[matthewmacleod]

Oh, sure - I mean you could carry a balance, but that would be inherently insecure (clearly not something they are particularly fussed about).

Apple Pay is a little different in that the terminal is online - I was under the impression all contactless terminals perform auth in real-time, but I may be mistaken.

[tialaramex]

The EMV system (that makes contactless card payment work as well as "chip cards") has the card act as a representative for its owner (the card company, not you, you don't own the card and it tells you that when you get it) and it negotiates with the terminal for each transaction.

The card (on behalf of its owner) gets to say e.g.

"Hi, I am allowed to authorise $185 more offline before talking to my owner. I am allowed to do PIN transactions also I have a magstripe. What shall we do now?"

And a terminal could say "OK, let's do an online $28 transaction, with proof of PIN" or, "I'm good, $5.80 offline and no need for a PIN".

All this complexity opens up a bunch of potential problems (and EMV is guilty of not getting in a team of academics to figure out the cryptographic situation before shipping it, so it has had to be repeatedly patched and has a bunch of issues that needn't exist) but it allows Apple Pay to decide that e.g. you can spend up to $50 per time, and so long as you make an online transaction at least once per week and without spending more than $250 offline that's fine.

Both the issuer of the card and the terminal's owner get to decide on their appetite for risk. Probably if you sell $500 gold chains from a location with bars on the windows and an airlock entrance you want to do online proof-of-PIN transactions only, even if the card itself says it's happy to spend $500 offline contactless - and if your bank is trying to rehabilitate someone with spending problems (in a country where just exploiting them isn't legal) its card may tell the guy with a street cart that alas you need to go online and do a PIN transaction even for their $6 bagel.

[matthewmacleod]

Thanks - I had a different model of EMV in my head, this was very useful!

[mjlee]

I've used Apple Pay completely offline - on trains, buses and planes for example.

The terminals in London Underground stations might be constantly online, but I doubt very much there's a 100% guarantee for London Buses.

[Reason077]

London Underground and London Buses are both "semi-online". They don't generally try to immediately validate a transaction with your bank the moment you touch your card. Transactions are batched and applied overnight, after applying any discounts like daily/weekly fare caps, out-of-station interchanges, and the bus "hopper fare". The batching means that transactions can still be accepted if the terminal is offline for some reason.

However, there is also a blacklist of card numbers that have outstanding balances against them. If you try to use a card that is declined, it will work the first day but not on subsequent days. If you go on TfL's website and clear the outstanding balance, the card will work again after 30 minutes (or in practice, less) once it is removed from the blacklist.

[Nextgrid]

Buses are online. I’ve seen them authenticate a new card in real-time (they charge £0.10 on a card they haven’t seen recently to check if it’s cancelled).

[jstanley]

It wouldn't necessarily be insecure - the bus could reject an offline-generated ticket at the time the user tries to get on the bus if the user's account is unable to pay for it.

[matthewmacleod]

Sure, if the scanners are online that makes a great deal of sense (though you would have to perform that transaction in real-time, which would be slow)