I’m not even sure if I’m calling them by the right term, or what ones exist for Android. I guess it would be the equivalent of Apple Pay, which at least I have heard of. I gather generally you have an app on your phone, into which you enter some kind of payment information (credit card or debit card number? bank account?) and somehow it transmits that information to a device at checkout.
Two things about this give me pause: having this payment information on my phone, which might get lost or stolen; and how secure the transmission process is between phone and checkout device. I’m sure these things are pretty secure most of the time, but what’s the worst that could happen, or has happened recently?
I use Google Wallet on my Android phone to make payments. You enter your credit card number into the app and then at a payment terminal you just hold your phone up to the scanner instead of your credit card. Using the app is MORE secure than using your physical card, both because your card number is not printed on your phone for everyone to see, like it is on your credit card, and because of the wireless protocol, which doesn’t involve transmitting your credit card number to the terminal. If your phone is lost or stolen, even if the crook can get into the phone at all (which they shouldn’t be able to do if you have a reasonable locking method enabled), they can’t access Google Wallet without your fingerprint. There are no such protections if your credit card is lost or stolen.
There’s a discussion of the security features here:
Phone security is not the only issue; owner security is also a big issue.
@Roderick_Femm: suppose a young punk points a gun at you and says: you need to transfer all the money in your accounts to me or I will shoot you. Surely you will stay resolute and refuse?
I don’t have this problem because I don’t have any financial apps on my phone.
If your phone is a Samsung they have a built-in app called Samsung Pay. Which is functionally equivalent to Google pay and Apple pay.
You teach it about whichever credit/debit card(s) you want, and it knows them and can use pay for things with them. With your fingerprint, and only with your fingerprint. As noted above, it’s at least as secure as your physical card(s). It can also do transit cards, gym membership cards, and almost every sort of physical card you might need to carry. Sadly it doesn’t yet do driver’s licenses in a manner the police will accept.
There are a couple of limitations, at least for Samsung pay which is the only app I’ve used. The first of these may be a larger or smaller issue with other pay apps; I don’t know. The rest of them apply equally to all the phone apps.
Your card-issuing bank has to have signed up with Samsung. If they have not, the app won’t accept that card for storage. I have about a dozen credit cards which gives me a pretty good sample of issuers. The store-branded affiliate ones generally don’t load, but the regular bank ones do. My bank ATM/debit card does, but my retiree FSA-equivalent debit card does not. etc.
The app uses the same technology as does a tap card. The merchant’s reader doesn’t even know it’s a phone; it thinks you’re tapping a card. Wich leads to the issue: Not every merchant is equipped for tap cards. Some still require you stuff your chip card in the reader, or the real old school ones still use a magstripe swipe and only a swipe. A merchant like that who can’t take a tap card also can’t take a phone app. So you still need to carry at least one physical card (or shudder cash) to handle that case.
A side-issue akin to the above is a decent fraction of restuarants still do the monkey-motion where the server takes your card back to their workstation to run it. Maybe tap, maybe insert, maybe even swipe. Those folks usually can’t take a phone app payment. Some can if you’re willing to hand the server your unlocked phone, but I’m not. The more modern-equipped restaurants where the servers have handheld devices can all take tap and therefore phone payments right at the table or front cashier.
I’m a total convert. I hate carrying much in my pockets. So my “wallet” is my driver’s license and 1 emergency backup credit card stuck together. My phone has all the cards I actually use.
I should also have mentioned that, having not grown up with them and having used them for only a relatively small fraction of my life, I am more likely to forget my phone when I go out than my wallet. This is getting better, my chief concern being having a camera and communication in the event of a traffic accident.
I’m not convinced that my tappable credit card is at any risk for having strangers read off the number while I’m using it. I also find it easier to use than digging my phone out of a pocket. But it is good to know that the phone app uses the same communication technology.
Like Home Depot, at least the ones near me.
I only have one credit card that I use when I’m buying stuff in person. So I would have to carry that anyway.
Here’s a couple advantageous features I had not mentioned. …
When the phone transmits the info to the terminal, it’s not sending your real credit card number. It’s sending a one-time use number that even if somehow intercepted and decoded by a baddie, can’t be used to charge stuff elsewhere later. Even if the merchant systems are hacked then or later, the merchant never had your card number, so they can’t possibly give it up to a baddie.
Using your phone for all retail purchases should greatly reduce the incidence of your card number being compromised.
When, not if, your physical card is lost or compromised, or the number is stolen in a mass heist from some online merchant where you once used it or stored it, then you will need to contact your issuer, they will cancel that number, then send you a new card. Meanwhile you have no card for a few days until the USPS delivers your new one. Darned inconvenient.
With the phone app, or at least the Samsung Phone app, about a minute after you cancel your card at your issuer, a message pops up on the phone that the issuer has updated the card number info in your phone and you can begin charging stuff again using this new number.
For someone who only has one card and is ever more than 20 minutes from home, that’s darn handy. In the alternative, I’d sure hate to be on vacation someplace and have my only card locked out until I returned home which was planned for 3 weeks from now.
That particular case is not much of a risk, but carrying a physical credit card still comes with a bit more risk. As an example, losing that credit card or having it stolen means anyone can use it until you have it canceled (unless you have it protected with a PIN, which, in the US anyway, is pretty rare.)
To use Apple/Samsung/Google Pay on your phone, you must first be authenticated, either biometrically or with a PIN.
Where on your person do you keep your credit cards such that it’s not an equal effort to pull the phone from your pocket?
This is not a risk to you. It’s a risk to the banks & merchants. As a practical matter you are liable for $0 if your card gets lost, stolen, or hacked.
For me it’s just the opposite. To use my credit card I have to (1) dig my wallet out of my pocket, (2) open it up, (3) pull out the credit card, (4) use the credit card while (5) holding the open wallet in my other hand, (6) put the card back in the wallet, (7) fold the wallet, and (8) put it back in my pocket. Using the phone only requires three of those steps.
To bring up to date anyone who has been following along, I decided to set up Samsung Pay (now subsumed into Samsung Wallet) for my Samsung phone and watch. I have done so successfully, I think, although I haven’t used it yet to buy anything.
With the phone, if I understand correctly, provided that Samsung Wallet is my preferred payment app and that I have only one payment card on it, all I have to do is tap the phone on the appropriate kind of checkout device, and it will behave as if it were the credit card. If I have more than one payment card, I would have to select the card. If this were not my preferred payment app, I would have to select the app, and then (if there is more than one card) select the card.
The watch is less convenient. At best I have to press and hold the lower button and put in a pin to get the phone to the point where I can use it to check out. If I had more than one card, I would have to select the card too.
I’ll be trying both methods to see how they work in the real world. The app itself seemed very buggy in setup, it wouldn’t even come up after the password, I had to delete the files and cache for the app, then delete the app and re-install it, just to get it to go to its home screen. In the process of setting up the app and one card, it froze my screen twice and I had to use the secret backdoor way of re-starting. Not very confidence-building, but once installed it seems okay so far.
It’s a risk that affects everyone, even people who don’t have credit cards. Most merchants factor credit card fraud into the pricing of their products. We pay higher prices so merchants can cover their losses.
And the banks charge card holders higher interest rates to cover their own losses.
One way or another, the consumer pays for it. So, yes, it is a risk to you.
The same way that all shoppers pay for merchant losses due to shoplifting, employee theft, cash losses from robberies, damages during shipping, expired unsold food, etc. Credit card losses are no different than any part of the system.
It’s different insofar as Joe Customer can’t do much about shoplifting, employee theft, etc, but he can mitigate losses (and therefore higher costs) due to credit card fraud by using a smartphone that requires authentication.