Safe Paying
Safe Paying: a reader asks…
Hi Chris, can you tell me what’s safer? Chip cards versus swipe cards versus Apple Pay versus Samsung Pay?
The first thing to recognize is that safety is not an absolute. There’s no 100% guarantee that any method of payment (even cash) is going to be completely safe. The second thing to recognize is that relative safety drops as more institutions have your financial information. The news is awash in hacks by retailers, financial institutions, even hospitals. You can pretty much bet that every place you’ve made a purchase has been hacked in some form or another. In a near-perfect world, there would be only two places where your payment information is known – yourself, and your financial institution.
With swipe credit cards, your payment information is right there on the magnetic stripe. Your credit card number, expiration date and name are digitally recorded in strips on that stripe. So everywhere you use it, your payment information is recorded and subject to being stolen. And since the information is recorded magnetically, it can be read by a cheap pocket card reader, or a skimmer device inserted in an ATM slot. When you hand your credit card over to a waiter and they disappear to the restaurant’s payment station, there’s nothing to stop them from swiping the card twice – once for the restaurant and once for a hacker who provided the pocket card reader and pays them a reward for every card they swipe.
To counter this, credit card companies in the US have slowly started to roll out chip cards that have better security. but not as much as you think. The chip encrypts your payment information when you ‘dip’ the card into the slot, and provides one-time transaction codes to the retailer which are verified by your credit card company to complete the transaction. But unlike the rest of the world, the US credit card companies are rolling out almost exclusively ‘chip and signature’ cards where you sign to verify transactions. We all know how easy it is to fake a signature! The rest of the world uses ‘chip and pin’ where you have to type or tap in a pin number to verify the transactions. But at least your credit card number and expiration date aren’t given to the retailer, so this is a big improvement.
Apple Pay came out with an even better solution – your card is recorded in the app on your iPhone, the app generates a one-time transaction code and that’s verified by you with your fingerprint to approve the transaction. This is currently the highest security method of payment that you can use, but of course it’s only for iPhone users. Plus, your retailer has to enable that feature on new credit card terminals, and they’ve been slow to do so.
Samsung thought they’d be smart and came out with Samsung Pay, which supposedly one-ups Apple by working even on older credit card terminals, so it works with just about any retailer. But security is a sham, Samsung Pay mimics the magnetic stripe and sends that same information to the terminal. A huge step backwards in security to enable a baby step forward in ease of use. Apparently Samsung thinks consumers value ease of use over security – and they might be right for some. But more and more consumers are getting savvy about the security of their digital lives, so I expect Samsung Pay to remain a bottom-feeder in payment solutions, at least until Samsung changes their model to favor security.
So if you have an iPhone, you should use Apple Pay everywhere you can. If you shop somewhere that doesn’t offer it, you should ask for it. It is truly the most secure method of paying for things on the planet today. If you don’t have an iPhone, then you should use your chip card, and if you shop somewhere that still requires you to swipe that card, then you should ask for it.
And lastly, since there’s no 100% secure solution, you should always be aware of every financial transaction that’s made on your accounts. Most bank and credit card companies now offer a notification method for every transaction made, either by text message, app notification on your smartphone or email. You should definitely turn this on so that you know every time your credit card is used, or every time your bank account is debited. Take charge of your own security and enjoy a healthier digital life!
This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:
or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!