way?
Personally, I sometimes have my phone in my hand already. If I don't, then I can usually use my Apple Watch. If not, then yes, Apple Pay with Face ID is a bit inconvenient, but not as inconvenient as carrying around a wallet everywhere would be.

In the past, I encountered credit card readers that wouldn't work with Apple Pay often enough that walking around without a physical credit card felt like a gamble. These days it doesn't.

Hands can be used for other things than holding an iphone.
Yeah, using Apple Pay isn't a slam dunk if you have one card you use for everything, and always have with you. Where it shines is that it can relieve you from having to carry around three credit cards (gas, grocery, everything else), a warehouse membership card, retail club card, etc.
Yeah, the only reason I use it at all is for my less frequently used cards for special purposes. Cards I wouldn’t normally carry with me in my wallet, but it’s nice to have in case I randomly need them. So it’s nice to have the option, I just don’t understand how anyone would expect Apple Pay to replace the simplicity of credit cards for normal high-volume transactions.
This is so alien to me. I’ve been using Apple Pay for years. I don’t even know where my wallet is half the time. I certainly don’t carry it on my person. If you have an Apple Watch it’s even faster.
Thanks -- I have a iPhone but don't use Apple Pay. No way do I want to connect my phone to my bank account, and in any other respect I have not been able to imagine how it's better than a credit card.

I've seen people fiddling with their phones trying to pay for stuff, reminds me of the days when you'd get behind someone trying to write out a check.

> Sometimes new technology is really just overcomplicating things.

Wholeheartedly agree. There's nothing about paying for something at a point of sale that needs fixing with additional technology.

I guess it’s a matter of perspective.

I’ve seen people fiddling with their purse/wallet searching for the right credit card, backing up the checkout line, while others breeze through with phones/watches that they already have in hand.

I guess, if it works for you. I don't even take my phone with me half the time if I'm just running to get milk and eggs.
Lolol, my experience with my Target card where I have to unlock my password manager, autofill my creds and scan a barcode, sounds just like the same kind of fumbling.

Assigning Google Pay to my double press shortcut on my wake button is way less effort.

I cannot say I have ever encountered any of the problems you describe and I use Apple Pay daily to pay for everything. Just double tap the power button before paying and hold it to the terminal, it takes like 2 seconds.
I just switched from a Google Pixel 5 and while I still use Apple Pay, I've gotta say that fingerprint + scan is way faster than {double tap + faceid + scan}. The friction of Apple's approach is _almost_ enough to make me pull out my card instead depending on how well FaceID is working that day for me.
I wonder if the friction comes from holding the phone too far away when you're doing the Face ID scan.

I double-tap and Face ID scan right in front of me first, then I hold it out and tap on the reader. It always works and there's hardly any delay. Fishing my credit card out of my back wallet takes 2 seconds longer.

That said, nowadays I use my Apple Watch and that's even faster -- double click the side button, and tap. (No Face ID at all)

For me it's:

1. Long hair can sometimes get in my face, making FaceID unreliable

2. Camera angle in the "tap" position is not the angle it needs to be in for the FaceID unlock. I often double click then try to tap my phone, only to remember that I need to FaceID unlock.

I can’t speak to 1 but for 2 the routine is auth first, tap later. Double click, hold up to face, then hold to reader.

Also two things: if you’re willing to accept a less secure Face ID you can turn off attention (1). And if you’re paying for transit, you can turn on Express transit if supported on your provider — then it’s just tap, no need to auth.

(1) https://support.apple.com/guide/iphone/face-id-attention-iph...

Same; also, it’s just a double-press on the side button on my Apple Watch and the Wallet comes right up.

Great when you’re in self-checkout in a busy supermarket…

(comment deleted)
Agreed. Both scenarios are similar. I wouldn't say one is inherently better than the other:

1. grab wallet from pocket, find card, align card to tap to pay target

2. grab phone from pocket, double tap phone side button while looking at it, align phone to tap to pay target

It also depends what you already have out. If you already have your wallet or phone out (wherever your store loyalty card is), that mode (wallet or phone) is that much easier

By contrast, I do not carry a wallet typically, and Apple Pay on my watch is my standard approach. Places that don’t accept it just don’t get my business, and it is vastly quicker than searching through a wallet for the card I want.
While I agree about the awkwardness of the phone, I’ve found my Apple Watch to be extremely convenient as a way to pay. Simply double click the side button without needing to look and tap it on the reader. Doesn’t get easier than that. And like someone else said, it makes having many payment options available without fattening your wallet. Costco for example, only takes Mastercards in canada and I don’t use the master card anywhere else
I don't see the cost-benefit justification when an Apple watch costs $400-$800 and is (at least IMO) is yet another device to complicate my life and invade my privacy.
You must be a very important person. Better not go to any stores then because they have cameras everywhere that will invade your privacy too.
One bad thing existing does not justify other bad things.

And no, I'm a nobody.

The Apple Watch SE is $249, Series 8 is $400. Used version 5, 6 or 7’s can be had for $200. (I picked up a refurbished version 5 off Amazon for ~$200.) I find that the Apple Watch simplifies my life. I have all notifications turned off except for meeting reminders and texts from my spouse. I leave my phone at my desk and no longer carry it with me around thee house or work. Apple Pay works beautifully, allowing me to leave my phone at home to pop over to the grocery store. The timer is convenient for cooking and reminders. As a recreational runner, it has replaced my Garmin. The sleep tracker works well. To my knowledge, it transmits no additional data to Apple than the iPhone itself. And it keeps time. All in all, a worthy investment.
Costco in the US used to only take American Express, and then only Visa (when they partnered with Visa) and now you can just use anything. In Iceland they take everything because the idea that they wouldn't is just a cultural headscratcher to a citizenship that has all of 3 banking options. I suspect they have a special business or "pro" membership that includes a mastercard option there? That was the old motivation before they gave up on it here.
That’s precisely what they are trying to do - they have an “executive” tier that has a bank associated Mastercard
Do remember that card with tap functionality are pretty new in the US, Apple Pay (and similar) came several years earlier. If you live in a place where tap cards came first, use of Apple Pay is much lower for obvious reasons.

Since I got tap on my latest credit card I'm actually using it more than Apple Pay. Not because of convenience, but because there's zero reason for me to hand over my purchase information to Apple for free.

All that said, when I do use Apple Pay, I double-click the phone first to unlock the card and then tap the phone to the terminal. That sequence makes the whole thing much less awkward, because you don't have to click and make sure the phone can faceid-unlock while you're holding it in a weird angle on the terminal.

One of the notable features of the Apple Card is that it is the only credit card available in America that promises not to sell your private information or transaction history.

I would trust my data to Apple more than any other financial institution.

Yeah, but this article is about Apple Pay, not Apple Card.

If you have a card with someone else and you use Apple Pay, your information is sent to both Apple and your bank. If you just use the card, only your bank gets it. I can't stop my bank from doing whatever with the data, but there's no reason for Apple to get that data from me for free. Sure, it might be smarter to switch banks, but if you're unable to do that, why give Apple the data as well?

> Do remember that card with tap functionality are pretty new in the US

I've had cards with tap functionality since 2006 or so. And not any fancy card, my Amex Blue Cash has this in the late 2000s.

> All that said, when I do use Apple Pay, I double-click the phone first to unlock the card and then tap the phone to the terminal. That sequence makes the whole thing much less awkward, because you don't have to click and make sure the phone can faceid-unlock while you're holding it in a weird angle on the terminal.

Ya, that’s why Apple Watches are so much easier for Apple Pay than using iPhones.

I occasionally have those frustrations but for me, leaving without my wallet is worth it. Most places I go I don’t need it unless I need my ID for booze or something (technically could pull that up on my phone but not sure who accepts it even when it’s actually valid legal ID)
> when it’s actually valid legal ID

Source on this very questionable statement?

I use apple pay a fair bit since it means I don't need to carry my wallet, but when I have my wallet with me, I do find it much more convenient to tap the card.

Android lets you tap and pay without re-authenticating, I wish apple would allow the same.

Apple pay on the web is also very convenient, whenever I visit some cafe that has a QR code menu, it saves me entering in my card details.

Doesn't Apple let you pay without re-authenticating if you use an Apple Watch, so long as you don't take it off? I don't have one, but this is my recollection of their messaging.
This is correct. Once you authenticate once on Apple Watch (either with PIN or by allowing your phone unlock it once you are wearing it) you can Apple Pay to your heart's content until you next take the watch off.
The user experience of Apple Pay on an iPhone with Touch ID is effortless. Apple really took a step backwards with FaceID. Couldn’t have been a worse time for it either.
I have the opposite experience. Touch ID doesn't work well in regions that experience cold dry winters -- when my fingers are dry, Touch ID doesn't read. (I have 5 fingerprints from different angles stored -- no dice). Not to mention it doesn't work when wearing gloves.

Face ID on the other hand works almost all the time, even with a face mask on (iPhone 13 and later only)

I'm with you. Touch ID is great for people in perfect climates who don't do anything difficult in their life.

My entire motivation to upgrade from a touch ID phone to face ID is my main complaints with touch ID: 1 - it sucks with gloves, and I'm wearing gloves a lot either because it's cold or I'm riding a bike. I still get annoyed some gloves I can't tell it to "start" the unlock process but gross or not, my tongue does the job there to kick in face ID recognition. 2 - I am cooking and working off a recipe on my phone which (by the way I would love to be able to temporarily set "don't shut down mode") and I have to unlock it with messy hands to set the next step.

> I am cooking and working off a recipe on my phone which (by the way I would love to be able to temporarily set "don't shut down mode") and I have to unlock it with messy hands to set the next step.

I haven't really used either of these, but maybe a solution could be created by setting up a custom Focus and then creating a Shortcut that activates with that focus and that does something to ensure the screen remains on; maybe a loop with a certain action or a change in settings. I am not sure since I haven't used shortcuts, just skimmed for a min before commenting.

Guided access via the accessibility shortcut is a good way to force the screen to stay on. Go onto the accessibility settings, enable Guided Access, and tell it to activate when you triple click the power button. Then when you’re in an app and you don’t want it to turn off, triple click the power button, select options, disable the power button, and start. It’s also great for locking other aspects of the phone if you’re going to hand it to someone else for example.
After messing with it a little, that does almost exactly what I want. I do wish it would just allow faceID to exit guided mode and not a passcode, but I'll take it - thank you.
I'm currently in a developing nation, unable to buy much variety of goods or services, and keenly aware of just how incredible it is to be discussing fractional seconds of transaction time for something that is – for me currently – either 1) several weeks of very expensive shipping away or 2) requires sending someone to the capital to train in the expertise.

I don't mean to dismiss the attention to microseconds (I'm an advocate for continuous improvement, after all)... I'd just like to share this fresh/broad perspective.

When you are standing in a line of people, and they're all waiting on you, there's a bit of pressure (real or imagined) to not be the one wasting everyone else's time.

Given the option between tapping a card, which Just Works, and fussing with Apple Pay that (in their experience) doesn't, the obvious choice is to not bother with using apple pay.

That's not to say that your perspective isn't informative, but rather that the original complaint likely comes from a place of social stress rather than fractional seconds being the issue.

If they are in a developing country, QR code payments are more likely, which is like take out your phone, open your payment app and take a picture of the code…a lot more complex than Apple Pay or anything related to NFC, but also cheaper since the hardware is really cheap (just normal smart phones).
Imagined. No one is noticing how many seconds it takes you to pay. They notice if the cashier has to call a manager, or if you are using some coupon that doesn’t scan or something that interrupts the normal flow of a transaction. They’re not noticing that you’re taking 20 seconds to find a credit card or unlock your phone.
From your long description of the travails of using your phone with a terminal, I’m not sure you know this: you can double-click the power button at any time, and it will do Face ID and pre-approve a transaction - _then_ you can hold it to the terminal to pay.

I’m imagining you, from the description, holding the phone to the terminal then trying to frame your face so that Face ID can see it - which works, but is as annoying as you seem to be describing.

Face ID is annoying but still better than card. Touch ID is best for payment.
Sorry, every complaint about apple pay is someone not using a watch on a card they use for most things. I lived in Europe the last three years up until moving back to the US recently, and in Europe, there was simply nothing easier than double clicking the watch button, and hovering over the NFC payment device. Even since moving back, I find it almost a rarity a place doesn't accept that and all it took was changing the primary card back to a US one.

If you're on Apple's ecosystem, and not using the watch, you're missing out. All of the criticism of walled gardens are certainly relevant, but even with the iPhone only (or, hey, when I forget to charge the watch for two days) I can do the same thing with the same double click and the extra step of FaceId-ing the phone.

Meanwhile card skimmers are no longer a fear, I don't have to put a zip code in to get gas in my car, and as a side benefit, most UI's on payment devices haven't figured out how to beg for tips with apple pay yet (yet). As I understand it the android experience is almost identical. I now only carry a single card, my debit card, which is a back up in case I really need cash for something and an ATM is my only option. I don't see anything inconvenient about that.

I just don’t want to have another thing to charge every day or two. Until Apple makes an eink watch or can somehow stretch the battery life to a week without compromising features I’m not interested.

I have an amazfit bip with an e-ink screen that I last charged 27 days ago, still have 16% battery life, and it serves its main purpose of showing me notifications for my apps (mind you not all of them) and tracking my sleep and steps.

Your complaint is about FaceID, not Apple Pay.

I tap the side button twice, then enter a passcode whilst the cashier is scanning the items. I then scan my phone when it’s time. Maybe taking a card out is 3 seconds faster but I haven’t benchmarked.

> Digital transit cards like the new digital wallet clipper card in the bay area are cool though

Until they say "oh yeah, today it doesn't work on Android".. or "it doesn't work on certain Androids"... what the actual fuck? San Francisco/Bay Area, tech capital of the world, can't get their shit transit's pass to be cross-platform?

A month ago, two Android phones that both work for everything possible in multiple EU countries, one just doesn't work for Clipper, trying to use the card says "invalid card". And of course there is no check before you add money to it, so you're stuck with money on the card you can't get out of without going to one specific office that might be able to help you (different people said different things)

This is a weird thing I notice with a lot of American tech. Stuff first gets brought to market somewhere around Silicon Valley and amazing technologies are invented all across the country, but when it comes to reliably rolling out such tech it just seems to get stuck somewhere.

Meanwhile over here in Europe we have to wait a couple of years for tech to come over, but when it finally does, it seems to work almost universally.

You'd expect that stuff managed in software would get its patches way before European implementations receive them in their improved form, but it's as if this stuff just gets rolled out once in the USA and then never gets looked after again. I'd be incredibly frustrated seeing other countries get some frustrating details right when the tech was invented in my own country!

Everyone in the replies is talking about Apple and the Apple Watch. I personally have a Pixel 5A which has a dedicated fingerprint reader on the back. I unlock it before it even leaves my pocket, scan on the turnstile, and I'm through. No fucking around with face unlock. It's great. And I've tried the newer Pixel screen-embedded fingerprint unlock and it seems worse.
Seconded. The fingerprint reader on the back was the ideal design, and the screen-embedded reader is objectively worse in ergonomics and reliability. And having the phone unlocked before it's even out of your pocket is so much less frictionless than clunky, gimmicky FaceID.
From the article: Apple introduced high-yield savings accounts. This is interesting, what would be the motivation for somebody to use this? Is return noticeably better than other institutions? Why Apple is doing it at all?
Yes. It's significantly better than the average interest rate of savings accounts in general. Most of the big banks have abysmal interest rates for savings accounts. That said there definitely are options that provide a bit higher rate than Apple. The other reason would likely just be convenience.
Interestingly enough, there's a bit of a forced/easier savings as well for some folks. You can set your 'Daily Cash' (cashback you earn from an Apple Card) to deposit directly into the Savings account. It makes 'saving' a bit more seamless, and, indirectly, encourages spending on their Apple Card, I assume.
Yep. I moved my entire savings over there. 4.15% APY beats 0.01% APY any day of the week.
I've been hesitant to do this for multiple reasons:

- Does not work with budgeting apps yet (Mint.com in particular)

- No web interface yet, no easy way to do transfers without your phone. Having my life savings tied to a phone... a bit odd. It's a regular ACH account, but it needs more conveniences around it that other banks already have.

I love my Apple Card. I'm a huge fan of their app-first approach for everything, but a bank account is different. It should be easily accessible from any device.

Other banks are doing this excellently and have been for years, just without the fantastic app factor. Discover Bank's savings is at 3.75%. Ally is at 4%. Both with good apps, decent web interfaces, work with budgeting apps, excellent support and high interest rates.

These are all valid points, personally I don't plan on touching these savings for a long time (nor do I really need to track it using apps like Mint/RocketMoney/etc), but if you do then the Apple Savings account really isn't a good choice.

Personally I see it being tied to my phone as a positive, I don't really need to think all that hard about it, signing into an antiquated banking website, doing 2FA, etc etc etc.

Hopefully over time Apple adds these things, but they're certainly not a blocker for me.

That fantastic app factor goes a long way for me.

Are you not in the slightest concerned that if someone steals and or hacks your phone, they can drain your savings? There’s already tons of iMessage zero days out in the wild, so unless you’re running lockdown mode and have a long, alphanumeric password, this seems like a big risk.
It would probably be cheaper to hack my bank.
Wouldn’t this automatically compromise all other apps on the phone?

Because if so, then any other online banking apps on the device aren’t safe. So just about equal security to any other mobile banking service.

Yeah I'm honestly not worried about this at all.

- I have far more faith in Apple's security model than a traditional bank's model.

- I assume Goldman Sachs has a decent policy for fraud/hacks (though someone can fact-check this).

- I'm not a millionaire, if I was I'd be using many different bank accounts, is someone going to exploit a likely-already-patched zero-day in one of the most locked-down operating systems to get my five-figure account?

isn't there a 20k per week withdrawal limit?
> You may deposit or withdraw funds from your Account into or from Apple Cash. Transfers must be at least $1.00 and can be no more than $10,000. You may transfer no more than $20,000 per rolling 7-day period. We may place additional limits on the amount and frequency of transfers for the security of your Account

Seems to be just transfers to an Apple Cash account, which is primarily used for free Venmo-like peer to peer payments. Venmo has a similar $20k limit. I think if you're trying to transfer this much money, there are plenty of other transfer methods available.

https://www.goldmansachs.com/terms-and-conditions/Deposits-A...

Chase, the largest bank in the US, offers 0.01% APY for their savings account. BOA offers similar rates.

Goldman Sachs, the institution behind Apple's financial products, offers 3.90% APY to their Marcus clients, which is lower than Apples APY %.

Apple is providing APY bump to pump the market response to their product and the media coverage ("marketing expense"), which will then pump the stock at earnings, making everyone (execs) happy.

If you're already deeply in the Apple financial ecosystem perhaps it makes sense but if you're just chasing yield there are better options out there. SoFi will pay you 4.2%, and there are lesser known banks above that. Treasury money market funds (e.g. VUSXX) will pay you in the high 4% range (VUSXX is at 4.68%) and are exempt from state and local taxes too.
I have a checking account that pays 5.9% APY, I wouldn’t trust sofi with my money.
Which bank is offering 5.9% APY? Just curious, whats wrong with Sofi?
if you purposely pick savings account that are not meant to be high yield, and compare them to a high yield offer, of course you get that. these savings accounts aren't meant to hold large sums or accrue interest. they're meant to save up a couple of paychecks and move the money into something else. because believe it or not, people don't use savings accounts to earn interest. it's a temporary place to park a small liquid amount of money.

here in the real world, interest rates were increased, so all the high yield savings interest went up. mine is 3.5% w/ sally mae - like capital1's rate.

citibank is at 3.85 while discover is 3.75. less known ones like citbank are 4.75 and bask is 4.65.

apple is providing APY in response to the current interest rate, just like everyone else, and less than many others. it has nothing to with market response and media coverage, it has to do with Sachs being able to lend your savings back out as mortgages and loans an an increased rate. when the fed rate goes back down, so will all the rates offered by all the banks. this is literally how it does and always has worked.

the only thing apple is doing is inserting themselves between you and your savings account at sachs, for some god unknown reason.

You can get a bit more if you hunt around. Apple is counting on most people not thinking it's worth it to hunt around for the incremental APY that you can find. But the big banks pay much, much less.
It’s convenient if you’re already all-in on the Apple ecosystem.
> Is return noticeably better than other institutions?

It is on the higher end compared to other HYSAs. The highest I've seen is 4.81% compared to Apple's 4.15, but that's still better than 3.x% offered by a lot of HYSAs. And of course it's better than the .35% average for regular savings accounts. [1]

> Why Apple is doing it at all?

It's another mechanism to lock people into their ecosystem. You won't switch to Android if you've got funds in an Apple savings account.

1: https://www.cnbc.com/select/best-high-yield-savings-accounts...

I love Apple Pay. Being able to simply tap my watch to get through just about any MTA (New York City transit) turnstile makes every other public transit experience practically unbearable by comparison. The execution is flawless.
This was doubly amazing in a recent vacation to Japan. We were able to provision a local transit card (Pasmo) from within the Wallet app and load funds with a credit card we already had in Wallet.
In Vancouver you can just pay directly with your credit card or debit card (or google wallet, apple pay, whatever). No loading of a separate account. It's really handy if you're just visiting.
Long-time Japan resident here. I haven’t travelled outside Japan for quite a while so I don’t have a good sense of how payments work in daily life elsewhere. Here, the big convenience store chains now accept a couple of dozen different types of contactless, swipe, or QR code payments [1, 2, 3 (in Japanese)]. However, cash is also widely used, and many smaller businesses still accept only cash [4, 5 (ditto)].

[1] https://www.sej.co.jp/services/cash.html

[2] https://www.family.co.jp/services/payment.html

[3] https://www.lawson.co.jp/service/payment/settlement/index.ht...

[4] https://www.caa.go.jp/policies/policy/consumer_policy/meetin...

[5] https://dentsu-ho.com/articles/8187

> every other

This has been a common scenario for many countries and cities around the world, for a long time, before the MTA introduced it, with similar flawless execution. Just off the top of my head, London, Singapore, Sydney, Japan and South Korea.

I remember when Americans were initially hostile to NFC payments almost a decade ago, but I guess times change?

> This has been a common scenario for many countries and cities around the world

By using a watch or a card? A watch is 10x better than a card because it's always available, even when your hands are full.

What happens if the Watch runs out of battery?
That never happens and I wear my Apple Watch all day and all night (for sleep tracking) except for when I shower -- I plop it on my charger once a day when I shower and it charges to full during my shower (it doesn't take that long for the Watch to charge to full)

iOS devices also have Power Reserve, which lets you use wallet and express transit for up to 5 hours even after your battery is out of juice.

https://www.idownloadblog.com/2022/01/13/apple-power-reserve...

Never runs out of charge… needs recharging daily?

How do these 2 not conflict?

Just that there's a routine in place which ensures it always gets the required charge without it needing to be especially planned for.
I'm sure it works great when you're travelling /s
Traveled to Japan recently (time zone change, long transpacific flight). No problem. I charged the Watch when I got to the hotel and it still had quite a bit of charge left. Then I just charged it whenever I showered and that worked for me.

The Watch isn’t like a phone. It doesn’t have a lot of background apps running and the battery life between charge intervals is more than enough.

Simple. To "run out" means to drop to a 0% battery level. That has never happened to my Watch since I've unboxed it.
Good for you, but with a battery life measured in hours, not days, unless you've got a life that's on such a routine that you charge it every day, it's going to run out of battery. I have a Series 4 watch and that thing spends most of its time at 0% battery level. It's not so useful when I'm just sitting at home, so I don't bother to charge it unless I'm planning on going out.
Most Apple Watch owners charge their watch while they’re asleep at night.
Battery life is actually 1.5 days for Series 7, and whatever routine one has with smartphone charging, one can implement the same with Watch. I tend to shower daily but I know a lot of Northern Europeans have different ideas about that so charging at bed time works too.
Take out your phone?

What happens if your phone runs out of battery? Take out your tablet.

Isn't it the same thing, just NFC? The only difference I know is that your watch/phone will not limit you to a certain amount like your card will, since you're authenticating when paying.
NFC is NFC. Tap to pay with the physical cards is what convinced me to finally start using the same thing on my phone. If I had a watch... I'd probably still use the phone? I'm not entirely clear on why or how Dick Tracy inverted, yet again.

Note that I have no problem with others liking the watch. I just don't see what makes it so much more convenient than a phone. Curious what will pull me over.

Doesn’t the phone have to be unlocked? The watch authenticates one time when you put it on (and unauthenticates when you take it off), so you can securely pay for things via a double click of a button then tap, vs having to unlock the phone with your face first or enter a pin or whatever. If someone steals your watch, they can’t steal your money unless they some how can cut off your wrist without triggering an unauthentication.
My paranoia is such that I'm sure I would require my watch also have some form of "be unlocked." And since this is largely, "be unfolded and have seen my fingerprint recently," feels like a non issue?
Phones aren’t secure enough, even if it’s seen your face or fingerprint recently. Actually, Apple offered a way to use your watch to make your phone easier to unlock, as long as your watch is nearby and has been authenticated itself. The whole “on your wrist” authentication experience can be used for the phone also, I guess.
Doesn’t need to be unlocked for public transport transactions, just tap the locked phone (watch also works without further interaction). https://support.apple.com/en-gb/HT212171
Ya, the same for Apple Key (I can unlock my car with my phone, but needs to be unlocked before I start my car with it).
For general payments, yes, but Apple allow-list known public transport networks to charge cards without auth. I would guess this involves auditing the crypto, being fairly sure they aren't going to mess it up, having a very limited payment amount (Transport for London for example "charges" £0.10 when you tap in/out, and then bills you the correct balance at the end of the day).
Pulling out my phone while in motion greatly increases the likelihood I will drop it, or that it will be stolen out of my hand (especially by a thief going the other way).
Suica (used for transit in Japan) has been supported on Apple Watch in Japan since the Apple Watch Series 2 way back in 2016

On the London Underground since 2014 you can use any regular EMV NFC debit/credit card to tap in and out of turnstiles. Since Apple Pay just implements the EMV standard, it works just fine as well with any credit card you have added in there.

Suica was amazing the last time I visited Japan. Just bop your watch and go. It even supported reloading cash from my US credit card with the native iOS/watchOS provided card management UI, no need to fidget around with a questionably engineered third party app.
Best for who wearing watch on right wrist
Using any NFC device

You can buy NFC rings these days

Chip payments remain awful. Mag stripe worked much, much better. Much cheaper "terminals". Could use in many more places.

The awfulness of chip payments makes Apple Pay possible.

Australia went basically overnight from magstripe to chip and pin without issue. There was something uniquely awful about how the U.S. did it.
Canada also adopted it pretty quickly, years before the US. There was an extended period in there from around 2007 to 2020 where it felt like traveling back in time when I went to the US and it was magstripe and signatures again.
Don't forget about using cheques and having to use third-party applications for money transfer between people (Venmo, CashApp).

Americans always seem to come up with an excuse for why they are slower, like a comment higher in this thread, despite the rest of the world moving on with more convenient and accessible technologies. Is it an overly defensive culture?

Maybe it’s cognitive dissonance caused by nearly 80 years of ‘America is #1’ propaganda.
Massive installed base of older technology plus no financial incentives to update.
Do you really just use your bank's app to transfer money to anyone, though? Sure, here in Norway if I know their account number I can do that, but if I want to transfer money to a friend, I'm probably going to use Vipps because I only need to know their phone number. I consider Vipps to be a 3rd party app even though it's jointly owned by the major banks here.

Every country is unique, but the financial system in the US is, as far as I can tell, quite unique, in large part due to how large the country is both in physical size and population, combined with a governing system that decentralizes a lot of power (which means some changes are much harder to mandate vs what China can decide to do, for example). You have to understand some of these foundational differences, after which it makes much more sense why some things move much more slowly in the US.

In Canada, yes. But Canada does have a massive advantage that there are only five major banks who already cooperate over a shared debit infrastructure called Interac, so when email transfers (initially “certapay”) were introduced, there was already a logical body to do the coordinating.

Smaller banks and credit unions have zero incentive not to participate in anything the big banks do since it will immediately put them behind 99% of Canadians.

>Do you really just use your bank's app to transfer money to anyone, though?

yes, in canada the process to transfer money to somebody is to go to the "e-transfer" section in your bank's app or website, enter the email address to send to and an amount, and hit send. you don't need to know account numbers or anything like that.

in most of the world, the credit card companies told vendors that they'd have to be liable for any fraud committed through payment terminals that hadn't been upgraded to chip and pin. so every vendor upgraded their terminals.

in the US, credit card companies continued to accept liability for magstripe transactions up until a couple years ago. i think it was an attempt to hold onto their absurdly high market share in the US - most other countries have higher debit card usage.

The chip and pin terminals are now cheaper than the magstripe ones ever were (about $60) and are accessible to many more businesses, even those that don’t have multi year trading history with their bank. It’s absurd to say they could be used in many more places… I literally do not carry cash for the last 6 years or so. Prior to chip&pin many small restaurants and cafes could not get a magstripe terminal from their bank.

I’m curious what you mean by “worked better”? I haven’t used magstripe for a decade at least but can’t say I’m nostalgic for the experience.

Mag stripe readers are $1.
There was a first wave of contactless in the US, which then died very quickly because major retailers sued Visa/MC about preferential terms for contactless cards, and won.

The new wave seems mostly driven by Stripe and Square being adopted by small businesses everywhere and supporting it out of the box, forcing the major retailers to finally catch up.

> with similar flawless execution

> Just off the top of my head, London

Transport of London used (and still does) Oyster Cards (contactless smart cards). when they switched the system to also support contactless credit cards all they had to do was flip a switch, the support was already baked in.

contactless credit card support on TfL started in 2012 and the full rollout was in 2014.

Anyone who uses Apple Pay knows it is the way payments get made in the future. The narrative that it is some sort of failure is completely wrong.
I don't know. I live in a city in Europe.

I get my wallet out, put it close to the ticket reader in any metro station, bus, tramway or trolley in the city, and it works just as flawlessly.

The only difference is between a wallet and a watch, which is a very tiny difference, IMO.

I'd say one of the main differences is that some NFC cards don't have anti-collision features and won't work next to other NFC cards. Thus, when you have your travel pass + credit card + ID card (mine is NFC), it doesn't work and you have to take it out.

Hopefully, in Switzerland you don't need to tap/read a ticket before boarding any public transport, so it makes it a bit easier

Given how cold it gets in the winter (around or below freezing) in various parts of Europe, getting a wallet with anti-RFID lining and a compartment outside of that, a purse or bag with a pocket on the bottom or side, or gloves with a pocket on the back of it, or this watch thing, or really anything that lets you run your travel card without having to take off your gloves is well worth the cost.
Maybe it's because I'm really lazy, but the wallet vs watch thing makes a huge difference for me. I hate having to pick up my phone or wallet from my pockets, being able to pay from my Apple Watch is such a game changer that it became the only reason I even have one.
Recently in a conversation with my daughter (16) taking about how much cash she had on hand to spend I was confused until I realized her use of “wallet” meant Apple Wallet, and physical cash is something off in her room in a drawer somewhere.

Having come into banking age with Apple Cash and a Chase debit card both in her Apple Wallet she treats that as first-party financial transactions and anything not tap to pay is written off as archaic.

I think kids growing will be happy without any physical cards and banking will all be app driven.

It’s only having grown up needing something to carry all my physical cards that I treat that as my primary wallet.

And I’m now Apple Pay first, and then keep a debit card, a credit card and my drivers license in a MagSafe wallet on my phone. Everything else is in a drawer at home.

Even specialist cards like ny health and transit FSA cards are in Apple Wallet. I can pay for NYC MetroNorth and MTA subway fares on an FSA card through Apple Pay which cuts down on the misc single use cards I’ve had to carry.

Even things like COVID ID are electronic in Apple Wallet.

It’s fantastic to cut it all down.

I’m oldish, and no longer carry around a wallet. I don’t even whip out a phone to play for things, I just tap my watch. This was after 9 years in China, where, given that WeChat payments wouldn’t support foreigners without Chinese ID cards yet, I carried around wads of RMB the whole time.

I also have a MagSafe wallet. But if Washington state would support digital driver licenses and Seattle metro had a wallet based transit pay app, I wouldn’t really need that either.

Also oldish. In our household we refer to coins as “parking tokens”, but even that usage is becoming obsolete (notwithstanding that parking machine UX is too often a horror show)
I've taken it for granted that my parking meters take credit card at the meter (or at the payment machine), but on top of that there's an app/website and you can plug in the serial number of the parking space to pay.
I have a big bucket full of coins that I need to take to the coin machine at the supermarket while such still exist.
I’m 40 and I’m in the same boat as your daughter. I no longer carry a real wallet. This isn’t just due to Apple/Google pay but also because basically everything related to your identification is now available as an App here in Denmark, so you can get your social security card, your drivers license and your national 2factor login on your phone along the digital wallet.

I do still keep around $100-200 worth of Danish Kroner in cash in my bag, however, and I almost never need it, but it’s nice to always have enough for a night in a hotel, a really long cab-ride or groceries for those times where the systems break down.

She would have a hard time visiting Germany, where "No cards accepted" is still a thing in 2023.

When I arrived to Germany two decades ago, living on digital payments (debit cards) was already common practice in Italy, Portugal, Switzerland and France, so it was kind of shock the money only culture around here, that is still quite prevalent.

> She would have a hard time visiting Germany, where "No cards accepted" is still a thing in 2023.

Have you been in germany this year?

I live in Germany, and can point you to several restaurants on the city center where I live, that have "No cards accepted" quite visible on the window, or the typical blackboard menus.
I sure have, I live here! Tried to pay for my croissant and juice in Penny Markt just this morning, i trid to test paying with my credit card and got the usual "Keine ausländische Karte!" :-)

And dont even try using a card in a restaurant or a bar, the terminal always, and i mean always just happens to be "broken" at this particular time.

That wasn’t my experience in Munich recently, although I could see it being the case outside of larger cities.
Well yeah, paying with a credit card in physical stores is rare in Europe (and usually considered very strange). People use debit cards or cash (the distribution between these varies per country). I've seen Americans try to pay with a credit card in a supermarket in the Netherlands and have it fail. It probably works more often now, but don't expect it to work everywhere.

People in Europe tend to only use a credit card for online purchases outside of their own country; most people don't have a credit card at all. Online purchases tend to be done with national systems like the Dutch IDeal (this even works with large international shops like Amazon and Steam).

paying with a credit card in physical stores is rare in Europe (and usually considered very strange).

There is no difference between the mechanics of paying with credit card and paying with a debit card, at least none that I've ever noticed. I hold up my card to the reader and sometimes enter my PIN. I'm not even sure if there is a way for the person accepting the payment to tell if it's a credit or debit card I'm using.

I've seen Americans try to pay with a credit card in a supermarket in the Netherlands and have it fail.

I've had places fail to accept my Swedish debit card in the Netherlands. It's more to do with some places only accepting local cards or not accepting, for example, Master Card, rather than debit vs credit cards.

> Well yeah, paying with a credit card in physical stores

Maestro and Visa Electron are already or soon will be full discontinued. How can you even tell a debit and a credit card a part nowadays? The only distinction between my credit and debit Visa cards is a single word sign in a tiny font at the back (I live in a EU country).

So unless those Americans are trying to with Amex/Discovery/smth similar cards I'd find this really surprising.

Even a decade or two ago Germany was the only country I've been to where it was only possible to pay with these regional debit cards in some places. I really don't think this was an "Europe" wide thing for a quite a while now.

There must be a way for card processors to know if the payment is debit or credit because there are stores in the US that only accept debit.
Yeah, I think US is somewhat different, the fees for credit cards seem to be much higher there while in the EU they are caped at 0.3% for credit and 0.2% for debit cards + bank fees .
Even in The Netherlands where, I was told by a local debit cards were the norm, I paid for things all last week with a credit card without anyone giving it a second look or having the slightest problem. I was prepared to use my debit card begrudgingly as it doesn't cover foreign exchange fees like one of my credit cards do. But I never needed to.
The distinction between debit and credit card is not really what is at play here, but rather, whether Visa or MasterCard is accepted. A Visa credit card or a US Visa debit are both Visa, so if a place doesn't accept Visa it won't accept either, but if it does accept Visa (increasingly the norm) then both credit and debit work. It's just that in Netherlands none of the debit cards are Visa/Mastercard so people might be mistakenly attributing the card acceptance as being about a debit/crédit distinction.
I wish iDeal was accepted more widely. Stripe/Mollie/Adyen et al support it but it has enabled explicitly. This is especially annoying for Shopify stores.

I don't know what the hangup is (maybe it needs to be reported to the Dutch government since it's obviously coming from a NL national?).

Until then, we'll have to keep using a low limit credit card or Paypal for many online purchases.

If I recall correctly, if you have a valid payment method, they have to accept it. So, if the terminal is "broken", thought luck for them, it's free. That has been my experience, the few times that happened to me (and the terminal was truly broken, it wasn't an excuse).
In my experience when the terminal is 'broken' I say "ah shucks I don't have any cash" and they turn back to the terminal which is suddenly working again and, perhaps begrudgingly, accept my contactless payment. I live in a big city and routinely visit a restaurant that does this every time. You'd think they would recognize a regular and quit with the bullshit but nope.
This is exactly my experience every time. My wife is always annoyed at me when we eat out and I insist on using a card, but it's too amusing for me to watch the entire staff struggle around - as if a client with a credit card is some crazy situation they've never encountered before in the center of Munich.
Which is why many places actually assert that they don't take cards before taking any requests.

At least it is common in NRW to do so.

Restaurants, donerbuden and the like which don't accept electronic payments or "ze terminal is broken" are literally all just committing tax fraud and don't want any paper trail documenting transactions for this reason. Meanwhile legit businesses want you to use electronic payments even for small stuff nowadays because, as a bakery owner explained to me, the fees are so low nowadays that it's overall more expensive for her to handle cash.
> Restaurants, donerbuden and the like which don't accept electronic payments or "ze terminal is broken" are literally all just committing tax fraud and don't want any paper trail documenting transactions for this reason.

The solution is that you pay any of your disposable income to the government to compensate for this.

An anti-tax advocate on HN, what a surprise. The solution is that they pay their goddamn taxes. Those taxes pay for services that companies avail of as well.
Who believes in that anymore? We're in the information age and people can see where their tax money actually goes. Merchants refusing taxes are just as legit as those who chose to pay taxes. Why should the customer spend his life worrying about if the government gets more money? If that is the case, he should first pay all of his money to the government.

But to the point: Many merchants just want to skip the fees, it usually has nothing to do with taxes. Small business owners get riled up about CC fees sometimes.

> Who believes in that anymore?

Plenty of people in countries with functioning public services and social safety nets.

> Merchants refusing taxes are just as legit as those who chose to pay taxes

As a point of pedantry, they’re in fact illegitimate in the literal sense. (I don’t intend this point as serious argument, just thought your phrasing was bit funny in the context)

> Many merchants just want to skip the fees

I completely agree with you here, it can make sense for a small business to prefer cash for that reason (and it’s equally okay for a customer to choose whether to do business with them).

Once I was paying for my groceries in Germany using my American credit card. There was an old man behind me who was a bit impatient. While the payment was processing, I said to him I was sorry about the delay and he asked me why I was not using cash. I told him that I wasn't carrying any. He said "cash is king." I thought it was funny but he was very serious about it.
> I think kids growing will be happy without any physical cards and banking will all be app driven.

That's mostly valid for middle-class kids, but there's lots and lots of unbanked or "badly" banked (i.e. banking with what are basically pawnbrokers) poorer people, so cash going away or being tightly regulated will be a huge disadvantage for their kids going forward.

Until the day your phone breaks for some reason, or one of those payment monopolists decides you shouldn't be able to spend your money because you modified your phone without their permission, and you find yourself unable to pay for the bill. Eliminating cash also eliminates the possibility of having transactions that are difficult to trace for whatever reason, at least in small amounts. What if something you take for granted today becomes illegal (weed, abortion, anything you may think of) and the government will now have near total ability to see what you bought. It's a bleak future without privacy.
> Until the day your phone breaks for some reason

I happen to have a second Apple device on me at all times: my watch. Risk of this happening is low. Still a risk though.

The "phone breaks" argument is weak as plenty of wallets are lost and sometimes even attached to phone and then both are lost. The strong argument is that things don't even have to be illegal to become impossible to pay for using digital currency. Look at the adult industry, where it is nearing impossibility to find a merchant to support payments for legal adult services. Better laws & privacy protections will help but won't ever fully solve the problem. (And before anyone else jumps in, neither do cryptocurrencies in their current state.)
Cryptocurrencies, especially the stronger privacy protecting ones like Monero mitigates tracking to a great extent and is permissionless, requiring no authorization from a third party to use your money. Though by doing so it also attracts criminal and law enforcement attention and is likely to be banned upon widespread adoption.
No cryptocurrency in its current or foreseeable future state are useful as daily methods of payment, for many reasons. Cryptocurrencies are volatile speculation instruments, not a practical currency as they lack the necessary combination of stable value, widespread adoption and either usefulness outside of limited markets or privacy friendly method to convert. Monero might not be as routinely traceable as other cryptocurrencies but any conversion to or from fiat is likely to be traceable or dodgy enough to get a bad rate of return. To be a truly useful currency someone has to be able to earn it one day and spend it freely in the overwhelming majority of commerce situations a week or month later for the equivalent value. That is not going to happen with cryptocurrency in the foreseeable future. The majority of people who claim it will be or should be are typically those most interested in cryptocurrency being a volatile speculation instrument, which defeats their stated goal.
> one of those payment monopolists decides you shouldn't be able to spend your money

I assume you keep all of your money at home?

Oh, you keep it at the bank. And withdraw it using a plastic card? Well then.

He was specifically talking about physical money (cash) vs digital money only.
I agree, though I suspect HN is going to be a tough crowd :)
It is not just breakage. My phone was low on battery when I realized my bus pass was just in digital form. I had to find a place to charge.
All of these concerns have analog equivalents. Plenty of people get to public transit and realize they need to recharge their pass before it's useful again.
that makes it even funnier if you know how the rest of the world operates.

for the past decade most countries (china, india, brazil, eu, etc) have central bank issued APIs for instant payments.

without being a client of visa, apple, etc... anyone can instantly transter money around. some banks require an app, others allow via sms, etc.

the US seems like it is stuck in time, still swiping credit cards, and only having a glimpse of the world via toys their kids play with, until they are old enough to go back to the american way and start swiping cards.

Mid-30s here and the only cards I carry are my ID and a couple of "catchall" credit cards to serve as a fallback where Apple Pay doesn't work, and unless I know I'm going to a cash-only bar or something I don't carry cash.

Debit cards are practically never in my wallet unless I'm going out to withdraw cash. Way too risky to be carrying around a direct line to my primary bank account.

It's hilarious (in a way) seeing USians comment on this post. The rest of the world has had contactless payment for at least a decade.

As an explanation, there are two different things called "Apple Pay" in the US.

One is the use of the secure element/wallet in an iPhone/watch to store an EMV card that is tokenized. The other is the Apple branded credit card issued by Goldman Sachs.

Leaving aside the branded credit card, the Apple Pay process is a standard that Apple worked with Visa/MC (and Google and Samsung) to develop. Essentially, a customer of a bank enrolls their card into Apple/Google/Samsung Pay and there is a tokenization service that provisions the phone Secure Element with an EMV "application" and the tokenized card.

The card has a different number to the actual issued card, maintaining the first 6 (issuer ID) and last 4 digits of the issued card (CPAN - Customer Primary Account Number) to establish a "DPAN".

When the phone is tapped, as far as the reader is concerned, it is a standard EMV card. The reader will go through its standard business rules for floor limits, PINs etc and process the transaction.

The merchant only gets the "6+4" digits of the card, the DPAN is sent over the network to the tokenization service, which translates the DPAN to the CPAN and sends the transaction to the issuing bank for authentication and payment.

The lack of being able to get the "real" CPAN is why some US merchants still refuse Apple/Google/Samsung Pay, specifically because they lose the ability to track customers.

The problem in the US, is instead of going to "Chip + PIN" like the rest of the world, the US went to "Chip + Signature" which removes the benefits of Chip+PIN in terms of fraud reduction etc.

eh, apple pay's been available for 9 years now. ROW had more POS's that were ready to go day 1 because of the existing contactless support but if you had a supported US bank you could use it.
Rest-of-the-world had Visa/MC forcing merchants to upgrade on a faster schedule than the US, because the US card environment has many more middle-man processors in the mix that would lose their slice of the transactions.

Also large retailers that "self-acquired" didn't want to invest in upgraded readers, or lose access to the card details.

Breaches like Target's where a bunch of actual CPANs and customer details were stolen started to force the US to upgrade. Enforcing PCI compliance of separation and encryption of CHI has also forced US companies and banks to upgrade.

(comment deleted)
anyone else wondering CHI is cardholder information
The correct acronym is CHD (Cardholder Data). Using specialised acronyms in normal conversation is annoying enough when you use the right ones…
I always get PII and CHD mixed up :)

Sorry, to clarify:

PII: Personally Identifiable Information (relates to GDPR etc)

CHD: Card Holder Data (relates to EMV etc)

CHD is a form of PII, but PII has greater scope.

Just to throw confusion into the mix, PCI (payment card industry) governs credit/debit card standards, including security in the US.
The second one you’re referring to is called “Apple Card” in the US; I’ve never heard anyone (or Apple) refer to it as “Apple Pay,” except in the sense when using Apple Pay with an Apple Card.
Yup, sorry, my mistake, it's a bit like "Apple TV" the device, "Apple TV" the app, and "Apple TV+" the streaming service.

Apple Card was/is Apple's way to promote contactless EMV in the US, which in turn promotes use of Apple Pay on the phone/watch.

Apple Card is a US only thing though AFAIK.

> Apple Card was/is Apple's way to promote contactless EMV in the US

Apple Card, with fewer than 7mm users, was launched half a decade after Apple Pay [1][2]. Apple sells over 200mm iPhones a year here. Apple Card was not a way to promote contactless payment, it's a margin play.

[1] https://en.wikipedia.org/wiki/Apple_Pay

[2] https://en.wikipedia.org/wiki/Apple_Card

The physical Apple Card itself doesn’t even support contactless payment, it needs to physically be swiped or inserted.
> physical Apple Card itself doesn’t even support contactless payment, it needs to physically be swiped or inserted

Its sole purpose is to be swiped. It's well made, but I don't think they want people using it.

Yup, this is reinforced by the cash rebates on transactions: 3% contactless at Apple (and participating) stores, 2% contactless at all others, and only 1% using the physical card.
My understanding is that Goldman Sachs has taken something of a bath on this. I have one but it's strictly for the purpose of making Apple gear purchases.
I also use for T-Mobile where I get 3% back and then Apple Pay at 2% is a pretty good cash back scheme. Send that cash straight to the 4% savings account.
I have a 2% back Fidelity card which puts it straight into the brokerage money market (basically government securities) account which is paying around 4%.
Yea there are lots of good options these days. The competition is great. Our financial footprint across organizations is pretty large. I'm looking to Apple to eventually allow stock trading or something similar in the wallet app or stocks app with it all linked up. It's not super Apple-y but I think they'll do it.
What I read was that it only looks that way right now due to the method of accounting used.
As others have pointed out you seem to wrong on every account lol.
Chip + Signature depends on the venue which makes it really annoying.

Went to a new city, one place out of the four I visited required a signature, the rest were fine with tap to pay/chip+Pin. Some places are fine until some arbitrary limit, etc. The place that made me sign? The purchases were $5-$6.

Chip + Signature is a dumb USian thing because merchants didn't want to change their readers to have a secure PIN pad.

Contactless has different floor limits than Contact (chip). For example, in AU, the limit for contactless without PIN is ~AUD100. In the UK, I believe its GBP30.

If you tap for a payment over that limit, the reader will ask for the PIN.

The primary difference is that if a customer uses contactless/contact and PIN, then the risk of the transaction is passed to the network/issuer, instead of the merchant.

> Chip + Signature is a dumb USian thing because merchants didn't want to change their readers to have a secure PIN pad

Americans don't want to punch in a PIN. We have more cards per capita and are habituated to the convenience of a swipe. (Unlike much to the world, our fraud risk sits almost entirely on the merchant side.)

Contactless had no hope with a PIN. Merchants catered to that despite higher cost and risk.

> Contactless had no hope with a PIN

I’m not sure if it’s true for all EU countries and banks, but in general you don’t put in your PIN every time with contactless. The card usually works for a number of transactions without a PIN, often up to a certain limit, after which it asks you to insert it again.

> in general you don’t put in your PIN every time with contactless

As an American, I never get prompted in Europe for a PIN. Even for large transactions. That matches a swipe's convenience.

I believe this is controlled by your issuer. So your card issuer probably don't require PIN after n amount of swipes.
It is arbitrary and random. Some machines will ask for it and others won’t. Some automated machines will refuse US cards altogether. Wait til you’re at a tollbooth entering the Autoroute trying to use all your US cards, and none of them are accepted.
Even Visa/MasterCard?
Unlike most of the world, where when a Chip+PIN or contactless payment is made, where the risk is transferred from the merchant to the acquirer/issuer.

That was the whole point of moving to EMV, it removes the fraud risk from the merchant.

That's different to the charge-back risk, which is where the customer disputes the transaction itself.

> where when a Chip+PIN or contactless payment is made, where the risk is transferred from the merchant to the acquirer/issuer

In parts of the world where the consumer's bank bears the risk, and there is in imbalance between commercial and consumer banking, there is a powerful group--consumer banks--to apply pressure.

Sometimes that results in fewer consumer protections. In most: indirect pressure on merchants. (I can think of no country with an imbalance in favor of commercial banking with a strong consumer sector.) This state describes most of the world: optimized for cost reduction.

> That was the whole point of moving to EMV, it removes the fraud risk from the merchant

Who bears fraud risk varies.

In America, it was always the merchants. They have limited leverage over Visa and Mastercard. With the banks neutral and a valid competitor in American Express, there was nobody who wanted to anger consumers by taking away their swipes. (If you're that merchant, you're cash only.) So they optimized for purchasing convenience.

Australia is a cost optimizer. America a convenience optimizer.

I'd argue the opposite. In the US, the merchants had too much power to delay the introduction of Chip+PIN readers.

The fraud of magstripes was huge, because there was literally no security. Anyone could create a magstripe. Customers using credit cards in the US are protected by legislation against that fraud.

The whole point of EMV was to remove the capability of fraud by replicating the magstripe. It meant that the transaction could correctly tell between "card present" and "card not present" transactions. So the risk of card-present transactions is dramatically lowered, independent of who is responsible for the fraud.

It is to both the merchants and the banks benefit to reduce/remove fraud. The banks offloaded it to the merchants in the US (as they did in other countries), but the introduction of EMV was "sold" to the merchants in the rest of the world by the banks saying they would take on the risk of fraud for "card present" transactions.

The banks were never "neutral" in the US. Visa/MC were both bank consortiums.

America is not a "convenience optimizer" its a "changing consumer behavior is hard so lets not do it" optimizer.

> In the US, the merchants had too much power to delay the introduction of Chip+PIN readers

Merchants had more power, but the ultimate deciders were consumers, who have not only a choice in merchants but a choice in cards.

> the risk of card-present transactions is dramatically lowered, independent of who is responsible for the fraud

Nobody cares if business goes down more than the fraud costs.

> Visa/MC were both bank consortiums

This is wrong. American Express is bank-like because it owns its own credit book. Visa and MasterCard are payment processors. They are publicly traded and not bank consortiums. This is crucial to understanding the power dynamic: the payment processors do not take diktats from the banks.

> America is not a "convenience optimizer" its a "changing consumer behavior is hard so lets not do it" optimizer

Sure. Friction avoided for not being worth the trouble is optimising for convenience.

I can personally tell you that had a card gone chip + PIN mandatory, I’d have dropped it, and if a merchant started requiring special payment requirements I’d expect compensation for the trouble. Many merchants, notably Starbucks, did this, but it could never go mainstream. And unlike countries where consumer banks were incentivised to lobby for reforms, that political will to override the public’s preferences couldn’t exist here.

Both Visa and Mastercard started out as companies that were owned by a consortium of banks.

"By 1970, BofA gave up direct control of the BankAmericard program, forming a cooperative with the other various BankAmericard issuer banks to take over its management. It was then renamed Visa in 1976."

Both Visa and Mastercard mandated upgrades to merchant terminals in the non-US world. For example, in Australia, as of 1 August 2014, Chip+PIN was required.

That upgrade has been delayed repeatedly in the US because of pushback from the merchants that don't want to upgrade their terminals. It has nothing to do with the consumers.

Visa in the US states: "When you upgrade to chip technology, you continue to be protected from counterfeit fraud losses. As of October 1, 2015, businesses that don’t accept Visa chip card transactions may be responsible for any resulting counterfeit fraud. Similarly, effective April 17, 2021, Visa transactions made at ATMs and Automated Fuel Dispensers (AFDs) will be included in the Liability Shift Policy."

In the US however, they continue to support signatures, which have been removed pretty much every where else:

"No. Visa continues to support a range of cardholder verification methods (CVMs) including signature, online PIN, and no-signature for low-value, low-risk transactions. Visa will maintain interoperability across those methods with technical standards, business rules, and compliance programs."

https://usa.visa.com/run-your-business/small-business-tools/...

> Americans don't want to punch in a PIN. We have more cards per capita and are habituated to the convenience of a swipe.

When Chip + PIN was introduced in the UK in 2003, people were widely concerned about the potential for inconvenience (entering a PIN takes longer than a swipe, the transaction might take longer to be processed, you might forget the PIN altogether).

In reality, fear outweighed the reality, the world carried on as usual and people adapted very quickly. It's now just totally normal here to enter a PIN and the average British person would feel far more inconvenienced if asked to sign for a transaction instead (which has become such a rare event here that the average person would be completely taken by surprise if asked to do so).

The UK has a limit of £100 for contactless cards, with a requirement to insert and enter your PIN after a few successive taps. Apple Pay and Google pay technically don’t have the PIN requirement as they’re authenticated and technically don’t have a limit, but in practice most shops still have a £100 limit.
(comment deleted)
In my experience few merchants limit Apple Pay to the contactless limit (Tesco being a notable exception) but many of the times I’ve used Apple Pay for larger purchases the person helping me has been surprised that it worked.
I once paid for a car with Apple Pay (it was far over the £100 limit)
> but in practice most shops still have a £100 limit.

I've not found this to be the case anymore, sometimes the terminal will display a limit or the merchant will believe the limit applies to phones, but no limit is technically enforced.

> but in practice most shops still have a £100 limit

Not true, although shop keepers will often say it won't work, right up until I tap and it works

It depends on the POS configuration/support of CDCVM (Consumer Device Cardholder Verification Method). If it doesn't support it, Apple Pay/Google Pay is just a regular EMV contactless card from the POS's perspective, so the regular limits apply.

On some POSes, you can get a hint of when the POS either doesn't understand CDCVM or isn't configured to verify it when you tap with Apple Pay/Google Wallet and you get back a "Cardholder Device Not Verified" on the receipt.

Obviously ultimately, even with CDCVM support, it's up to how things are configured, but in the UK at least, every single POS I've seen that returns "Cardholder Device Verified" will let transactions through the same way as if you did Chip+PIN.

Funnily enough my card doesn't work contactless with PIN. I need to shove it into the chip reader to make it work.

Which, thinking about it, is exactly how it should be.

The closed circuit of chip reader and pin was always touted as super secure. Then suddenly, you could pay contactless with most cards regardless of the amount and enter the PIN. Too me this always seemed to subvert the "super secure" chip & PIN authentication.

It's a small "hardship", really. On small amounts contactless works just dandy and having to present the physical card to the chip reader for larger amounts makes me actually feel better.

> Too me this always seemed to subvert the "super secure" chip & PIN authentication.

Chip and Pin usually implies offline PIN. The terminal supplies the PIN, after a one-way transform of some sort IIRC* to the chip on the card, which then verifies it locally against a stored version of that same hash or whatever.

With contactless you're doing online PIN. The terminal applies a transform and some sort of asymmetric key encryption to the PIN, and this gets sent to your bank. There's nothing any less secure here.

(* I wrote an EMV 'kernel' a long, long time ago, in about 2002, and some more PIN block processing code about 8 years back. So it's been a while!)

Chip + PIN is basically the EMV standard for cards with chips on them (and the small set of connectors for when the card is inserted in a reader).

There is very little difference in the process when using NFC, except that the power to the chip in the card is via the NFC field.

There are some changes to the business rules around processing contactless payments. Although the same floor limits for asking for the PIN for contact and contactless are pretty much the same these days.

> Chip + PIN is basically the EMV standard for cards with chips on them

Worse than that, it's a marketing name :)

Or it was in the UK. Strictly speaking the cards contain a customer verification method list that gives the terminal the info about whether and in what priority order it should process PIN offline, online, signature or other methods. This method allows american cards to function elsewhere in the world, depending on the terminal risk profile, and euro cards which usually would require a PIN to function in PIN-less US terminals.

> There is very little difference in the process when using NFC, except that the power to the chip in the card is via the NFC field.

Sure, but in contactless EMV there is no user interaction part of the process, so 'offline PIN' is not a possibility. This is because the transaction process would have to halt while the user entered their PIN and continue afterwards. So I'm pretty sure that for contactless transactions there is no offline PIN CVM. The process is also going to be slightly different in that the card/phone doesn't stick around for any post-transaction issuer scripts, and IIRC from the short time I worked on a contactless product, there is only a single application-cryptogram generation phase compared to the two in a chip transaction, though I can't remember the significance of that now!

Or can I ... the second Gen AC phase is where the card signs off on the bank's authorisation of a transaction, if the transaction has gone online. Strictly your chip card can still decline a transaction even if the bank says it's OK. This is missing in contactless flow because, again, it would require the transaction to pause and take longer than a quick wave.

Not entirely true. I've done a contactless payment that was interrupted at the reader and my PIN requested before the transaction was processed.

I didn't need to re-present the card to the reader. It processed the rest of the transaction after the PIN was entered.

> I didn't need to re-present the card to the reader. It processed the rest of the transaction after the PIN was entered.

Yeah that's an online PIN, it's sent to your bank for verification, not the card (which has already done its part of the transaction).

(If you want to be pedantic, yes, you're quite right! The EMV transaction process is still going on at that point, between the terminal and the bank, and it has indeed paused to allow the user to enter a PIN. The process between the terminal and the card has completed though, so offline PIN can't be done, because in the offline PIN process the card performs the verification.

Very true, and if there's one thing about EMV, it is pedantic and convoluted and confusing, primarily because it has evolved and is not particularly subject to "intelligent design". :)
Out of curiosity, what sort of language would such a kernel be written in?
So the 'kernel' I wrote was not the one running on the card. 'In the Industry' (which sounds so pretentious!) the core of the EMV logic that runs on a terminal is often referred to as the kernel. It's not much like a real OS kernel!

The kernel I wrote in about 2002/3 was in C and allowed a PC using a dumb reader (with secure PIN pad) to run the transaction, on Windows, Linux or (shudder) Unixware at the time.

Years later in 2014 when I worked on a terminal product the company had bought in a third party kernel, also written in C to run on an embedded MIPs board. There was a platform SDK and a custom gcc variant to build bare-metal executables. You bootstrapped the kernel by passing it a malloc implementation and a couple of hooks to other things like accelerated crypto functions etc, and it provided an API to run the transaction.

I also worked briefly on a contactless terminal product in 2012, which IIRC was C and C++ (old-skool C-like C++) on a proprietary OS of some sort, and they were moving to embedded linux on ARM at the time.

(edit - See also rswall's parallel answer, it's very good. I wrote an EMV L2 kernel in that parlance, and interacted with another.)

Whatever the card reader supports. What EMV call a "kernel" is not what a Linux person would call a "kernel". EMV don't really care, what they care about is that the protocols are followed and that the CHD (Card Holder Data) is protected and that the transactions are properly encrypted at rest and in transit.

So you could write it in Visual Basic if you wanted, but your PCI auditor might have a problem with that. :)

As far as I understand it EMV has L1 and L2 "kernels", then there is an "L3" that is acquirer specific.

When a device is "PCI-PADSS" certified, the L1/L2 kernels are what are tested.

When a merchant is PCI-DSS audited, it is a combination of the PCI-PADSS certification for the device, as well as the L3 layer and other business processing rules around handling the CHD (Card Holder Data). The L3 is supplied by the merchant's acquirer (often with the terminal itself) and the acquirer has had the device validated as part of their PCI audit.

EMV L1 Kernel: The "app" that understands the EMV protocol and data exchanges ("APDUs") between the reader and the card. The equivalent of the PHY chip and ethernet frame handler in ethernet.

EMV L2 Kernel: The "app" that understands the EMV business rules and processing of transaction. The equivalent would be the IP layer in networking land.

EMV L3 Kernel: The specific "acquirer" rules, eg, there is a BIN (Bank Identification Number) accept/deny list that an acquirer will accept. It also has other rules about limits etc that the acquirer imposes. The equivalent would be IPTables in Linux.

PCI-PTS is another one we were concerned with as a terminal vendors, which involved a bunch of stuff around tamper-proofing and tamper-evidence, as well as vetting the cryptographic algorithms in use, some level of source code security evaluation etc. Complicated old business.

I was very proud when my security library, including implementations of all sorts of ANSI X.9 standards, derived-unique-keys-per-transaction, a keystore that was destroyed on tamper, secure program code update mechanisms etc etc passed certification, on a device with 128k of SRAM and 256k of program memory.

Shame it never made it to market. Stupid unicorn company taking on tens of millions in debt and then exploding... still, I got a few trips to China out of it.

Those “22 trillion devices that run Java” have to come from somewhere :)
Thanks to both of you for the comprehensive and interesting answers to my potentially "dumb" question.

It's this what makes HN still an outstanding resource and community.

Thanks!

There's basically no difference in the "security" of using the card physical contacts to power/communicate with the on-card chip vs using NFC for the same thing.

What is secure is not about the communications, it's about what information is exchanged, how the dynamic CVV is generated and used, how the PIN is validated in a Chip+PIN environment.

The PIN pad, where you enter the PIN is just as secure using the contacts or contactless. The PIN doesn't leave the PIN pad in the clear.

>If you tap for a payment over that limit, the reader will ask for the PIN.

This is country-dependent; while this is the case in Spain, it's not the case in France, where the terminal will insist the card be inserted and the PIN entered.

> Chip + Signature is a dumb USian thing because merchants didn't want to change their readers to have a secure PIN pad.

there's a write up on this that i cannot find. the reason was actually that some criminal organization with ties to lots of political pacs had their money cow being fraud (or money laundering) on gas stations. so they forced gas stations to never update the pins for this very specific reason.

Apply pay (with faceID) is a much better experience than chip+pin.
The point is that as far as the merchant's reader is concerned, there's no difference. It uses NFC to read a card. If it's required to get a PIN because of floor limits etc, it will still ask for a PIN.

Chip+PIN is the basis of contactless+PIN, same EMV standard, same stuff happens under the covers. Different business rules for merchant risk, chargeback etc

>If it's required to get a PIN because of floor limits etc, it will still ask for a PIN.

That doesn't happen with Apple Pay though, since it's an authenticated NFC payment. My (physical) Visa card has a 50€ contactless limit but with Apple Pay, I can just use it to the card's limits. I've paid for a 880€ MacBook with just tapping my Apple Watch against a reader.

That has nothing to do with Apple Pay and everything to do with the merchant's reader, their transaction acquirer, and their merchant bank.

As far as the reader is concerned, for contactless, there is no, as in none as in nada difference between a contactless payment with a physical Visa card, or a contactless payment using Apple Pay (or Google or Samsung Pay).

They are all "authenticated NFC payments".

The limits are up to the provider, phone payments are more secure because they require you to unlock so generally the providers have higher or no limits

It doesn't change the fact that the reader doesn't know if it's a phone or not, it's just a contactless payment standard

The providers (and the readers) can't tell if it is a physical card or a secure element on a phone.

So there aren't "different limits" for Apple/Google/Samsung Pay compared to using your physical Visa/MC/Amex/Discover/etc card.

I wasn't very clear with the word "providers"

> So there aren't "different limits" for Apple/Google/Samsung Pay compared to using your physical Visa/MC/Amex/Discover/etc card.

Not from the _payment_ provider (mastercard/visa/etc), but from the _card_ provider (google pay/apple pay/banks) - e.g. my Bank card has a contactless limit of £100, but that same card via Google Pay has a limit of ??? (never reached it, thousands probably)

Not sure why you got downvoted but hard agree. I haven't used a physical card in years, everywhere I go accepts contactless, and with FaceID it's either same speed or quicker than having to get your card out of the wallet.
Exactly

And for most transactions it's just 'tap your card' (no pin), no need to have it in the phone.

The difference is that when you tap your card, it uses your CPAN directly.

Plus you have to carry around your cards.

When I'm not travelling for work, I only have my phone. No need for wallet, has drivers license, Medicare (AU), and my credit/debit cards in the Apple wallet.

I haven't used physical cash in AU except very rarely for about a year now.

You're right

Though I'd never travel without my wallet, I like having a backup plan if something happens to my phone

I never used to go anywhere without my wallet, but during COVID, and now beyond, I rarely use my wallet when I'm at home.

I still need to carry it when I'm driving, because our drivers licenses haven't been able to download to the Wallet yet, but once that happens, I won't need my physical wallet.

Even if I didn't need to have my driver's license with me when I left the house, I think it would take a lot to convince me not to generally carry my small (business card holder) front pocket wallet with me. Being dependent of having a charged and working phone for almost literally everything is something I wouldn't be generally comfortable with even with a smart watch which would be a backup for most payments.
I don’t know where the hell you’re from, but the word you’re looking for is american
You could phrase it much more politely, but yes, it is very unusual to see anyone write "USian".

Some people are trying to normalize "American" to mean anyone from North or South America, but the reality is, of course, that 99.9% of the time, American means people from the US.

I use the term USian as a part joke but to explicitly talk about the US, as opposed to other "american" nations like CA or MX.

Here we're talking about the difference between the card networks and merchant acquiring in the US vs elsewhere in the world.

It’s the United States of Mexico, which everyone shortens to Mexico but for some reason you’re not okay shortening the United States of America to Americans?

Honestly United Statesian is more confusing because that ambiguously could refer to Mexicans.

It really sounds like you’re trying to troll and yeah people generally don’t like it if you intentionally get their nationality wrong.

> It’s the United States of Mexico

No, the official name (in English) is the United Mexican States. (In Spanish, its structurally the same as the Spanish name of the USA (Estados Unidos Méxicanos vs. Estados Unidos Americanos, but the English names do not follow the same structure.)

> which everyone shortens to Mexico but for some reason you’re not okay shortening the United States of America to Americans?

People in American States [0] that are not the United States of America have very good reasons to prefer to distinguish the adjective for “belonging to the Americas” for the one for “belonging to the United States of America”.

> Honestly United Statesian is more confusing because that ambiguously could refer to Mexicans.

Yeah, that would be a problem if we also needed to distinguish the adjective referring to association with México-the-country from some supranational uses of México but were already using Estadounidense to make that distinction for different uses of “America”, but…that problem doesn’t exist for México, to start with.

[0] see, e.g., the terminology used by the OAS https://www.oas.org/en/about/principles.asp

i don’t understand what the point of talking about us adoption of nfc payment vs chip+pin is.

i’ve lived in several countries and used apple wallet in all of them + the us since 2012.

and my german bank only got a card available in wallet in 2021…

chip and sign is dumb, but nfc and apple wallet work just as well in the states as they do anywhere else.

The older the banking system is, the less modern it is. Germany was a technological leader before the 1st world war, and still is in some ways, and could be considered a financial center for at least part of the world for the same period(like the eu) So it's financial system is horrible, the same for all "modern" countries. If you want to see modern finance, look at countries that are wealthy enough to afford it but only became this way in the last few decades(like since the 90s)

A politically heated examples: if you go to the farthest village of Russia, where only poor people live(for example 12h drive from Irkutsk), you will be able to pay with contactless payments in their local store(before the war, you would be able to pay with Visa/Mastercard/Apple/Google/etc).

And in China you will be able to pay with qr codes based payments even to a homeless entrepreneur on the street, that tries to sell you selfmade slippers, or something like that.

I don’t recognize the pattern you describe. For various reasons I’ve done a lot of travel over the last month or so - 2 “old money” European countries, a “new money” European country, a Middle Eastern country and Australia and I didn’t use cash or have to sign anything once in 5 or 6 weeks - I paid for everything with a contactless card. Unless something has dramatically changed in the last 2 years, my experience in the USA during my last trip there was that of a payments system that seemed stuck in the 1970s. In my experience, the global division would be between the USA and the rest of the world.
Can you describe stuck in the 70s? I just use contactless pay pretty much exclusively unless a place is cash only (which isn’t the norm). What are you doing in your country?
I don't think this true. Canada's banking system is not modern and essentially controlled by 5 banks. Tap to pay is everywhere these days even the stalls at the farmers market.
This is a common theme for centralised infrastructure. e.g. power grids, roads, rail.
> but nfc and apple wallet work just as well in the states as they do anywhere else.

I believe the point is that this change feels much more of a small increment elsewhere, because we've had modern payment systems for a while. NFC appeared in our cards without any significant change, because we had chip cards for decades before that.

> and my german bank only got a card available in wallet in 2021…

They probably didn't hurry because they had contactless payment long before that.

Yep.

And Americans will typically try to cut it any number of ways that aren’t “the US is uniquely behind the times, given their wealth”.

The reality: When I was working retail, in 2010 mind you, customers would very routinely be surprised and annoyed by the fact that our store didn’t have terminals that accept NFC payments.

When Apple Pay came out in…2014? 2015?, all the American tech pundits were talking about it like it was futuristic alien technology.

I’ve spent exactly one week in the US, ever. I was in Seattle. If I used my card to pay for food at a restaurant, it was entirely common and accepted for someone to take my card, scurry away, and come back at some point with something for me to sign. Back home, they’ll bring me the terminal so I can just tap my card (or phone, or whatever), or they’ll do it for me in the case of a card, and that’s that.

It’s such an odd thing to get defensive about.

Meh bringing the terminal to the table because the card being out of sight is scary to Europeans (and some Americans) is also weird. What's the waiter going to do? Steal your money? Well, yes. But Chip and PIN being brought out so many years because theft via magstripe was so common in some areas of the EU by organized crime isn't something I'd really brag about.
Take down the number, expiration date and CVV number then make purchases online/over the phone.
Which is a PITA but ultimately the card company will cover it.

The way payments in restaurants are typically handled in much of Europe is convenient but to the parent's point, the obsession with never letting go of your card sometimes seems a bit excessive.

I would say the habit of not needing to trust the waiter with our cards means that when we're in a situation where we have to, it's very uncomfortable. Just like I would feel very uncomfortable giving my passwords to a coworker, even though I generally trust them not to abuse it. There's a strong sense of inappropriateness.
> Which is a PITA but ultimately the card company will cover it.

Most of the non-major banks are a pain to even open disputes with — not to mention:

- having to receive a new card (a pain if one's frequently on the road, or if the bank doesn't ship overseas);

- change any recurring billing details, if needed;

- possibly set up direct debits (sometimes with paper forms, like in Singapore);

- some other stuff I haven't thought of.

> Chip and PIN being brought out so many years because theft via magstripe was so common in some areas of the EU by organized crime isn't something I'd really brag about.

Ah, yes, "if it's NIH, it's probably because we're so honest we don't need it".

A few years ago, I was sitting at a bar in Vegas having lunch and the guy next to me finished up and paid his bill and he was "Whut?!" when the bartender grabbed his card and headed off. I must say, I just got back from Europe and the near universality of just tapping a card on either a portable terminal or at the bar with no worries about manually adding on service charges (though in the UK there is usually an "optional" charge added on for table service) is quite streamlined.
It's actually incredible how behind they are in some respects. NYC only got an NFC payment card for the travel system (Omny) in 2021. London's oyster card was launched in 2003!
When Apple Pay came out in…2014? 2015?, all the American tech pundits were talking about it like it was futuristic alien technology.

That makes no sense. Ive been doing contactless payment in the US long before apple Pay.

Pretty sure my Amex did it back in 2010?

> It's hilarious (in a way) seeing USians comment on this post. The rest of the world has had contactless payment for at least a decade.

The iPhone 6S with Apple Pay came out in 2015.

> The lack of being able to get the "real" CPAN is why some US merchants still refuse Apple/Google/Samsung Pay, specifically because they lose the ability to track customers.

I don’t think I’ve been to many merchants that don’t take Apple Pay. One of the annoying ones is AMC movie theaters.

The difference is that in most of the world, merchants are required to provide at least contact ("Chip+PIN") readers and as of a few years ago, fully support contactless reading.

It's only the US as a major environment that has delayed (and delayed) applying the same rules, or that adopted Chip+Signature in the first place.

AFAIK Walmart, for example, doesn't take Apple Pay. One of the reasons I don't really use Apple Pay is that I know (unless there are large cash only signs) that a credit card will work and, for me, it's at least as easy.
> The merchant only gets the "6+4" digits of the card, the DPAN is sent over the network to the tokenization service, which translates the DPAN to the CPAN and sends the transaction to the issuing bank for authentication and payment.

> The lack of being able to get the "real" CPAN is why some US merchants still refuse Apple/Google/Samsung Pay, specifically because they lose the ability to track customers.

Looking at you, HEB

Multiple times I’ve forgotten my wallet at H‑E‑B and was hoping Apple Pay was accepted
It's not material to your post but the DPAN isn't detokenized, but is sent to the networks (Visa/MC) to be charged.

Privacy.com serves the purposes of a per-merchant PAN (read: credit card number) online without having to use apple pay.

The DPAN is eventually detokenized prior to submission to the issuer for authentication and payment.

So from Apple Pay wallet -> reader -> acquirer -> network -> issuer, the DPAN is used. When it reaches the issuer, the issuer detokenizes DPAN -> CPAN to process the request. When it responds, it retokenizes etc for the response.

A question regarding this - I’ve discovered that using “Express Mode” [0] does allow the transit organization to connect your real credit card to what I assumed was the tokenized DPAN. How is that possible?

Specifically: there’s a transit org (I’ve tried to reach them about this issue, to no avail) that lets you enter your (real, CPAN) credit card number on their public web site and get back your “own” (if it happens to be your card…) transit history i.e. the times when you tapped your iPhone/Android on their NFC/tap enabled turnstiles.

So, they /do/ seem to have a way to either get the CPAN when the card is tapped, or maybe they can tokenize the CPAN in the same way as the phone and then compare the tokens…?

I thought that could not be possible but it 100% works. To me it’s a huge security problem. But again, I have not heard back from them at all.

Do you understand how they do it? Thanks

[0] https://support.apple.com/en-us/HT212171

I’m not sure how they do it but I think it requires a special agreement with the token issuers.
If you name the transit authority doing this, it'd be possible to look at what the iPhone/Android phone is actually doing. One possibility is the information being shared when using the NFC isn't your CPAN or DPAN at all, but is a 3rd identifier with which they deanonymize you.
If you use an EMV card in transit, then the Visa/MC rules say that the same card must be used to pay for the fare.

Transit providers are not allowed to use the EMV card purely as "identification".

I answered elsewhere on the thread about how the transit provider is able to use the EMV as an identifier after it has been used for payment, with a one way hash sent to the transit provider.

I believe OMNY is one system which operates as OP is describing
Transport for London does the same. If you add your (real, CPAN) card number to the "Contactless and Oyster" web service, it will also add all of the DPANs you have tapped in with on their network as separate cards.
Yes, the DPANs have to be tracked separately so that you use the same device/card to enter as you do to exit.

You shouldn't be able to see anything about the DPANs except the 6+4 information though and perhaps some detail of which device it is on.

Sorry for the long answer, but there are 2 different questions:

1. How does "Express Mode" work?

"Express Mode" is using the NFC "card" without any smarts from the phone, which is why it works when the phone itself doesn't have power. This is also why "transit cards" work in Express Mode because they are just NFC cards, but with a different "app" on the card that supports different processes than an EMV "credit/debit" card. EMV cards are probably the "dumbest" smart cards out there.

So effectively, it is exactly like using a physical NFC card. The NFC field powers the card. The "card" in the wallet only has the DPAN, the CPAN is not stored or used at all after the card is "enrolled".

2. Online enquiries with my "real" CPAN?

In terms of that online enquiry where you are typing the CPAN into the website, under PCI rules, they are not allowed to see the CPAN outside of PCI scope, which has strict rules on how that information is stored and used.

They usually use a "transit acquirer" to process their EMV transactions. What this acquirer does is that it processes the EMV taps under PCI rules, but also provides the transit provider with: a) a "one way hash" of the card. This is unique to the CPAN, but unable to be reversed back to be the CPAN. b) the transit information related to the tap (eg station of entry/exit etc) c) the transit provider can store trip information against the one way hash.

So when you type in the full CPAN on the transit provider's website, that is securely (ie iframes and the like) sent to the acquirer, which sends back the one way hash. The same hash is used to identify the trips that the transit provider keeps info about.

So they aren't "seeing" the CPAN (at least if their PCI auditor is doing their job properly). What they "see" is the one way hash that they can use in their system.

Thank you for your answer, I’m really grateful!

It makes sense that hashing allows the transit provider to link the CPAN to the taps.

Having checked, the CPAN is not inputted via an iframe on the transit provider’s site - it’s sent via https, but directly to the site’s web host. Is that necessarily non PCI compliant (or only non compliant if they store it - which they might not)? Are there PCI bounties..?

My bigger problem with all of this is that someone who comes in temporary contact with a credit card can get that person’s transit history. Is that not a security risk?

> When the phone is tapped, as far as the reader is concerned, it is a standard EMV card

When I went to the US nobody seemed to understand this. Loads of shops would have a sticker saying "Apple Pay Accepted" or something, and when I took out my Pixel phone they would say, oh that isn't an iPhone that won't work. Of course, it worked every time because the card reader has no idea what brand of phone it is or if it's even a phone at all..

Yeah although I was just in Europe and it seems like pretty much everyone just taps a card [ADDED: This is probably an overstatement but lots seem to use a card.] rather than using their phone from what I saw. For most circumstances, even with an Apple Watch, it seems way easier in most circumstances to just tap a card than fumbling with electronics.

Even compared to a few years ago, contactless payments seemed way more prevalent and frictionless. In Amsterdam, on the advice of a local, I did buy a chip card for transit as systems are still in the process of switching but my understanding is various transit systems there and elsewhere increasingly let you just tap a contactless credit card.

I see a mix of card tapping and phone tapping here. I myself only use my card when my phone is out of battery or when the amount to pay is larger than the bank allows by default (though I'm pretty sure you can raise that).

It was pretty weird seeing Apple users around me get excited about finally being able to pay with their phones when the first bank here started offering Apple Pay. I guess they never noticed that every other brand of smartphone had been doing that for give years at that point?

As for the public transit system, the stupid mess of checking in and out at varioustterminals still exists, but they are indeed working on using bank cards for public transit. They're of limited use though (no ability to store discounts and such) and not all transit companies accept them yet. I'm not sure what the situation is with credit cards, as the Netherlands is very much debit card oriented. The cards follow the same standards, but as any American trying to do groceries here will find out, that doesn't mean all cards will work on all terminals.

>the Netherlands is very much debit card oriented

I was told that and then I basically used nothing but my contactless credit card over the course of a week. But I was admittedly mostly in central Amsterdam and doing tourist stuff and restaurants.

Canada is the same I can't recall the last time I used cash or coins, perhaps two decades? It's tap debit or now more frequently my phone using Google Wallet.
This has changed quite substantially over the last five+ years. It certainly used to be the case that using certain cards that were very common in the rest of Europe (particularly credit cards, but also things like visa debit) required jumping through hoops in the Netherlands, and often weren't accepted.

A Dutch friend, who knows the industry a little, said that the Dutch banks had gone their own way with payment systems in the past. This heritage had taken some time to unwind. (I guess he was talking about things like Chipknip?)

Another Amsterdam local advised just getting a pay as you go chip card for public transit. He said that they were in the process of implementing just accepting contactless credit/debit cards directly but it was a bit hit or miss whether that was accepted in general.
For example, the largest supermarket chain (Albert Heijn) usually won't take credit cards, with the exception of certain cities and contexts (train stations) where there are more foreigners.
American credit cards work just fine with OV Pay for both NS and regional public transport (tried it with a Chase Visa card). Side note: Albert Heijn also finally started accepting them, so credit cards are now accepted at almsot all merchants.
When did AH start accepting anything besides NL debit? I have a US debit card that didn't work as recently as Nov 2022. It was a major pain in the ass taking cash out of the ATM right next to the checkout just to buy groceries for a month while I waited on approval for a Dutch bank account.

Silly me at the time didn't realize I could go next door to Jumbo and pay with whatever the hell I wanted... live and learn!

My limited anecdotal evidence from going to an AH in Amsterdam as a tourist just last week, the card terminal still had a sticker on it saying "No Visa/Mastercard". That said, did a quick Google and this Reddit post[0] (in Dutch) implies that perhaps even the terminals with that sticker accept debit/credit cards as of 4 months ago.

[0] https://www.reddit.com/r/geldzaken/comments/1085e6t/albert_h...

I believe it was around the beginning of 2023. Maestro has been deprecated and no further cards will be issued from July this year, so all merchants need to start accepting other card types (Mastercard/Visa Debit) by then at the latest.

Hopefully this will put an end to the common perception in NL that Mastercard/Visa == credit card. Most of them aren't!

Very recently, January this year it worked for the first time in an average neighborhood AH for me.

Funny note: Aldi accepts everything, even AMEX.

The PIN chip on my card stopped working months ago. Normally I’d have to get a new one and change my card details everywhere (hassle hassle) but I haven’t bothered as I can use Apple Pay for everything
In London I would say majority use their phone. I switched around a year ago as well, it just means that I don't have to carry a wallet with me any more, took me a while to get confident in it but now I am. Going through the tube almost always works and the rare time that it doesn't you just try again and then it works.
I switched to carrying a small front pocket wallet (basically a business card holder) a while back. It lets me have some bills for the odd vendor (e.g. food cart) that doesn't want to take a card for a small purchase and a few other things like ID that I like to have on me. In general, like paper boarding passes when they're convenient to print out I just find it easier to use a physical artifact rather than fumbling with my phone or watch. But I'm happy to admit that may be largely habit. Certainly in circumstances where carrying anything in a pocket was inconvenient, I can see using a watch.
We just moved into a WeWork office in Shoreditch and I am genuinely very annoyed that I now have to carry a building entry pass in the form of a card. I've spent years trying to shed all my cards and now I'm back to having to carry a wallet.
I was in a WeWork the other day, and saw somebody tap their phone to get entry to the office. I was amazed, assuming they had rolled out some new system that used phones for access. Nope—she just had her access card stuck inside her phone case.
That really is annoying. Apple has APIs for adding door keys / office passes to the NFC wallet. WeWork could fix this if they wanted to.
I wonder if there’s a way to clone cards to digitize them (using 3rd party hardware readers and these APIs maybe?)
(comment deleted)
This is definitely possible with things like a Flipper Zero, but I doubt adding the cloned card to Apple Wallet is possible on iPhones (though I imagine Androids have no such restriction)
I use a physical card at the grocery store because it combines my Visa card and the store rewards card into one. If I tap it against the reader, it first reads the rewards card via NFC, and then reads the Visa card via NFC. If I used my phone, I'd first need to get the clerk to scan some kind of a barcode from my phone and then I could pay via Apple Pay.
Why wouldn't the same work with a phone via NFC as with a physical card via NFC? At least my phone (Android) presents the virtual rewards card (one app) first, then the virtual credit card (another app).
I don't think Apple Pay can present multiple NFC cards automatically in succession or at the same time. And the rewards card cannot even be added to the Wallet anyways, since the bank's app only adds the Visa Debit/Credit cards, and the store rewards app doesn't add anything at all.

I'm not sure if there's even an API to add store rewards cards as NFC cards, since all of my rewards cards in the Wallet are barcodes.

See e.g. https://en.wikipedia.org/wiki/Apple_Wallet#Supported_loyalty...

> These programs are conveyed through NFC via Apple Wallet's VAS protocol. Programs that support One Tap are conveyed at the same time as a payment card stored in Apple Wallet.

Never knew about VAS. I guess I just need to lobby the store to implement the protocol then. Probably fat chance they'd actually implement it though.
You'd think it would be a no-brainer to improve the checkout process like this, but perhaps Apple's terms are unfavorable to the stores.
Anecdotally, VAS is great when it works. Seems to work reliably enough for me at Walgreens and Jimmy Johns as two examples. (Though I often forget it works at Walgreens because they heavily encourage the two-step procedure because the cashier likes to make sure you have the loyalty card for some reason before finalizing the total, even when no savings would have been involved.)
Could you explain a bit about this? I’ve never seen a card acting double purpose like this and I’d love to read about it. Does your credit card have some sort of rewards program for the store, or is it a store card? Or how does this work exactly?
It's not a store card, it's a fairly regular Visa Credit/Debit card from my bank (Osuuspankki) that has the loyalty card for K Group's stores integrated into it. When you order a new payment card, you can add your loyalty card number in the application and they'll integrate it in your card.

https://www.op.fi/private-customers/daily-banking/cards/card...

Other banks in Finland also offer the same loyalty card integration with their payment cards.

No idea how it works technically. I assume that it broadcasts the loyalty card and the debit card at the same time when you use NFC, since you can get both with one (long) tap against the payment terminal. It also reads the loyalty card if you use chip + PIN to pay. The loyalty card is completely separate from the actual payment card - if I use Apple Pay to pay with the same underlying Visa card, it will not give me any loyalty rewards.

Something similar applies to Costco gas pumps: if you have a Costco Visa you can tap it once and it will both validate your membership (which is required to use the pump) and bill the charge to the card. Apple Pay doesn’t work because the membership isn’t associated with it.
In London at least, few people use cards any more. People often still call phone payment card payment though - I guess people have mostly figured out it's the same underlying mechanism. Personally, I still carry a card in case my phone runs out of battery, but I keep it in the bottom of my backpack.

If only Android had a way to pay if the phone was out of battery I could dump the cards entirely.

Incredibly, my iPhone died while walking in NYC, but was still able to use the transit card at a gate. It goes into a low power mode that still has the payment/transit card powered.
Indeed. Android currently lacks that feature but without it I don't feel confident in going completely plastic free.

Perhaps at some point batteries will get so good that running out of battery just won't be a concern any more.

Brands > Standards, unfortunately all too common in the US compared to Europe.
The use of signatures in the US boggles my mind. Who checks this ever? I worked retail for years in the US and I would usually check the signature and (very rarely) challenge a signature. The customer was almost never happy I did this, so I generally wouldn't bother unless there were other reasons to be concerned. (For example, kids clearly using their parents card or someone who wrote "see ID" on the card.)

One additional thought: I now live in Europe, and use my contactless card for payments. However, sometimes it fails and I am required to use my chip and PIN. (I'm guessing because the bank thought the transaction needed additional security for some reason.) In this case, if I only had my phone, I would be stuck?

With Apple Pay it never asks for PIN (been using for years). I'm no expert, but I think authenticating with FaceID/TouchID means it always provides the equivalent of a PIN.
I think it can ask for a PIN but it is the PIN of the phone when FaceID does not work so is not the card PIN.
Chip & PIN cards (at least in the UK) have limits before you're forced to verify again via C&P. It's usually a £ amount or # of transactions.

Apple Pay does not force the above, as you have already identified yourself via mandatory biometrics or device PIN.

The re-verification isn't a hard spending limit or count. There's some fuzzy logic (or like the kids today would say "AI") behind it.

Basically it references the purchase to your history and if there's something funky it forces you to re-auth.

Mostly happens to me on vacations and road trips when I pay in multiple locations 100s of km away from each other.

But I've never had to do it at my local grocery store(s), even though I might visit them multiple times a week.

It's called Strong Customer Authentication in the UK. I'm merely repeating what I understand of it, and what I have actually read on bank websites. For example:

"In a ‘card present’ scenario, the convenience of contactless at point-of-sale would remain, however customers will be asked to complete a Chip and PIN transaction when they reach the maximum total contactless spend, or have exceeded the card issuer's limits for consecutive contactless transactions since they were last authenticated." [1]

"When you spend around £100 in shops (across multiple payments, not just in one go) without having used Chip & PIN , we’ll do an extra security check by declining the next contactless payment and asking you to use Chip & PIN instead. " [2]

[1] https://www.barclaycard.co.uk/business/business-matters/frau... [2] https://monzo.com/blog/2019/09/11/strong-customer-authentica...

There is a transaction / amount limit for contactless transactions. Banks generally keep it secret for security - but it can be something like "transactions over x EUR need PIN and also ever fifth will need PIN".

It is pretty annoying because there are a lot of terminals that don't have the PIN keyboard, e.g. on vending machines. If you card decides it needs PIN, you are not buying, unless you can sidestep it using a phone.

>There is a transaction / amount limit for contactless transactions.

It doesn't seem to be universal though. I paid for multiple hotels in Europe (so hundreds of pounds/Euros) with contactless payments and--although I actually made a point of making sure my card had a PIN after a problem on my previous trip--I never needed it.

Most (if not, all) banks will send the transaction to a risk management solution such as LexisNexis including a bunch of metadata. It then assigns a risk score and your bank will factor that in with their risk appetite when deciding whether to ask for your PIN.
Depends on the provider, but with some, you can go contactless+PIN (saved my stomach once or twice already).
The need for signatures has decreased (and was mostly killed by the pandemic). But there are still a few stores I go to that need a "signature" either by pen or on a terminal--but just a scribble or an X suffices.
In other words, the signature is completely useless as a fraud prevention mechanism, which is why Chip+PIN was introduced in the first place.
(comment deleted)
(comment deleted)
Interesting, i've never looked too much into the credit card universe.

What i know is that almost 50 (times flies, i originaly wrote 40...) years ago, my uncle worked a bit with secure terminals at a French company (forgot the name, but i know he lived in Spain for a while), then was yanked by a company that worked with American Express, took the Paris-NY Concord at least a hundred time to try to implement the same stuff he did in Europe in the US (chip + PIN), was distraught because the issue weren't technical and somehow transformed from engineer to executive, and ended up being an auditor for money laundering and fraud detection in major banks (received death threats and had bodyguards for a while).

Don't know if it is related, but the first time i went in the US i remembered some stories he told me about this American Express job and said to myself "Yeah, that checks out".

The company sounds like Gemplus / Gemalto :)

Yes, there is no reason to believe that the chip+pin is a technical issue, it's mostly business / political with lot of (financial) interests under.

Often policies like that are decided because of lobbying:

some people found large niches on how to make money, and they try to convince others to not change their habits even if the new system would benefit the masses (like the situation with the imperial system).

Wait so contactless are not normal in the US??
It's not uncommon but a few major retailers like Walmart, Kroger, Home Depot and Lowe's for example don't accept it. It's also not too common in hospitality (they take your card to the cash register, instead of bringing the payment terminal to you).
It is, except at Walmart/Home Depot/Lowes/hotels/wait service restaurants and a few other brands in my experience.
The Home Depot I frequently used in Dallas supported contactless payments. Might be your area. Walmart however did not.
Interesting. Did it also accept Apple Pay? Between west coast and northeast coast, I have never seen a Home Depot accept any kind of contactless payment, even with newly installed self checkout systems.
I think so? That's the only thing I use. It's possible that I'm not remembering correctly. FWIW I was also using the self checkout thingy.

A cursory google search suggests that most HD stores do not accept it. There are some reddit threads about individual stores gaining support. Perhaps I lived in a test market?

Hopefully they rollout support soon!

I literally just paid with NFC at Home Depot like 3 hours ago.
It's been common for like a decade now.
>As an explanation, there are two different things called "Apple Pay" in the US…

No Apple Card is not called Apple Pay

>It's hilarious (in a way) seeing USians comment on this post. The rest of the world has had contactless payment for at least a decade.

Huh? I remember making contactless payments from my Samsung phone in the USA back in 2013 just fine. It had an unfortunate name at the beginning, but otherwise worked great.

https://en.wikipedia.org/wiki/Softcard

As nice as your Samsung might have been, it's pretty absurd IMO to claim contactless was as prevalent in the USA in 2013 as it was in European countries like say France or the UK. Huge nationwide retailers such as Walmart and Kroger held out adopting practically forever, and there are loads of other examples who haven't adopted or only did so very recently - The Home Depot, Lowes, Starbucks...

> https://www.macrumors.com/2023/04/15/kroger-fred-meyer-apple...

I was living in London circa 2010/2011 when some friends from the US came to visit. I recall having to use my card to hire bikes for them (the Barclays/"Boris" bikes) because it required a tap from a chip+pin card to release them from the locks. My US friends had no such cards. Yet they were clearly ubiquitous enough in the UK at the time to make it a hard requirement for getting a bike.
> The rest of the world has had contactless payment for at least a decade.

Perhaps it's better to specify which parts of the world, I'm assuming you mean US and Canada versus Europe and China.

Meanwhile, most developing nations (which make up a majority of the countries in the world) still operate primarily on cash.

Canada is at the forefront of contactless payments. Most Canadians had a contactless physical credit card before Apple Pay came to Canada. Because of that, most people in Canada don't bother to set up their phone; they just swipe their physical card, no pin or signature needed for lower amounts.
In Brazil even beggars accept money through their phones and everywhere there's contactless payment.
> The reader will go through its standard business rules for floor limits, PINs etc and process the transaction.

Just on the limits part; here in Ireland (and probably a good chunk of Europe) the limit on a physical card is around EUR50. But on Apple Pay (and probably other phone-based card payments that I have tried) that limit is removed... I have bought TVs (EUR500+) and put a deposit on a car (EUR1000) with Apple Pay and no issues. Some terminals do have issues (older ones that the store just couldn't be arsed updating have a max 50 limit, even on Apple Pay) but most do not have this issue.

Long story boring; there must be something somewhere that tells it the limit is increased. Also, the reason is the security Apple Pay and others give. You will have a very hard time explaining how someone got passed your face id for a payment...

> The rest of the world has had contactless payment for at least a decade.

I think you have a very narrow view of "the rest of the world"! Try "Europe and East Asia" for a little more accuracy ;)

you can easily add a lot of Oceania to that too.
My understanding was the reason the US didn't end up transitioning to chip and pin was they couldn't transfer the liability in the case of compromised pin. That is the consumer liability would still be limited to $50. So there was no incentive for the card network to roll it out in the US. You still get the benefits of the fact the card cannot be copied which is significant.
(comment deleted)
I would had the user experience of having to enter a PIN on each transition. Fraud prevention is not my problem and I wouldn’t want to be inconvenienced in a veiled attempt to reduce fraud.

Apple Pay is quite the nice experience especial with the Apple Watch. It even getting out your phone is heavenly. Only thing I wish now is having to double-tap the button on my watch to initiate the process. Would to just hold it up.

> As an explanation, there are two different things called "Apple Pay" in the US. One is the use of the secure element/wallet in an iPhone/watch to store an EMV card that is tokenized. The other is the Apple branded credit card issued by Goldman Sachs.

You're incorrect about the 2nd. The 2nd "thing" is called Apple Card - most people know the difference.

I haven't been refused Apple Pay (ie, EMV) almost anywhere in the US unless that place simply only accepts cash.

I agree on the current state of US cashless system. I moved here last year from a SEA country, I was surprised the amount of fees for a cash withdrawl, it's charged both ways which is ridiculous. In my country, if banks joins the national system (which are most of them), then there is no fees for transactions between them. The check system is incredibly archaic, the overdraft thing is just pure greed. The fact that I can transfer money across different banks instantly in my country and have to wait a few days for a wire transfer in the US is just mindblowing for the biggest economy in the world.
> It's hilarious (in a way) seeing USians

American is the term Americans prefer, let’s try to be respectful.

(comment deleted)
Apple Card is not Apple Pay. You seem to be the only one confused about that not ‘USians’.

It's hilarious (in a way) seeing EUians comment on Americans.

(comment deleted)
everybody in here who states a bank / financial institution's rates and then says 'there are better out there' without listing the name is greedy, a bot, or a wetard.
This is the one of the last ultimate service plays (the best one remains to be healthcare, which they are working on) in the shift to service transition.

If your savings are on Apple Wallet, you will be not switch away from an iPhone for many years. The average deposit duration is 7 years, used by banks to manage risk. This “lock” is better than any carrier 24-36mo agreement.

Healthcare obviously would be groundbreaking, if you depend on your phone for healthcare (it would be potentially life long…).

So regardless if they make money on these services, they’ll continue to make more money on devices.

I guess this is why Apple Card is only on iPhones, despite the tech existing in every Apple iPad & Mac by now. Otherwise you could maintain your Apple “subscription” over a $400 iPad or a $600 Mac mini, which (arguably) “age” much slower.
I’m super annoyed when websites still ask me for card details and can’t implement proper browser auto fill.

Is there a way I can get rid of all my physical cards and have them securely on my iPhone without saving the details in cleartext in a note?

(comment deleted)
Both my Canadian and Spanish banks have the ability to show me my card details in the banking apps themselves. I pretty much rely on my phone for everything here in Spain (even most ATMs even have “tap” NFC abilities) so getting card details in an app is convenient for online purchases, instead of finding the card itself.

Both my banks have the card details behind the login screen (faceID or user/pass) to just open the app, and then a PIN to see the details, so it feels fairly secure.

Lastpass and other password managers have this ability. It's great for other random data like account numbers, driver's license number, car vin, anything else.
Apple Pay and some other payment methods generate a single-use token per transaction which is much safer than sharing you raw credit card number with a merchant. The token can only be used once for that particular transaction.
the second this is popular worldwide, not an US curiosity, it won't be able to handle crime.

first thing I'd start is a public camera collecting face metrics and images, and then associating them with the iphone radio (plent to chose from) then criminals who steal a phone could buy the face unlock info after uploading a radio sample.

I'm 42 and live in the US. I have Google Pay/Wallet all wired up, and I even have Garmin Pay on my smartwatch. It all works just fine but most of the time I still just take out my credit card and tap it. It objectively takes less time than unlocking my phone or watch, and it works 100% of the time. I can't stop carrying the cards anyway because a lot of places still don't accept tap/EV (including Walmart and Lowes).
> and tap it

I've been trying to do this only to discover the location you need to tap is inconsistent and never clearly marked.

I usually try once then insert it in the slot.

Good point. I find this is a problem when I'm somewhere new and I'm not used to their point-of-sale device. But (like many people I assume) I make many of my purchases at the same few spots (grocery store etc) and I know where to tap for those.
I drove to the grocery store yesterday and realized that I forgot my wallet. I decided to gamble that Tap-to-Pay was available and would work. I was able to complete my purchase but not before playing the where to tap game.

I think my Android phone's NFC coil is smack in the middle, which requires moving my hand from a cupping to clawing hold while keeping the screen on and not touching it. Then slowly rubbing it around the POS terminal starting first with the Tap-to-Pay logo until the screen on my phone indicates it's talking.

Android manufacturers really need to work on the placement of NFC coils. Since cameras are on the top right corner of the phone, they should place the coils in the top left. I know Apple's coil is near the top but I've never used an iPhone for T2P so I'm not sure how much that improves the experience. Knowing Apple it's better, I can't imagine they could find a way to make it worse.

I don’t know how Google Pay works but when the payment terminal is ready for payment and you put your iPhone near it, it automatically turns on and waits for you confirm the payment.

A lot of people have multiple credit cards. Mobile payment means you can leave those at home. Credit card taps also don’t work 100% of the time. I’m sure everyone has had times when there’s something wrong with the terminal and you give it a second shot by inserting the card.

I had my bus pass on my phone. The reader always took two tries, multiple unlocks and timeouts, and was just annoying. I would always try to have my phone unlocked and ready while the bus was coming up but then it would time out. Struggling with my phone in a time sensitive situation was not my cup of tea and ended up going physical card as well.
Shameless plug: Gamma Pay [0] enables accepting Apple Pay on Chrome and other non-Safari desktop browsers.

[0] https://gamma-pay.com/

The shops in my area that used to be cash only mostly switched over to tap / card only. For a while, the cash only places were the targets of choice for break ins and robberies. Even my wife who used to prefer cash and checks switched over to mostly digital payment after her locker got broken into at the gym.