I Won’t Use Apple Pay Any More
I wanted to piggyback on the recent article about Chase’s terrible international fraud alert changes (plus online purchases) with a PSA on Apple Pay. This is more of a working theory of mine based on some research and a few first hand accounts. Even though it is a theory, I do believe it has a basis in fact. Am I being overly cautious here? Probably, but I would rather be safe than sorry. Even if the issue is likely the tiniest percentage of all charges.
Using Digital Wallets / Apple Pay Is Kind Of Like A Digital Signature
Why am I freaking out and saying I won’t use Apple Pay any more? Mainly because its biggest strength is also its biggest weakness, security.
What do I mean by that? It is hard to break into a phone and get access to your digital / Apple Pay wallet. You need a code, or a face ID etc. If your phone is stolen your card info is still protected via needing to log into the phone AND having to log into your digital wallet. That is the type of two factor authentication that we strive for in a digital world, isn’t it? Yes, but maybe we don’t want that with our credit card charges.
Hear me out, when you use Apple Pay (or a digital wallet) it is kind of like a signature. You had to log in to use it and that is like you signed the receipt yourself essentially. What if fraud is involved? Wouldn’t that add another layer of proof of abuse that you need to fight against?
But My Information Is Secure, So Why Does It Matter?
It may sound like I am working against myself in this argument here. We have a super secure payment platform, with a two factor authentication requirement, what is not to like?
Well, not all fraud is digital. Not all fraud is by stealing your card either. Sometimes it is within the systems. Sometimes it is taking advantage of you to your face, and not behind the scenes.
Some for examples of what I am talking about is if they spoof their credit card reader to show you one thing and billing you another thing. What if the machine says the charge was declined, but the charge actually went through? Maybe you pay with another card because of the fake decline and are double billed. How about if you are drugged etc. and charged obscene amounts? It sure looks like you approved those charges with a clear mind because of Apple Pay.
If you are using a card in these scenarios then the bank may require the establishment to provide a signed receipt with your dispute. Have you ever had to sign an Apple Pay receipt? Think about that, really think about that. I can’t remember ever having to do that. Is it because Apple Pay is like you already signed it?
I’ll Still Use It At Times Around Home
Knowing your surroundings, and being able to easily deal with issues, is a home court advantage you when in your normal environment. It is something you lose when traveling. Especially when going into a foreign country. Even more so if you don’t speak the local language. All of that adds a barrier that will have me busting out my plastic (or metal) from now on. It isn’t as easy to deal with once you get home in these scenarios.
Potential Issues With Digital Wallets
I fully expect people to say I am being crazy and overly cautious down below. That is fine, I don’t expect most to agree with my logic. I figured it was worth sharing anyway for the few people that were already a bit on the fence about using Apple Pay etc. while traveling.
Let me know what you think about all of this down in the comments below, or over in the MTM Facebook Group.
Thinking a physical card is more secure than an encrypted payment system that uses randomized one-time tokens is a wild hot take. It takes only one card skimmer on a POS terminal in some random country to grab your credit card number and have fun. But hey, to each their own.
This isn’t about it being more secure – it is about the way the banks interact with you when something goes wrong from one vs the other.
Hey Mark, appreciate you raising the topic — payment security while traveling is worth thinking about. I work in cybersecurity though, and wanted to flag a few things that might change your calculus here.
Apple Pay uses tokenization, meaning your actual card number is never transmitted to the merchant. When you tap your phone, the terminal receives a one-time device account number and a dynamic security code that can’t be reused. A physical card (even chip) hands over your real PAN, which is far more exploitable — especially abroad where skimming, mag stripe cloning, and shoulder-surfing PINs are real, documented threats.
On the dispute side, the “digital signature” framing isn’t quite how banks see it. Visa and Mastercard eliminated signature requirements back in 2018, so chip card transactions don’t produce signed receipts either. Your dispute rights under zero-liability policies are essentially the same whether you pay with Apple Pay or plastic. Banks aren’t treating a tokenized tap as stronger proof of cardholder authorization than a chip insertion.
The fraud scenarios you describe — spoofed terminals, fake declines, double billing — would actually play out the same or worse with a physical card, because the merchant now has your real card number on file instead of a useless token.
If anything, ditching Apple Pay while traveling is removing your strongest layer of protection in the environment where you need it most. Just my two cents from someone who looks at this stuff professionally. Cheers and safe travels!
Great points and thanks for sharing Sergey.
From my first hand accounts, on the consumer end of things, banks have seemingly auto denied claims involving digital wallets without much of a conversation. I assume it is because of what is required to be able to pay with it. Then you have to go through the process of fighting to get it re-opened and the discussion moving.
With a credit card you will have that conversation. Did you have the card with you at all times, did you lose it etc. And you can get into the nuance of the situation a bit more up front. This is especially true if it started from a fraud alert and they just ask if it was you and open a case when you say no.
While it may be the same essentially between the two on the backend it seems like the front facing process is different for the consumer between the two – at least from the first hand experiences I have heard / experienced. If that makes sense?
But like you explained – maybe the overall positives outweigh this small negative and I should reconsider anyway.
It sounds like you should just get a burner flip phone when you travel. Or better yet, maybe you shouldn’t leave your hotel room when you travel. I mean 99% of all overseas crime can be prevented if you just stay in your room.
There are risks involved in being part of the digital economy. They’re small, relatively rare, and most of the risk is covered by your bank.
Maybe don’t call it a PSA, because really only tinfoil luddites should follow this plan.
p.s. I think US-based cards are the only cards left in the world remaining where a signature is taken at all, somehow everyone else has figured out how to manage fraud/risk without it.
I mean – you can still go outside with your physical card….
I do not agree. Even when I use a physical credit card, I usually am not asked to sign. So the signature does not matter.
Also, I have never had an issue with disputing an international charge with Chase, AMEX or capital one.
Understandable. My one question would be, have you ever disputed an international digital wallet tap to pay charge?
Whilst I can see how you got to your conclusion, what I don’t get is why you don’t feel this exact same risk does not exist when in your home country. All the things you describe can happen anywhere.
So you could say you wont use Apple Pay in London because of these reasons. Understood but because I live in London, should I not care because i’m local. Should I not use Apple Pay when I am visiting your home town because of all the above things that may happen to me there?
Indeed reading the statistics, I am many times more likely to be the victim of crime when visiting your home country than you are visiting mine. Lets not forget, the USA is a very dangerous country compared to the rest of the world even though your media paints a very different picture.
So if you think the above risks are real enough to avoid Apple Pay, and yes this is your opinion that you are absolutely entitled to hold in a “free country” then surely you simply would not use Apple Pay at all, anywhere and under any circumstances?
That is fair and I probably won’t use tap to pay domestically any more. I’ll likely only use it for in app payments / purchases etc.
My point there was that I understand the legal system better, or how to work within it at least, and it is easier to get things accomplished if it were to happen within the US vs overseas. Hope that makes more sense.