Nostr Web Client

Quick question about the payment surveillance networks. When I pay by credit and debit card, the issuer of course knows where I paid - in many cases even the location. But the question is - in the payment protocols (not only visa/mc, but apple pay, Google pay), is the name or other information communicated to the merchant? Either during the payment or later during settlement?

Of course when I pay online, the name of cardholder is usually a mandatory field, but what if I pay for parking for example in person, or a restaurant, ...

steepdawn974 1y ago

Afaik (I'm not an expert here), Apple pay/Google pay et al generate a device specific Device PAN (essentiy a fake Id) of your card, and they only transfer a token to the merchant. I.e. the merchant does not see your actual card number, nor who you are. Apple/Google of course do..

Merchants can track DPANs to e.g. identify recurring purchases of you (without knowing who you are). But the same Credit Card on different devices will generate different DPANs...so you could add your one card to diff wallets to throw off the tracking a bit (not very practical though)

That's what I could find on the topic:

https://support.stripe.com/questions/how-do-card-numbers-work-with-apple-pay-and-google-pay-and-what-is-dynamic-last4

Reply to this note

Please Login to reply.

Discussion

Juraj 1y ago

Yes, the question is a bit more complicated though. When I accept cards, I see a name, usually the one they write in the card owner input box on the web.

But consider SEPA - even if you only use IBANs, the name actually gets resolved during payment. So people who think they write John Doe in order form are actually not anonymous at all, because when the transaction is settled, I see their name.

The question then becomes - is there an API call or part of the settlement process that reveals the user name to the merchant? I don't care about card number, I consider it doxxed anyway.

steepdawn974 1y ago

If ppl checkout with Google Pay on online purchase (not contactless on a POS), do you still see card holder name, card number etc? I would have assumed if Apple/Google Pay is used, always only DPAN is transmitted

Juraj 1y ago

I see it because they have to write it down and I send it to credit card processor.

The question is with which cards the name is actually checked against the card holder. I know in some cases it is and the payment is refused, in many cases, any string would work.

DefiantDandelion 1y ago

https://www.clearlypayments.com/blog/what-is-track-1-2-and-3-data-in-magnetic-stripe-credit-cards/

DefiantDandelion 1y ago

https://listings.pcisecuritystandards.org/pdfs/navigating_pci_dss_v1-1.pdf

Juraj 1y ago

What about chip and contactless?

Even if the name is not transmitted, is it somehow revealed during the communication with the merchant? Either at processing or settlement time.

DefiantDandelion 1y ago

See the section on ISO-defined data elements (ver 1987) it has evolved since but this is what the industry uses still in USA.

https://en.m.wikipedia.org/wiki/ISO_8583