The announcement that the new iPhones and Apple Watch feature the NFC powered Apple Pay under the hood has been in the making for some time. With some heavy-hitting partnerships revealed, this of course gets Apple in to the mobile payments space in a big way, both in store and online.
Apple Pay sits neatly alongside the Passbook which groups loyalty cards with coupons and other retail items in a digital wallet.
Perhaps the most interesting aspect is how Apple is working hard to differentiate itself from other payment services around consumer privacy. Unlike Google Wallet for example, Apple Pay won’t capture data about your purchase, the amount spent, the time, or place that you bought it – effectively dealing with privacy concerns around how data is stored and used. Add in some impressive hardware safeguards and , according to Apple, the system is actually more secure than paying by card.
We asked the mobile community for their thoughts on Apple Pay and its potential impact on the market. Here’s what they said.
Johan Lindstrom
Head of Digital Commerce – Europe
MasterCard
Johan Lindstrom, Head of Digital Commerce – Europe, MasterCard
“In 2013 alone the number of MasterCard and Maestro contactless transactions across Europe tripled and the volume spent on those transactions increased four times. Contactless users tell us on social media that they love tapping and want to tap more. Apple has a long tradition of introducing breakthrough products with features that really matter to people. Apple Pay, combined with MasterCard’s payments technology, gives consumers an easy, secure and private way to shop. We have been a pioneer of mobile commerce innovation for years – including the world’s first contactless and mobile payment solutions. We’re thrilled that MasterCard cardholders will soon be able to make payments from their iPhone 6, iPhone 6 Plus and Apple Watch and we believe that the addition of NFC capabilities to these new phones will help accelerate growth of mobile NFC payments.
Every purchase is secure and offers all the same guarantees and benefits they’ve come to expect from using their MasterCard. We are focused on ensuring that, through everything we do, we keep safe and secure payments as the fundamental promise all of our cardholders and customers can expect from MasterCard. Specifically, all card credentials used through Apple Pay will be tokenized using the MasterCard Digital Enablement Service prior to being stored on the device, significantly increasing security as the real card number is not stored on the device. The transactions themselves are secured by use of EMV technology, similar to that used for chip transactions today.”
Anil Malhotra
SVP Marketing & Alliances
Bango
Anil Malhotra, SVP Marketing & Alliances, Bango
“According to the more excitable tech press, Apple Pay has “redefined payments”. I cannot recall even hearing the assembled Apple execs claiming they are redefining payments when they announced Apple Pay this week, so we can temper the excitement a little.
Apple Pay is really about enabling payments, not redefining. Consumers are not looking to have their understanding of making payments torn up, but are looking for convenience and efficiency when paying for stuff. There isn’t much technologically new in Apple Pay, but I expect the execution and customer experience have been done well (and it has not been done well anywhere else outside of Japan and Korea).
One thing we missed from yesterday’s announcements – we’d love to have seen a revamp of the iTunes payment capabilities. It has always been a crown jewel in the Apple experience, but is starting to show its age a little – limited price point support, basic pricing options, no carrier billing. We’d love to see a makeover sometime soon!”
Srinivas Nidugondi
SVP
Mahindra Comviva
Srinivas Nidugondi, SVP – Mobile Financial Solutions, Mahindra Comviva
“Apple’s foray into Mobile Payments gives a big boost to the trend of non-banking entrants into the payment space. On the face of it, it might seem that there is nothing new that Apple has brought in terms of technologies & methods adopted to enable tap & pay as well as in-app payments.
A deeper view would help appreciate the overall model that has made it very easy for important stakeholders to collaborate without any conflict of interest unlike any other model in the past; the most important factor towards solving the chicken & egg problem in mobile payments. The network led tokenization model combined with unique security & storage credentials that only Apple could have provided is a scalable model that can be replicated in multiple markets in considerably shorter time.
It also seems to have the potential to solve the problem of fragmentation in the nascent wallet market. There are concerns around acceptance side from a tap & pay perspective. Traditionally, issuance & acceptance feed on each other’s reach. With a clear business model in place & much needed fillip provided to the issuance side, it is only a matter of time before card networks & acquiring side speed up the acceptance infrastructure for tap & pay. Apple Pay would also have a positive impact on contextual mobile commerce around couponing, Tickets & identity & access management. Further this would have a rub-off effect on other platforms including Android.
The mobile payments market now has the potential to be mainstream and the primary channel for payments.”
Andrew Bud
Global chair
MEF
Andrew Bud, Global Chair, MEF
“The announcement at Apple’s big event that they are launching Apple Pay is an interesting development. It’s mainly focused on the US, where Chip and PIN card acceptance is not implemented, and so NFC tap-to-pay, secured by Apple’s fingerprint reader Touch, fills a real need.
It’s already a crowded market, but Apple’s approach is interesting and the exact opposite of rivals Google. Apple has put a security chip into the phone where Google has stopped doing so. Apple doesn’t track the transactions of the user, which instead is Google’s core business driver. Apple doesn’t even store the user’s credit card details, unlike Google wallet, and it’s not trying to disrupt other parts of the payment business ecosystem.
Unlike all the other contenders’ motivations, this is about selling handsets by making them more useful, and it will help to drive payments as a facilitator for mobile commerce. Whether this will gain any traction outside the United States, in countries where NFC has not found a use beyond paying for sandwiches, is open to doubt.”
Steve Perry
Chief Digital Officer
Visa Europe
Steve Perry, Chief Digital Officer, Visa Europe
“Apple’s entry to the market represents a critical piece of the mobile payments jigsaw. This is a pivotal moment for digital payments and one that demonstrates the momentum behind mobile and contactless services.
Visa Europe has led the rollout of NFC payments ever since we launched the first contactless cards and terminals in 2007. Today there are more than 1.5 million Visa contactless terminals in stores across Europe – all ready to take mobile payments. Apple’s decision to enter the market reflects the scale of opportunity that exists in digital payments today. Its support will drive awareness and usage of contactless services around the world – we anticipate a “halo effect” that will benefit all players in the mobile payments ecosystem.”
Anthony Duffy
Director, Retail Banking
Fujitsu UK & Ireland
Anthony Duffy, Director, Retail Banking, Fujitsu UK & Ireland
“With the launch of the iPhone 6 and its payment capability, Apple has once again sent out a challenge to the industry – and this time it has the payments market in its sights. This sector, already undergoing massive evolution as Internet and mobile payments take hold and new providers target perceived opportunities, will be revolutionised if Apple’s mobile wallet grabs the public attention.
At a time when many in the market are moving towards biometric for payments, Apple’s decision to go for NFC – a technology that up until now has struggled to clearly stamp its mark on the payments industry – is a bold one. While Apple’s implementation will undoubtedly help NFC recapture interest, the industry needs to keep working towards the adoption of more advanced payment technologies – such as biometrics – which will enable retailers and payment companies to provide a more secure service for their customers.”
Richard Koch
Head of Card Payments
The UK Cards Association
Richard Koch, Head of Card Payments, The UK Cards Association
“We are delighted that the new iPhone will extend the benefits and possibilities of NFC to a whole new group of consumers. The exciting developments that allow acceptance of contactless payments on the London transport system demonstrate the role that NFC can play in making payments faster and simpler.
The card payments industry has a great track record of deploying innovation on a mass scale, and has been working with partners from a number of industries to achieve this. We see a growing trend in retail to use a combination of face- to face payments alongside digital payments. Collaboration between various industry sectors will be crucial to ensure mass adoption.”
Thomas Bostrøm Jørgensen
CEO
Encap Security
Thomas Bostrøm Jørgensen, CEO, Encap Security
The addition of NFC could be yet another example of Apple’s favourite trick – taking a technology that’s been around for a while but making it work in a way that consumers are happy to engage with. We’ve been assured that Apple Pay is secure, as users will have to identify themselves with a fingerprint through Touch-ID for each purchase. But is Touch-ID as impregnable as Apple is making out?
Sure it’s trickier to subvert a fingerprint than a password, but it’s not impossible – Touch-ID was ‘hacked’ less than a month after introduction. And while you can issue a new PIN or password you can’t issue a new fingerprint – not without it being very messy. A single factor will always be vulnerable to attack.
Apple has already suffered reputational damage from the iCloud breach that revealed a lot more than some celebrities wanted. It can’t afford to make the same mistake with mobile money – or Apple Pay will be the final nail in the coffin of NFC payments, rather than its saviour.
John Gessau
Mobile payments solutions lead
ACI Worldwide
John Gessau, mobile payments solutions lead, ACI Worldwide
“At long last we have near field communication (NFC) built into the hardware – an addition long speculated, and often disappointed. For years there have been two camps regarding NFC, one predicting its demise and the other its rise as a key technology in mobile payments. Thanks to the recent wave of industry support for host card emulation (HCE), and now with Apple adding NFC, this settles the debate rather convincingly. That’s not to say that NFC will dominate everything, but it certainly goes a long way in addressing the chicken and egg problem and means that industry players will have a lot more reason to support NFC payments.
Apple’s trump card was that they’ve decided to let the banks and the merchants own the big data. This is truly significant, since in one statement they took a massive stab at some of their biggest competition, and at the same time opened the door to everyone else. They didn’t even talk about loyalty, rewards, coupons and the like. They didn’t need to. It will now come to them from willing participants who need not feel threatened.”
Souheil Badran
SVP and GM
Digital River World Payments
Souheil Badran, SVP and GM, Digital River World Payments
“For Apple, this looks like a timely move. The company has been laying the foundations for this kind of initiative for some time: it introduced its Touch ID fingerprint sensor with its last iPhone launch and its iBeacon system of Bluetooth transmitters has now been available for about a year. These elements, combined with the 800 million plus credit cards that are already registered with Apple through iTunes, mean that it is well positioned to carve itself a slice of the global mobile payments market, which was estimated to be worth $235 billion in 2013.
For merchants, the outlook is less certain and there remain more questions than answers right now. The payments market has been inundated with new wallets and technologies in recent years and, with no clear winner among consumers, many merchants have found it difficult to decide what payment offerings to invest in, and when. If Apple can succeed in this space, and offer a ubiquitous solution, it could help simplify the landscape for many merchants. Ultimately, long-term prospects will depend on how it will work with existing payment technologies and, of course, user adoption.”
Geoff Webb
Senior Director of solution strategy
NetIQ
Geoff Webb, Senior Director of solution strategy, NetIQ
“ApplePay clearly makes a lot of sense for Apple as it further centralises the iPhone in our day to day activity. For users it provides a nice bump in convenience but I’m not sure it necessarily improves security yet.
Security tends to be a little like an air-filled balloon – and when you squeeze one end the air, or in this case, the risk, moves elsewhere. There are a lot of moving parts in the online payment industry, and while this kind of technology would potentially make it difficult to replicate the kind of attacks we saw at Target (and now Home Depot) it doesn’t mean that attackers are going to be unable to find some other point of weakness.”
Gavin Arrowsmith
Technical Consultant
Apadmi
Gavin Arrowsmith, Technical Consultant, Apadmi
“Until now NFC payment systems have required a secure element on the users SIM card. This has meant that operators had to be involved in any payment system by providing special SIM cards. Apple have eliminated the need for any involvement by third-parties (even banks) by allowing the payments to be processed through your iTunes account (or any bank or credit card registered with your iTunes account).
This will mean anybody with an iPhone 6 or Apple Watch and an iTunes account will now be able to make NFC payments. As NFC payment terminals become more and more common this transaction method will likely become the norm and more businesses will adopt this method. It will revolutionise the way customers pay, making it quicker, easier and secure. It seems Apple have made the move at exactly the right time and will likely push this technology into the mainstream. Expect to see competing offerings from Google and Paypal, who have similar digital payment backends to iTunes, very soon.”
Mark Bower
VP product management
Voltage Security
Mark Bower, VP product management, Voltage Security
“With this announcement, Apple validates the data-centric security model and shines a spotlight on the need for the payment world to move on from vulnerable static credit card numbers and magnetic stripes to protected versions of data – tokenized payments. Through the use of this data-centric security strategy, Apple Pay reduces risk of data breaches and credit card theft where it is supported.
However, the world today is still in an early adoption phase with regard to new payment methods and mobile wallets, and retailers still have to contend with EMV and mag-stripe data and advanced threats. The good news is that even with innovation like Apple Pay, mixed payment environments can be secured end-to-end from the point of card read to the secure payment host, enabling merchants to accept new and old payments protected under a powerful unified data protection framework to thwart advanced threats, all the while ensuring a seamless customer experience.”
Graham Hann
Partner
Taylor Wessing
Graham Hann, Partner in technology and property law, Taylor Wessing
“The long awaited arrival of Apple into the mobile payments sector is likely to galvanise consumer acceptance of the use of mobile devices to pay for goods and services, and will benefit the whole sector as a result. Some early stage companies offering payment solutions might suffer as attention switches to the big players but overall we think the startup sector will benefit as the eco-system develops further around the mobile payment space.
Security of payment data will however remain a key concern and stats suggesting that iPhones are the most stolen handset might hinder take-up slightly. These concerns, and the fact that banks and regulators are likely to require payment platforms to require stronger access protection, is also likely to drive opportunities in the security and encryption sector – we see this sector as being a key beneficiary of the increase in mobile payments. Change is perhaps likely to be most rapid in less developed markets where more people own handsets than have bank accounts, however it is not clear whether the Apple model, as launched, taps into this just yet given its reliance on banks.”
Alexandru Catalin Cosoi
Chief Security Strategist
Bitdefender
Alexandru Catalin Cosoi, Chief Security Strategist, Bitdefender
“Contactless payments are already firmly in the mainstream, with all card operators now pushing contactless chip-and-pin cards. Mobile payment is also in use, but only for mobile-related services and goods and only via a credit card account. We believe the devil is in the details; while the new Apple Pay feature has support from the payment industry, it remains to be seen how and if it will be widely adopted by users.
In regards to the security of Apple Pay, we believe that any errors in implementation, especially for the contactless feature, will surface pretty quickly. Furthermore, we expect “evil maid” and “replay” attacks against the fingerprint sensor to assume practical, rather than theoretical, importance.
Whether or not Apple Pay is more secure than traditional methods of payment remains to be seen. Intuitively speaking, the more complex the solution, the larger the so-called “attack surface.” There will be a biometric sensor, a secure data store and a secure means of communication, and they will all have to work together flawlessly. A flop in such a high-profile launch could set back the industry years. Moreover, if, as Apple seems to suggest, customers will store all their credit card information tied to all their various accounts within the Apple device, that device has just become a very tempting target for any criminal. ”
Dr Bangdao Chen
CTO
Oxcept
Dr Bangdao Chen – Oxford University, CTO and co-developer of the OxCEPT security protocols
“Apple has made a significant improvement to NFC payment security. Each time you tap your phone you have to put your finger on Touch ID. This verifies the payer not only by the fact that you “own” your phone but also by the fact that you are the “correct” owner of your phone. The use of biometrics, in this instance your fingerprint, can serve to eliminate certain attacks that that NFC payments are vulnerable to : e.g. to sniff your NFC card information and then clone your card or to steal your NFC card.
And the claim of “Apple doesn’t save your transaction information” means the customers’ privacy is guaranteed.
However, this does not mean it can eliminate all attacks against NFC payments. One prominent attack is to hijack the payment session: you think you are paying for your sandwich but you are actually paying for a diamond ring purchased by the attacker. This attack can be made by hijacking a live payment session or by using a compromised NFC reader or till machine. And it has been demonstrated that it is possible to steal and replicate fingerprints and use them on Touch ID. So it is not “bulletproof” especially when making large amount payments (when we are likely to see these sophisticated attacks).
We have already seen many events of big companies getting hacked. So it is still not 100% comfortable put all eggs in one basket. What if there is one such attack in the future against Apple’s passbook application or its payment server, we may lose all secrets stored on the phone. This is what we call a single point of failure.”
Craig Palli
CSO
Fiksu
Craig Palli, CSO, Fiksu
“Mobile payments have been slowly gaining steam lately, with payment-focused startups like Square and Level Up rubbing shoulders with giants like Google Wallet, PayPal, Amazon Payments, and now Apple Pay. But the variety of mobile payment methods – NFC, card swipers, QR codes and scanners, phone number entry – present a bewildering set of choices for both consumers and merchants. Until both groups on a mobile standard, pulling a plastic card out of a wallet is likely to remain a common occurrence, even for users who adopt one system or another.
However, Apple’s entry into mobile payments using NFC is likely to give that market a significant boost. The security and privacy safeguards are (at least as presented so far) impressive, and Apple’s devoted fans are likely to adopt it in significant numbers. And as high-profile hacks into traditional credit card systems have shown, breaches can happen to any payment method, old-school or new.
Ironically, the success of Apple Pay could provide a boost to Google Wallet and other NFC-based services as well: one of the key hurdles to mass adoption is merchant buy-in. If retailers invest in NFC readers to accept Apple Pay, it’s a small transition to expand that to accept Google Wallet and other.
We expect the demand for mobile payments to increase, and to increase more quickly thanks to Apple Pay and the iPhone 6 – but the promised land is still a way off.”
If you would like to contribute a comment to this article contact us at editorial@mefmobile.org or leave your thoughts in the replies below.
The future of mobile payments, and mobile privacy & security are topics up for discussion at the upcoming MEF Global Forum, to be held in San Francisco this November – register now.
No Comments