Most Australian banks allow their credit cards to be added to Apple Wallet (I think that is where they end up) and so they are independent of Apple Pay. I just trigger the card on my watch and tap it like a (physical) credit card. Interesting that they don’t have a $ limit before a PIN is required.
With Paypal I find I sometimes need to receive an SMS code to complete the transaction but I prefer that extra security. Many online retailers in Australia don’t accept Apple Pay.
I think you have your terminology confused. Putting a bank’s credit/debit card in your Wallet app is using Apple Pay.
Perhaps you’re confusing it with the “Apple Card”, which is an Apple-branded credit card or “Apple Cash”, which is a Paypal-like system for cash transfers. Both of which integrate with the Wallet app.
If you can add a card to Apple Wallet, that’s Apple Pay 
Apple is apparently opening up the system in the next OS to other banks so you’ll be able to use cards via their own apps, other than Wallet.
Not enough websites support pay here, either. But when they do, I use it as it’s way faster and more convenient. Some sites now support Amazon Pay, which isn’t too bad if you already have an Amazon account set up.
I wish it were only swiping that was left. 
Not long ago, I was in a cab with a driver who at the end of the ride claimed his credit card reader was busted (suuure, where have I heard that before?). I told him I had only a credit/debit cards on me and that I had asked about that at the beginning of the ride so I was expecting him to now make it work. He didn’t have an old-fashioned imprinter (“knuckle buster”) so he ended up taking a #2 pencil sideways and traced my card details onto a credit card slip like I hadn’t seen since the 80s (this would not have worked with Apple Card obviously). I signed that barely legible slip, took my copy, and astonishingly it ultimately went through. This happened, of all places, right in Palo Alto, only few miles from Apple, Google, and all those others that gave us the modern digital world. I still cannot believe that in 2024 that CC charge actually went through.
Why not? It’s a bit crude, but it’s logically no different from typing those same numbers into a web page. And is arguably more secure because he has your signature on a piece of paper, which he can produce, should the charge be contested.
I’m sure he’s paying higher merchant fees and has less liability protection than would be the case with an electronic system, but there’s no reason why it shouldn’t be accepted.
I’m a little surprised you have a card with raised numbers. All of my current cards have the numbers just printed on the cards. So he’d have to actually write them in on the slip.
But again, that should work. I’ve had many contractors doing work at my home take payment that way. He writes down the numbers, gets a signature and then (presumably) types them in to his system when he gets back to the office.
While all the reasons listed here are indeed incentives for cab drivers to not accept credit cards, I’d say tax avoidance and minimizing fees and surcharges payable to the cab company/medallion owner are much more important for cabbies.
That’s because the Watch is an authenticated device like an iPhone with FaceID/TouchID. The PIN is just another form of identification which is unnecessary with Apple Wallet since your device handles the authentication. When tapping a physical card, there’s a limit after which it requires a chip+PIN transaction because there’s no authentication involved with tapping a card.
Someone can steal your card and purchase things using contactless/tap transactions (until the limit is reached). If someone steals your Watch, they can’t use it to pay for anything.
That’s an interesting difference to what I’m used to seeing here in the States. When I can tap my card, it usually just goes through. If the amount is large enough (or whatever else needs to happen for the stars to align) I will be asked to supply my PIN, but I am never asked to insert into the chip reader after tapping. It’s just punch in the PIN and done. I never understood what that limit actually is (if there even is a global hard limit) or if it depends on the specific retailer and/or other circumstances.
There are other subtleties here that I would also never claim to understand. If I shop at Target and I want cashback (is that an American thing? do not remember ever encountering that in Europe or Asia), I have to use chip+PIN. If instead I just tap the card (or the iPhone) I won’t even be presented the screen to select cashback. But this does not appear to be universal either. A neighborhood grocery store will always present me the option for cashback, regardless of tap vs. chip. However, if I use my iPhone and from Wallet that very same card, I will not get a cashback option. Go figure. It’s not a big deal if you always shop at the same stores and get to know what flies where. But go somewhere else and you might be in for a surprise. 
And a potential glimpse of the future (from Bloomberg)…
Mastercard Inc. is expanding its efforts to eliminate the use of credit card numbers when customers make purchases online in a bid to fight fraud.
By Aisha S Gani
August 30, 2024 at 5:26 AM PDT
A decade after it first unveiled a technology that replaces consumers’ card numbers with so-called tokens, the company is now processing 1 billion such transactions every week, Chief Executive Officer Michael Miebach said in an interview. That’s after it took the payments behemoth three years to process the first billion of such transactions.
Now, Mastercard is planning to expand the use of the technology to replace security measures like passwords with biometric data such as fingerprints or face scans, Miebach said. It’s the latest step that the financial industry is taking to combat the rising issue of online payment fraud, which is expected to exceed $91 billion by 2028.
A decade ago, the common thinking was “if you want to keep it safe, protect data and protect transactions through passwords,” Miebach said at Mastercard’s London offices. “That worked for a while. And then it started to become the vulnerability instead of effective safety and security.”
Mastercard and rival Visa Inc. first introduced token technology about a decade ago after fraudsters had targeted the payment systems of retailers including Target Corp. and Best Buy Co., absconding with tens of millions of consumers’ credit card information. At first, the technology was focused on replacing card numbers with a token that only the networks can unlock, meaning it’s useless if a hacker does get their hands on it.
Fueled by payment services such as Apple Pay, that helped reduce fraud for in-store purchases. Now, though, criminals are targeting e-commerce sites that require consumers to manually put in their card information to make a purchase.
Increasingly, hackers are also targeting websites in places including India that rely on one-time passwords to help with security. These passwords — which retailers and banks send to consumers in order to authenticate their identity — have grown increasingly vulnerable to fraudsters, Miebach said.
Mastercard will partner with banks and payment providers around the world to replace these one-time passwords with a token based on consumers’ biometric information. It introduced the service in India this week after inking partnerships with PayU and banks including Axis Bank Ltd.
“The source of the problem was that if the data was exposed and somebody penetrated and got into that data, they could use it,” Miebach said. “The digital economy — what is the one thing that’s holding it back? It’s the risk of data breaches of fraud and so forth. And tokenization is a big lever to curb those.”
Mastercard has said it expects all e-commerce transactions to be tokenized in Europe by the end of the decade.
You have a PIN on a credit card? I’ve only seen them used on debit cards.
If the amount I’m charging to a credit card is large enough (whether contactless, chip or swiped), based on the local merchant’s policy, I may be asked to provide a signature. Maybe it would ask for a PIN if my card had one.
I normally don’t use a debit card for shopping (I only use mine to get cash from an ATM, and it always asks for a PIN), so I don’t know how debit-purchases typically work today. Years ago, they always asked for a PIN, but that was a long time ago.
I don’t recall ever seeing that even in the US. Maybe the option appears when a debit card is used?
A long time ago, when stored allowed payment by personal cheque, I remember that some stores would allow you to write a cheque for a number greater than the purchase, to get cash back. The limit was solely a matter of store policy.
Does this mean physical cards will be eliminated? If they want to move to only allowing mobile payments, that’s going to take a long time to catch on (at least in the US), since NFC readers are still not universal.
Or are they talking about just eliminating card numbers (and therefore card-not-present transactions)? If you can still tap a card or insert it into a chip reader, and let the transaction proceed via the token system, that might work for in-person transactions, but…
I think this article is interesting as a statement of intent, but it’s going to be a long time and require cooperation from many third parties before this intent can be fully implemented.
This varies by country. I think in parts of Europe contactless+PIN is also supported. I can’t remember all the details now, but it has to do with the version of the standards and hardware infrastructure in use by the country.
I believe the issue is that in the UK (and elsewhere) the PIN is stored on and verified by the card. So you can’t verify the PIN on a contactless transaction as the card isn’t there by the time the PIN request is made. In other countries (sounds like the US is one of them), the PIN is stored and verified by the bank, so you can do this even after the card has disappeared (eg after the ‘tap’).
The problem with the bank verifying the PIN is it requires online mode for the transaction, where the terminal has a network connection to contact the bank. This is less of an issue these days as almost all transactions are online now (as they’re less vulnerable to fraud for other reasons). But when contactless rolled out years ago network connectivity was not nearly as widespread, especially on things like trains and buses.
This must be a US thing – all cards here use PINs and have done for many, many years. Signatures don’t provide any security and were phased out years ago.
If I had to guess today, I’d say MC wants to replicate the experience of using ApplePay on macOS Safari, where manually entering a card number isn’t necessary. Or perhaps generating a one-time code on a mobile app that authenticates via FaceID/TouchID then entering the code into a form on a retailer’s website (some financial institutions and businesses already support “passwordless” logins using this method).
One reason to carry multiple credit cards is that some card readers are flaky. About a year ago, I was in a very busy supermarket in which the reader failed reading the chip, swipe and noncontact on two cards, and two of the three on a third card before it finally read one method (which I now forget). By the time we got to the final success, we had attracted a couple of managers and I was joking about the problem to try to keep people from getting angry. I have no idea what went wrong, but I still see card-reading failures fairly often, but typically in only one method. Sometimes a rescan will work, other times not. I keep my cards in little envelopes the banks send, a habit I developed after the old stripes wore off a couple of cards. I don’t use pay by phone because I don’t walk around stores with the reading glasses I would need to use a smartphone.
I’m afraid it is a US thing. No European country I have ever worked in did I not get issued a PIN with my credit card. If we can do it with debit cards, you’d think we could do it with CCs, but apparently not here. This obsession we Americans have with complete BS “credentials” like signatures (although there at least a legal argument could be made, unlike when they ask for ZIP codes, former addresses, or mother’s maiden names, YES, I kid you not) is preposterous in this day and age (Zip code, meet FaceID). And considering the rampant rate of financial/banking fraud in the US, it really boggles the mind why we continue to choose to live 2-3 decades behind the rest of the civilized world.
I know that sometimes Americans get in trouble in Europe with their US CCs when CC readers require a PIN they do not have (or know about). I know that some US banks will issue a default 0000 PIN on their CCs just to get around that issue. But surprisingly few Americans appear to know about any of this. Me, I would always try that before I give up, but ultimately, we need to get over 1980s style banking and start dancing to the music the rest of the world is playing. If my bank gave me the choice to reject any and all authentication apart from things like chip+PIN or FaceID via Apple Pay, I would not hesitate a bit. They could take their silly paper checks back too while they’re at it and instead give me something as cheap and simple as the Swiss Postcheck system or the Swedish Postgirot/Bankgirot. Any American who has spent time in a country with a modern banking system will know what I’m talking about. But then again, when I went to school banks here in the States still couldn’t do business across state lines (!) without having subsidiaries in every state involved so I guess you could say we have nevertheless come quite a ways.
As is often the case, Bruce Schneier has an insightful point of view on this (and even though the post is from 2005, it is, unfortunately, still relevant today)…
https://www.schneier.com/crypto-gram/archives/2005/0415.html#2
In the long run, swiping definitely costs the merchant a lot. Beginning shortly after NFC (chip cards) were introduced in the USA, the credit card issuers made a rule that if the merchant refused to upgrade from swiping the mag stripe, to reading the chip (which is more secure against cloning), the merchant would accept the entire risk of chargebacks. Before that time—when mag stripes were the only way to read a credit card—the credit card companies assumed some of the risk.
Now, there is no protection for merchants who insist on swiping. The customer is free to deny the charge, and the merchant eats that purchase loss. Of course, if you make a habit of denying charges from your local pizza joint (mine still has only the mag stripe reader), every time you get a pizza you’ll hurt from losing your credit card for 10-14 days while you wait for a new one. And your CC company will become suspicious!
I just bought some items at Family Dollar a couple weeks ago, and their Apple Pay (with Apple Card—since this discussion is revealing how confusing is that dichotomy!) worked fine. Then again, the store had two signs out front—Family Dollar and Dollar Tree—so I’m not sure if that was a factor. I know Dollar Tree (where everything is 1.25 or more) does accept Apple Pay+Apple Card.
Not the entire risk, but the burden of proof is on the merchant to prove that the charge is legitimate (e.g. by providing the signed paper receipts). And if they can’t provide such proof, they will have to eat the loss.
The big banks that have their own digital wallet system are pushing it hard. Last month Bank of America activated its Paze digital wallet on my credit cards without asking me. They describe Paze as: “Offered by Bank of America, Paze is a new, convenient way to pay when shopping online. With Paze, you won’t have to enter new usernames, new passwords or 16-digit card numbers when making purchases on participating merchant sites.”
The competition will be interesting.
If I remember correctly, Paze is run by the same company as Zelle. That would mean BoA is either one of several major bank investors in Zelle/Paze or a member of a consortium that is trying to diminish the market shares of Silicon Valley fintechs, such as PayPal and Venmo.