In an ideal world, there isn't a meaningful difference. There's a few small technical differences in the actual data, but they don't change anything. In reality, merchant's point-of-sale systems can be hacked (Target 2013 and Home Depot 2014 are the two best-known examples), and the card data stolen as it goes through the merchant's system.

The chip in a chip card ensures that the specific details of a given transaction can't be repeated, but it doesn't do anything to protect the card number from someone looking at it in the data and typing it into a website. The three/four digit CVV code that gets printed on the back of the card is there specifically because it won't be available to someone who gets the card number (aka PAN / Primary Account Number) that way, but not all merchants validate that. (There are ways to encrypt the data at the moment its being read from the card or phone so that it's not visible to the merchant, but that's a separate topic.)

The advantage to the "token" that gets stored on your phone is that your bank knows that it is a token (the technical term is DPAN for Device PAN). Any attempt to use it that doesn't come from a phone can be rejected as clearly fraudulent, and there's no way to load an existing DPAN onto a phone, so if the number gets stolen it can't actually be used by anyone.

And in the other direction, if your phone gets stolen, it's easier to deactivate a DPAN than to replace your main card number.

In an ideal world, there isn't a meaningful difference. There's a few small technical differences in the actual data, but they don't change anything. In reality, merchant's point-of-sale systems can be hacked (Target 2013 and Home Depot 2014 are the two best-known examples), and the card data stolen as it goes through the merchant's system.

The chip in a chip card ensures that the specific details of a given transaction can't be repeated, but it doesn't do anything to protect the card number from someone looking at it in the data and typing it into a website. The three/four digit CVV code that gets printed on the back of the card is there specifically because it won't be available to someone who gets the card number (aka PAN / Primary Account Number) that way, but not all merchants validate that. (There are ways to encrypt the data at the moment it's being read from the card or phone so that it's not visible to the merchant, but that's a separate topic.)

The advantage to the "token" that gets stored on your phone is that your bank knows that it is a token (the technical term is DPAN for Device PAN). Any attempt to use it that doesn't come from a phone can be rejected as clearly fraudulent, and there's no way to load an existing DPAN onto a phone, so if the number gets stolen it can't actually be used by anyone.

And in the other direction, if your phone gets stolen, it's easier to deactivate a DPAN than to replace your main card number.

In an ideal world, there isn't a meaningful difference. There's a few small technical differences in the actual data, but they don't change anything. In reality, merchant's point-of-sale systems can be hacked (Target 2013 and Home Depot 2014 are the two best-known examples), and the card data stolen as it goes through the merchant's system.

The chip in a chip card ensures that the specific details of a given transaction can't be repeated, but it doesn't do anything to protect the card number from someone looking at it in the data and typing it into a website. The three/four digit CVV code that gets printed on the back of the card is there specifically because it won't be available to someone who gets the card number (aka PAN / Primary Account Number), but not all merchants validate that. The advantage to the "token" that gets stored on your phone is that your bank knows that it is a token (the technical term is DPAN for Device PAN). Any attempt to use it that doesn't come from a phone can be rejected as clearly fraudulent, and there's no way to load an existing number onto a phone, so if the number gets stolen it can't actually be used by anyone.

And in the other direction, if your phone gets stolen, it's easier to deactivate a DPAN than to replace your main card number.

In an ideal world, there isn't a meaningful difference. There's a few small technical differences in the actual data, but they don't change anything. In reality, merchant's point-of-sale systems can be hacked (Target 2013 and Home Depot 2014 are the two best-known examples), and the card data stolen as it goes through the merchant's system.

The chip in a chip card ensures that the specific details of a given transaction can't be repeated, but it doesn't do anything to protect the card number from someone looking at it in the data and typing it into a website. The three/four digit CVV code that gets printed on the back of the card is there specifically because it won't be available to someone who gets the card number (aka PAN / Primary Account Number) that way, but not all merchants validate that. (There are ways to encrypt the data at the moment its being read from the card or phone so that it's not visible to the merchant, but that's a separate topic.)

The advantage to the "token" that gets stored on your phone is that your bank knows that it is a token (the technical term is DPAN for Device PAN). Any attempt to use it that doesn't come from a phone can be rejected as clearly fraudulent, and there's no way to load an existing DPAN onto a phone, so if the number gets stolen it can't actually be used by anyone.

And in the other direction, if your phone gets stolen, it's easier to deactivate a DPAN than to replace your main card number.