Apple’s new credit card has a curious security feature that will make it much more challenging to carry out credit card fraud.

The aptly-named Apple Card is a new credit card, built into your iPhone Wallet app, which the company says will help customers live a “healthier” financial lifestyle. The card is designed to replace your traditional credit card and give you perks, such as daily cash. Chief among the benefits is a range of security and privacy features, which Apple says – unlike traditional credit card providers – the company doesn’t know where a customer shopped, what they bought, or how much they paid.

But there’s one feature – a one-time unique dynamic security code – that will make it nearly impossible for anyone to use the credit card to make fraudulent purchases.

That three-digit card verification value – or a CVV – on the back of your credit card is usually your last line of defense if someone steals your credit card number, such as if your card is cloned or skimmed by a dodgy ATM or taken from a website through a phishing attack.

But rotating the security code will increase the difficulty for an attacker to use your card without your permission.

The idea of a dynamic credit card number first came about a few years ago with the Motion Code credit card concept, built by Oberthur Technologies, which included a randomly generating number built into a tiny display on the back of the card. The only downside is if someone steals your physical card.

Since then, other credit card makers – including Mastercard, the issuing payment provider for Apple Card – have worked to integrate biometric solutions instead. By enabling a fingerprint sensor on the card, powered by the card machine into which it is inserted, it was hoped that fraudulent purchases would be impossible. Other credit cards have worked to roll out biometric-powered credit cards. Again – a big letdown was online fraud, which still accounts for a vast proportion of fraud.

Apple Card seems to meld the two things: a virtual credit card with a rotating security code, protected by a biometric, like Touch ID or Face ID in newer devices. Better yet, the company’s debut physical titanium credit card won’t even have a credit card number.
​
Now, if someone wants to commit fraud, they need to steal your phone and your face or fingerprint.
Like other sensitive data – such as health, financial, and biometric data – any banking and credit card data is stored on the device’s security chip, known as the secure enclave.

Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Tokenization, which seeks to minimize the amount of data a business needs to keep on hand, has become a popular way for small and mid-sized businesses to bolster the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.

Payment card industry (PCI) standardsdo not allow credit card numbers to be stored on a retailer's point-of-sale terminal or in its databases after a transaction. To be PCI compliant, merchants must install expensive end-to-end encryption systems or outsource their payment processing to a service provider who provides a "tokenization option." The service provider handles the issuance of the token value and bears the responsibility for keeping the cardholder data locked down. 

In such a scenario, the service provider issues the merchant a driver for the POS system that converts credit card numbers into randomly-generated values or tokens. Since the token is not a primary account number, it can't be used outside the context of a specific unique transaction with that particular merchant. In a credit card transaction, for example, the token typically contains only the last four digits of the actual card number. The rest of the token consists of alphanumeric characters that represent cardholder information and data specific to the transaction underway. 
​
Tokenization makes it more difficult for hackers to gain access to cardholder data, as compared with older systems in which credit card numbers were stored directly in databases and exchanged freely over networks. Tokenization technology can, in theory, be used with sensitive data of all kinds including bank transactions, medical records, criminal records, vehicle driver information, loan applications, stock trading and voter registration.

Visa and Mastercard have chips embedded in hundreds of millions of credit and debit cards around the world. They're used in more than 200 countries and process billions of payments each year. And they both intend to create bank cards that use your fingerprint instead of a PIN. 

Early trials of cards with fingerprint scanners built-in are underway, and success could eventually result in the death of the humble PIN. "A four-digit PIN is pretty good security – obviously, six, seven or eight digits are better, but it is very hard for people to remember," says Bob Reany, an executive vice president at Mastercard, who is working on the firm's biometric cards. "[This] security is going to be better than a PIN."

In April 2017, Mastercard started testing a biometric card in South Africa. The new card looks the same as any other bank card but has a small biometric scanner in the top right-hand corner. When a finger is placed on the sensor, it can recognize if it is a match with stored data and then authorize the payment.

Mastercard now has more trials running in Bulgaria, and Reany says thousands of fingerprint-detecting cards will be tested elsewhere in the world later this year. "We've gotten the algorithms in great shape, now we're doing matching on the native device where the template is captured, and we're ready to go to market at some scale," he says. Crucially, in the coming months, banks will be issuing them to regular customers for the first time. Reany won't reveal exactly where the cards will be given to people, but he says more announcements are coming. "I think you're going to see pockets of Europe go pretty quickly," Reany says of potential adoption. 

Rival Visa is also testing biometric cards in Cyprus with the country's national bank and security company Gemalto, which has been creating the cards for both of the major payment companies, says it has produced "tens of thousands" of biometric cards for tests. 
​
Ultimately, payment companies are continuing to develop biometric bank cards, and trials are getting bigger. At their very least, biometric cards will offer a slightly more convenient way to pay, but they may also evolve with increasing use of fingerprint technology in other areas of people's lives. As Berg says: "People forget their PINs but very rarely do you go out without your fingers."

A new payments terminal, E la Carte's PrestoPrime EMV, could potentially bring Apple Pay and other mobile payment systems to more restaurants, and let people pay for food and drinks without either a card or interacting with a waiter.

The terminal sports dual processors with one dedicated to payments, E la Carte said, and can even temporarily save some data locally in case of a power failure, forwarding it later once an internet connection is back. In addition to Apple Pay, it also supports Android Pay and Samsung Pay, plus less direct mobile payment methods by way of a camera and QR code reader.

For card-based transactions, the device supports both chips and magnetic stripes, with a PIN pad and signatures. Before or during a meal it can provide entertainment like games and video.

The PrestoPrime EMV's predecessor is said to be in use at over 1,800 U.S. restaurants, including chains like Applebee's. While restaurants are unlikely to upgrade en masse, a gradual changeover during the next few years could see mobile payment systems become more prominent.

Traditionally, mobile payment systems were limited to fixed point-of-sale terminals or handheld readers like those from Square. At restaurants, waiters may sometimes have to bring a reader to a table for people to pay.
​
Platforms like Apple Pay and PayPal so far appear to be winning out over QR-based options. Recently MCX sold off assets from CurrentC, a failed QR-based challenger, to JPMorgan Chase. The latter company is working on a system called Chase Pay.

The 2016 Rio Olympics are how history and there was no shortage of tech at this year's event. Athletes used all kinds of gadgets to help them train and stay fit, from heads-up displays used by cyclists to jump trackers worn by the volleyball team. Here are a few of the gadgets that made it to Rio.
​
Smart Cycling Glasses

You may have seen U.S. cyclists wearing Solos smart glasses, a kind of Google Glass for athletes. The glasses have a tiny heads-up display that shows metrics like heart rate, pace, distance, and cadence. The data appears in real-time, so cyclists know if they are moving at their projected pace. The glasses have built-in headphones and can run for around six hours before needing a charge. The Solos glasses are expected to become available next Spring and should cost around $500.

Joint and Muscle Therapy

Athletes with the U.S. gymnastics team used LumiWave's Infrared Light Therapy device to treat minor muscle and joint pain. Each of its eight "pods" beams infrared light into body tissue, which helps increase blood flow and provide short-term pain relief. The device has been cleared by the U.S. Food and Drug Administration "for temporary relief of minor muscle pain and spasms and minor joint pain and stiffness." While gymnasts have access to it now, the device is on pre-order to the general public starting at $449.




​
Jump Tracker

Wearables provide analytics data to help athletes train. The U.S. women's volleyball team used the Vert Wearable Jump Monitor, which clips onto clothing to track how high, how far and how often each player jumps. The data is sent to an app to help coaches ensure athletes don't over-exert themselves, which can lead to injury. It can also be used for basketball and other sports. You can buy your own for $125.

 


Visa's Payment Ring

​Crime was a big concern at the Rio Olympics. Visa provided a wearable payments ring to its sponsored athletes at the games, allowing them to make cashless payments. Tap the ring on a compatible payment terminal and you're done. Visa is also linking pre-paid cards to payment bands and smartwatches like the Swatch Bellamy.

Contactless ATMs have been available in countries like Spain and Canada for some time, but they haven't made their way to the US. That will soon change, thanks to the proliferation of mobile payment services like Apple Pay and Android Pay. Banks have begun the process of bringing contactless ATM capabilities to the US. According to reports from Wired and TechCrunch, Chase, Bank of America, and Wells Fargo are all working on creating NFC-equipped ATMs, with Chase planning on rolling them out later this year. 

Chase is rolling out its contactless ATM plan in two phases over the next year. The first phase will ask users to authenticate on their mobile banking app which will give them a seven-digit code that allows them to access the ATM without their debit card. 

"This doesn’t replace the debit card. It’s just giving customers a more convenient choice in case they don’t have their debit card on them," Chase spokesman Michael Fusco said. Chase says it will rollout NFC-equipped ATMs later this year, that will let you access your ATM in the same way you access your credit cards on Apple Pay and Android Pay. 

Wells Fargo and Bank of America will also adopt NFC-equipped ATMs later this year, but neither would confirm that their services would work with Apple Pay. While neither would confirm that Apple Pay would be supported, TechCrunch is reporting that both banks are working on supporting the service. 

The adoption of contactless ATMs by major banks in US will likely help to cut down on card skimming and fraud. With no physical debit card to swipe, criminals would have to figure out how to crack the tough encryption on mobile payment Apple and Google's services, which is no easy task. 
​
If you're wondering when you'll be able to use your phone at the ATM, Bank of America is looking like it will be the first bank to rollout the new ATMs. The bank said it will begin rolling out new ATMs in late February at "select ATMs in Silicon Valley, San Francisco, Charlotte, New York and Boston followed by a broader roll out to customers mid year."  

If you’ve received a new credit card over the last 6-12 months, then you’ve noticed that a new chip has been imbedded into the card. The new cards are called EMV cards (EMV stands for Europay, MasterCard, and Visa, the three companies that originally created the standard). These new cards are termed “smart” because they store their data on integrated circuits rather than magnetic stripes. Most EMV cards also have those stripes as well for backward compatibility.

As with other payment technologies, Europe is far ahead of the United States. As of February, nearly 95% of payment terminals in Western Europe accepted EMV cards. In the U.S., however, just 14% of the 11.8 million operating terminals were EMV-compatible, putting the nation in last place for EMV adoption and at the greatest risk for fraud.

While the deadline for the impeding EMV migration looms, only one in 10 Americans reported receiving chip-enabled cards in a recent poll. The survey results show the major shift from mag-stripe to EMV in the U.S. may have an even longer way to go before the Oct. 2015 deadline.

This delay in implementation will have the greatest impact on the credit card companies themselves as the quicker the migration is made, the quicker the level of fraud security can be ramped up.