| 12 September 2014
Charlotte Hanson interviews Ralf Gladis, CEO of Computop on Apple Pay. Questions whose answers are attempted in the interview are as below. Happy reading:
· Apple Pay – what it is?
· How innovative is it?
· How secure it is – especially in light of the photo/iCloud stories recently and what security technologies is it based on?
· How it will work for merchants? The cost to business and the payment industry?
Vigilance: Apple just announced Apple Pay for iPhone 6 and Apple Watch. According to what we heard from the keynote: How does this work?
Answer: Apple’s iPhone 6 and Apple Watch both include payment functionalities for Visa, MasterCard and American Express. In order to process a payment at a POS terminal in store, Apple Watch and iPhone 6 use the mobile radio technology standard NFC which is an acronym for Near Field Communication.
Vigilance: Is this the innovation the world was expecting from Apple?
A: To be honest, I expected a more innovative new mobile payment system, simply because Apple has a track record of doing innovation better than anyone else. On the other hand Apple has a global reach and it’s a clever move to join a global standard like NFC and take sides with global card organizations like Visa, MasterCard and American Express. Otherwise it would be an endless fight to convince and connect merchants to Apple Pay. By using NFC, Apple will be compatible with millions of POS terminals worldwide giving its users the positive customer experience they need to be able to use their iPhones and Apple Watch everywhere they go. Not every POS terminal is NFC compatible, yet, but many already are and NFC will be mandatory for new POS terminals for instance in Europe, soon.
To put it in a nutshell: By aligning itself with Visa, MasterCard, Amex and NFC, Apple ensures its users will be able to pay with multiple merchants globally, which provides excellent user experience. Provided that Apple Pay does not deviate from existing established standards, merchants won’t need a lot of integration work because it’s an established card payment.
Vigilance: Given the past nude photo scandal what level of security can we expect from Apple Pay?
A: Apple’s iCloud service is a much easier target than data on a device. A cloud service is also more rewarding for hackers than a single device belonging to one person. From what I’ve heard, Apple Pay uses the Touch-ID fingerprint scanning in order to authenticate payments on the iPhone.
Given that Apple Watch doesn’t seem to have such a sensor the amount users can spend with Apple watch will probably be limited to low value purchases. That should be comparable to tap payments with credit cards: Below a certain amount cardholders only need to tap their NFC enabled card at the POS terminal. Beyond that limit, however, cardholders have to enter a PIN. Apple Watch will likely be limited to a certain amount but using the iPhone with Touch-ID fingerprint scanning will be good for larger payments.
On a general level fingerprints are not a secure means of authentication, though. At Computop we don’t trust fingerprints. The German Chaos Computer Club demonstrated in September 2013 that fingerprints can easily be forged and they stressed that all of us leave our fingerprints everywhere. Users will have to decide themselves if they want to trust fingerprints. Do you? Video: www.heise.de/video/artikel/iPhone-5s-Touch-ID-hack-in-detail-1966044.html
With regards to the card data on the iPhone we heard that payment data will be encrypted and stored with the Passbook app. Users can either transfer their iTunes credit card details to Apple Pay or they can take a photograph of their card in order to add a credit card to Apple Pay. In order to avoid handling sensible card data it seems that Apple Pay uses tokens. Tokenisation is nothing new and brings real security to the payment process. Provided that Apple follows the security processes of Visa and MasterCard on the device, I would not expect issues other than risk from phishing attacks. However, if we all start using our phone as a wallet we all need to start to use dedicated firewalls and virus scanners, too. Fast.
Vigilance: What costs should merchants expect for Apple Pay?
A: First of all, the iPhone 6 and Apple Watch are accelerators for NFC and a door opener for Visa, MasterCard and Amex who have been challenged in the area of mobile payments by many small but innovative competitors. To date, NFC has delivered slow adoption. That might change now. Rumors and comments in the payment industry indicate that current stakeholders (issuers, acquirers and card brands like Visa, MasterCard and Amex) will share their margins with Apple. Ironic really, when you consider the continual hype about mobile payments. If mobile payment is really already such a big trend, why do banks and acquirers need to share their margins with Apple in order to speed-up mobile payment adoption?
My view is that if Apple Pay bases this on the back of NFC standards, this shouldn't be different to any other NFC payments. Merchants shouldn’t pay extra charges.
There another little detail that makes me think twice: Apple mentions a small number of US acquirers they work with. If Apple Pay sticks to industry standards like NFC, then why should the number of acquirers be restricted? Could it be that the future brings a tick box for merchants having to choose Apple Pay ‘yes’ or ‘no’ at a certain price? Only the future will tell…