Used it a few times.
Seems to fix a problem I don't have. Whipping out a thin piece of plastic and swiping it, never seemed all that inconvenient.
Waiting on a gadget to read my fingerprint is way slower.
I haven't used Apple Pay (nor Google Wallet) because I don't need yet another entity tracking my purchase habits so they can try to sell me ****, but I also acknowledge that there is a security advantage in using a token rather than transmitting one's actual credit card numbers. I say this as someone whose personal and/or financial information has been compromised
at least six times (so far):
- The V.A. missing laptop debacle
- The Adobe hack
- The Target hack
- The Food Town hack
- The Home Depot hack
- The Anthem hack
I also
may have been caught up in the Citibank hack. I had no active accounts with Citibank at the time, but they still had information about me from old accounts on file. They don't think any of it would have been exposed, but they gave me a year of identity theft protection anyway. In fact, I've been given so many free years of identity theft protection that AllClearID daisy-chained my free memberships.
So I think the idea of using a token rather than a credit card number is a pretty good idea. The problem is that in addition to the data-mining aspect, using Apply Pay or Google Wallet requires that I entrust my credit card numbers and other personal information to yet another entity (Apple or Google), both of which become high-value targets for miscreants, and therefore represent additional vulnerabilities that I must accept as the cost of additional safety.
I also take little comfort in the companies' assurances that the information is encrypted and firewalled a bazillion different ways because somewhere within their systems exists the capability to utilize that firewalled, encrypted information to fund purchases; and until the companies can persuade me that they've figured out how to look into a person's soul as part of the pre-hire process, the possibility of an inside job still exists.
The only service of this kind that I might consider using would be one by PayPal if it ever is implemented by enough merchants to be worth the bother. The main reason is not so much because I trust PayPal any more than Apple or Google (although I do somewhat for reasons I'll mention shortly). It's mainly that PayPal already has my information because they are also my merchant processor, so there would be no additional exposure.
The reason I tend to have a bit more trust in PayPal is based on personal experience. In one of the hacks (the Food Town one), my PayPal business debit card was definitely compromised and actually used to make two expensive purchases. Because PayPal notifies me immediately (as in within ten seconds) whenever the card is used, I was able to call them on the telephone and report the unauthorized uses. Within literally minutes, they credited the amounts back to my account.
Because the card would have to be cancelled, they also offered to rig it to allow one additional use of the compromised card to make a cash withdrawal from a local ATM of my choice, or to make a wire transfer into my checking account (and waive the fees), in case I needed immediate access to the money before the new card arrived. I later learned that they also contacted at least one friend of mine who's a local merchant and who also has a PayPal business debit card to review his account for fraud, and wound up proactively canceling and re-issuing his card with a new number.
The long and short of it is that PayPal did everything they possibly could to make me whole and to prevent further fraud, they did it quickly, and the process began with my phone call to a real human being. Granted, I'm a long time, "preferred" (whatever that means), business customer who's never had a single chargeback, complaint, or other unsavory incident; so I suppose that my credibility and trust levels with PayPal are pretty high. I know that my hand-keyed charges for thousands of dollars each are routinely deposited into my account and available for withdrawal within a few seconds; so I guess they trust me, and maybe that trust was part of the reason why they acted so quickly to make me whole. But whatever the reason, I was impressed by how they handled the case.
Of course, that doesn't change the fact that PayPal is also an extreme high-value target for hackers and miscreants. But because they already have my information and because they have already demonstrated how excellently they handle these sorts of things, I'd be much more inclined to use their phone-based payment service than anyone else's if I were going to use one at all.
Ultimately, however, I long for the day when our archaic magstripe system is abolished in favor of EMV chip-and-pin. Even chip-and-signature would be an improvement, but I'd prefer chip-and-pin. After being caught up in this aggravation so many times, I'm all for anything that makes it harder for miscreants to steal my card information.
Rich
