Judge rules banks can sue Target over credit card breach; Apple Pay value proposition intensifies

cfsp key=”getamac.jpg”]”A judge last week ruled that banks will be allowed to sue Target for negligence stemming from the retailer’s gargantuan credit card breach from December of 2013,” Yoni Heisler reports for TUAW. “A slew of big time retailers, from Home Depot to Neiman Marcus, also suffered embarrassing credit card breaches over the past year.”

“With banks, at least in this instance, now having the green light to sue retailers for credit card breaches, the value proposition for Apple Pay amongst retailers should be glaringly clear,” Heisler reports. “As we’ve detailed before, the security mechanisms that govern Apple Pay are extremely robust and are at the forefront of an emerging global credit card payments standard.”

Heisler reports, “Simply put, it’s not a stretch to say that Apple Pay is the safest way to make any type of credit card payment.”

Read more in the full article here.

MacDailyNews Take: Boycott CVS and Rite Aid and any other company that willfully turns off NFC in a effort to block the vastly more secure, much more private, and far easier-to-use Apple Pay service.

Related articles:
Windows to blame for Home Depot’s gigantic security breach; senior executives given new MacBooks and iPhones – November 10, 2014
Lessons from Home Depot: Expect hackers to crack more retailers this holiday season – November 7, 2014
Retailers like CVS and Rite Aid that block Apple Pay are taking a big security risk – October 28, 2014
Massive data breach: Target’s Windows-based PoS terminals were infected with malware – January 13, 2014

19 Comments

  1. For the record, Home Depot, thought to be among the Rite Aid crowd, does in fact not “Block” Apple Pay. They simply do not advertise it.

    Apple Pay to your heart’s content at HD. This is the kind of promotion you get, for NOT being an A$$ like Rite Aid.

    1. http://boycott-mcx.com found this site searching for the MCX vendors.

      HD changed their stance on  Pay early on and adopted it, you are correct.. they just don’t advertise it.

      The site lists Jack in the Box as  Pay accepted.. But I tried using it there once and it was a no-go. I’m assuming that not all franchise locations use the same banks etc.

    2. I found this out personally. Went by for chandeliers that I’ve had my eye on and the were on sale. Used Apple Pay though clerk was TOTALLY clueless as to what it is or whether they take it. Save your energy and don’t ask. They will likely say no even if they do. I had my receipt emailed to me and sure enough, the last four digits of the card on the receipt matched the last four of the device acct number on my phone – NOT my card number. Was nice to see that.

  2. I love Apple Pay, but I don’t think this decision will send retailers running into Apple Pay’s arms, mainly because the switch to EMV chip cards, currently underway, is supposed to solve the problem just as well. I know my grocery store has slots for chip cards at all its POS terminals (though I don’t think they’re active yet), but no support for NFC.

    I think it’s convenience that will drive the move to Apple Pay (and its inevitable clones) more than security.

    ——RM

      1. It has nothing to do with Pay using TouchID. Pay uses a one-time token code that is not tied to your name, bank account, etc. so if a thief gets the data from the retailer, they only obtain useless codes. Thus the retailer can’t keep databases full of names, account numbers, etc.

        The EMV chips are really just encoding chips to try to prevent interception from a terminal. There have been serious breaches in this security, and because many EMV transactions require a PIN to be entered, both the card info and the PIN have been transmitted to the thief.

        The EMV chip also does little to nothing to prevent a breach into a retailer’s systems, which is where large-scale identity theft is taking place (Target, Home Depot, etc.). Pay prevents this because the retailer doesn’t get the card info, just a one-use token, which is useless to the thief.

        1. Touch ID means added security for the user because with tap and pay terminals, using your card is just as easy as using your phone, but is also just as easy for the guy who steals your wallet. He can’t do it with your phone because of Touch ID.

          1. Ah but remember when Touch ID first came out, the thieves were all going to lift our fingerprints from the glass front of our phones, then build rubber fingers with those prints. Bwahahahaha

  3. On a related topic, how about US consumers being able to sue credit card companies for _their_ gross negligence in failing to issue credit cards with embedded microchips (instead of magnetic strips) — something routinely done in the rest of the world?

    1. The embedded chips don’t prevent retailers from being hacked and their databases being stolen, which is the big issue. Plus, US consumers are only liable by law for up to $50 of credit card fraud, and most companies don’t even enforce that.

      1. Exactly, and just doing a simple search can show the materials needed to build your own device to “acquire” all the data form the embedded cards also, without having physical access to the card either. (like on a subway/bus/etc)

        The magnetic strip isn’t secure, neither is the embedded chip.

  4. Retailers now have to do an entirely new risk-reward analysis: Do they still want to gather all the consumer’s information they can, tied to a credit card number and other personal data, or do they want to insulate themselves from potential liability and find another way to voluntarily obtain consumer information (a la shopper reward programs)?

  5. On a related note, I went to Target this weekend and they have new readers by VeriFone and they do NOT take Apple Pay. Weren’t they one of the companies heralded as taking Apple Pay. I voiced my displeasure and told them to email me when they take Apple Pay.

  6. i used apple pay at rite aid in LA a few days ago.. It worked but they made me also put in my pin for the card.
    I asked why.. My finger print has already authenticated it and that its redundant …. The answer was ” i dont know sir, the IT person set it up that way ” …
    .???

    1. Me too, at a Walgreens. I was taken aback when it also asked for a pin. Touch I.D. AND a pin is ridiculous. Another typical IT doofus didn’t get the Apple security memo and completely misses the selling point of the ease of transaction.

    2. You may be using the debit card, vice credit card, feature of your bank card. If you needed to use your PIN before Apple Pay, you’ll need to use it with Apple Pay. Apple Play secures the transaction stream, it doesn’t affect how the card is normally used.

      So, when the retailer asks if you want to use debit or credit, select the credit option.

      1. I used a debit card .. But never even had the chance to choose debit or credit!
        regardless i think it is a glitch in applepay or how apple is requiring merchants to set up applepay…
        Pin or signiture are redundent and reduce the utility value of apple pay.
        Also i used the same card as debit at McDonalds and i was not asked to use pin….Worked beautifully !
        My gut say something is not right here.. Either some manipulation by the merchants or lack of training or requirements from apples side

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.