Originally Posted by
tmiw
There are still a whole lot of places that don't support EMV at all: most McDonald's locations, Peet's, Panera, the list goes on and on. MSD support would have been nice to have for those places and would not have been much more of a security risk. If they really wanted to, they could have assigned a separate PAN to the contactless interface and set things up to auto-decline non-contactless transactions using it.
The puzzling thing is the QR code stuff that Chase Pay uses. As I mentioned in the other thread, the data in the generated code looks an awful lot like what EMV contactless transmits, including a tokenized DAN. Are the requirements for EMV contactless that much of a pain to implement such that
having the POS read a QR code is the path of least resistance?
Amex used to do a separate PAN. It caused a lot of problems. Returns on a terminal without contactless, etc. Also it does no good. The CVV is different.
Finally, auto-declining non-contactless transactions using contactless data will break contactless anywhere using Verifone terminals and MSD contactless (McDonalds, Five Guys, etc).