The Safest Way to Use Your Credit Card – Apple Pay, Samsung Pay, EMV Chip

Last Update: 8/4/2016

In the beginning, there was cash. Then came credit cards, which were much more convenient...but also opened up new avenues for thieves, who could use your account just by stealing a credit card number.

Now, a whole slew of new technologies have hit the scene, promising better and safer credit card use. EMV chip cards, Apple Pay, Android Pay, and Samsung Pay all promise you increased security combined with convenience. But which one is really the safest and fastest?

Old and New Technologies

Old-school credit cards store your account information on a magnetic stripe that you swipe through a card reader. This means that anyone who has your card has access to your account. It’s also possible for thieves to hack into a store’s data files and get account numbers for hundreds of users at once.

To deter thieves, stores can have you sign a receipt whenever you make a credit card transaction. In theory, this should stop a stranger from using your card, but in practice, it doesn’t do much. Most stores don’t require a signature for small purchases, and even for large ones, they don’t usually bother to check the signature against the one on your card.

New payment technologies have more sophisticated methods of blocking theft. They come in two main forms: EMV chip cards and mobile payment systems.

Facts About EMV Chip Cards

• EMV cards (short for Europay, MasterCard, and Visa) store your account information on a computer chip embedded into the card.
• When you make a transaction, this chip doesn’t pass along your actual account number. Instead, it creates a single-use code to authorize the transaction.
• EMV cards, also known as chip cards or smart cards, are already the standard in Europe. Now, US card issuers are also making the transition to chip cards.
• As of September 30, USA Today reports, only four out of ten users had been upgraded to the new cards—and many businesses still didn’t have the new chip readers required to use them.
• The current generation of EMV cards also have an old-school magnetic stripes on them. That way, they can still work in older card readers. This legacy compatibility will be needed for many years, yet reduces security.
• The payment terminals used by stores, often have the ability to enable encryption but may not have them turned on, due to extra costs or complexity.

Facts About Mobile Payment Systems

• With a mobile payment system, you enter your credit card information into your phone or other mobile device.
• To make an in-store payments. you wave your phone across the NFC (near-field communication) reader.
• Like an EMV card, a mobile system creates a one-time code for the transaction, so your actual account number never enters the store’s records.
• You can also use mobile payment systems to shop online through retailer apps that accept them.

Types of Mobile Payment Systems

Right now, there are three mobile payment systems on the market:

• Apple Pay. The Apple Pay system works only with relatively new Apple devices. You can use it to make in-store payments with the iPhone 6s, iPhone 6s Plus, iPhone 6, or iPhone 6 Plus, or with an Apple Watch that’s paired to an iPhone 5 or newer. (It also works on newer iPads, but only for in-app payments, not in stores.) Apple Pay works with most major credit and debit cards from top US banks; you can find a complete list of participating banks on Apple’s website.
• Android Pay. This system works on any Android device. It comes preloaded on many devices, but if your phone doesn’t have it, you can simply download the app from Google Play. Android Pay works with Visa, MasterCard, American Express, and Discover cards; participating banks are listed here.
• Samsung Pay. Samsung Pay, the latest addition to the mobile payment field, works only with Samsung’s newest devices: the Galaxy S6, S6 Edge, and S6 Edge+, and the Galaxy Note5. In addition, your device must be connected through one of the major mobile carriers: AT&T, Sprint, T-Mobile, US Cellular, or Verizon. Finally, Samsung Pay requires a major credit card from one of four participating banks: Bank of America, Citi, US Bank, and Synchrony Financial.

Comparing Security

All the new technologies prevent hacking by keeping your credit card number hidden when you make a purchase. Even if hackers managed to lift the information from one of your purchases, all they would get is the one-time transaction number, which can’t be reused.

However, this process—known as “tokenization”—can’t stop thieves from getting at your money the old-fashioned way: by stealing your wallet or phone. Once they physically get their hands on your credit card, what’s to stop them from using it? The answer to that question depends on which technology you’re using.

EMV Card Protections

• Chip-and-PIN. In Europe, EMV credit cards use a “chip and PIN” system. You insert your card into an electronic chip reader, then punch in a PIN (Personal Identification Number) to verify your identity. This  is the most secure  way to use  EMV. The Chip does not track your location although charging an item will get your location logged on your bill of course.
• Chip-and-Signature. In the US, most banks aren’t set up yet to process PIN payments. Instead, they check your identity with a signature, which often passes without examination. US card issuers plan to switch to a chip-and-PIN system eventually, but it will probably take two to three years.
• Online Shopping. EMV cards don’t offer any extra protection for online shopping. You can’t use the embedded chip to generate a one-time transaction code as you do in a store, so you have to use your actual account number, which could possibly be intercepted by hackers. With mobile payments, by contrast, tokenization protects you for both online and in-store purchases.

Apple Pay Protections

• Fingerprint or Passcode. When you use Apple Pay with your iPhone, you must put the phone near the credit card terminal and either enter a passcode or use the TouchID sensor to scan your fingerprint. Thieves can steal your phone, but they can’t steal your fingerprints—and a passcode up to six digits long is pretty hard for them to guess.  The  downside  for  online use  is that apps need to be updated to support Apple  Pay.
• Click and Scan. Apple Pay for the Apple Watch, however, doesn’t offer nearly as much protection. To authorize a payment with the Watch, all you have to do is double-click the side button before scanning the phone. So if a thief manages to snatch your Apple Watch, they can also get into your Apple Pay account.
• Find My iPhone. If your iPhone or Apple Watch is stolen, there’s a way to keep thieves out. Just log into iCloud and use the “Find My iPhone” tool to mark the lost device as missing. That way it’s automatically cut off from your Apple Pay account.

Android Pay Protections

• Unlock and Swipe. Unlike Apple Pay, Android Pay doesn’t require a passcode or a fingerprint scan to authorize a payment. All you have to do is unlock the phone and wave it over the NFC reader.
• Security Loopholes. Some newer Android devices have fingerprint scanners, but they’re not that secure. According to Business Insider, the Android scanners have security loopholes that make them vulnerable to hacking.
• PIN Protection. Fortunately, can set up a PIN-protected lock screen on your Android device. As long as you keep the device locked when it’s not in use, thieves can’t use it to break into your Android Pay account.
• Remote Lock. If your Android device is ever stolen while it’s unlocked, you can go into the Android Device Manager to remotely lock it and secure it with a new password.

Samsung Pay Protections

• Fingerprint or PIN. Like Apple Pay, Samsung Pay requires either a fingerprint scan or a PIN for every transaction. However, Samsung Pay only takes 4-digit PINs, which aren’t quite as secure as Apple’s 6-digit passcodes.
• Find My Mobile. Samsung doesn’t offer as many options for securing a stolen phone as Apple and Android. If you’re signed up with Samsung’s “Find My Mobile” service, you can use it to remotely delete all your payment information to stop thieves from accessing it—but then you’ll have to input it all again if you get the phone back.

The Bottom Line

All four of the new technologies are much more secure than an old-school credit card. However, some are clearly stronger than others. The Safest Way to Use Your Credit Card from best to worst:

1. Apple Pay. The best of the lot, with all your transactions secured by either a fingerprint or a passcode of up to 6 digits.
2. Samsung Pay. A close second, but its 4-digit PINs are slightly easier to crack than Apple’s.
3. Android Pay. It may eventually rival Apple and Samsung, but right now the weaknesses in its fingerprint recognition make it a distant third. However, securing your Android device with a PIN makes it much safer.
4. EMV Cards. Though they protect you from hackers, any thief can use a stolen one simply by faking your signature. And when you’re shopping online, an EMV credit card is just a credit card.  Also validating an EMV seems to take longer in our local tests at several stores. Use the chip card reader instead of the magnetic stripe reader whenever possible.
5. Regular Magnetic stripe Credit cards. They are easy to clone and steal for both in store and online use.