Apple has included what most consumers think is a neat feature, or at best an innocuous addition to their iPhone 6 and Apple Watch: Apple Pay. In fact, Neil Irwin at the New York Times crows that “Apple Pay Tries to Solve a Problem That Isn’t Really a Problem”. That couldn’t be further from the truth.
Apple Pay is a game changer for the whole world of electronic payments, and not just an extra feature. Apple Pay will change the future of mobile (and possibly all) payments.
Other companies have tried to cash in on the idea of “one card to rule them all”—by consolidating all your cards into one device you can carry with you. Notably, Y-Combinator funded startup “Coin” announced a such a device in 2013 with great pageantry. They’ve failed to deliver (originally scheduled for “summer 2014” and now “spring 2015”). I’ve previously written about how Coin’s device is a bankrupt idea. With Apple’s entry, any hope of their success is very likely dashed.
Before you ask me how paying with your smartphone (something the Japanese have done for a decade) will change electronic payments, and bring up all the arguments why it’s just as inconvenient to reach for your smartphone as it is to fish out a credit card, let me remind you of Apple’s business strategy. Apple doesn’t base their strategy on features. They never have. Steve Jobs looked at the world by seeing transformations in the way humans interact with technology, and with each other. When the iPod arrived to market, there were plenty of other music devices out there with more storage, better sound, and abundant features. What Apple had was iTunes and the iTunes store. Jobs focused on how we organize, purchase, and curate music versus how we listen to it.
With Apple Pay, Apple has latched on to a dream the card network operators (such as Mastercard and VISA) have had for a long time: network-side tokenization. Without getting too technical, there are two kinds of ways a digital wallet—an electronic vault where real credit card numbers are stored—can work: either the card numbers (called “PANs”) are stored by the electronic gateway, or they are stored by the network itself. We’ve been using gateway-side tokens in the US basically forever.
Apple maintains one of the largest card vaults in the world: over half a billion cards for its iTunes store. These cards are “tokenized” for applications wishing to pay via the iTunes store. Other payment gateways such as PayPal and Stripe also maintain large card vaults. If a card vault or point of sale system is hacked, chaos ensues.
Large data breaches in the last year, such as Target and, recently, Home Depot, have brought card security into the news spotlight and consumer awareness. The banks who issue cards, the large merchant processors such as First Data and TSYS, and the card networks are scrambling for some good news: a new way to pay securely, that doesn’t cost them an arm and a leg.
The obvious solution has been a technology called “EMV”, which uses a chip embedded in the card itself to encrypt card transactions, making point of sale systems almost immune to the kind of hacks which caused the Target breach. But EMV isn’t widely in use in the USA, and card issuers will have to pay hundreds of millions of dollars to issue new “chip & pin” enabled cards to cardholders. This will happen over the next year to 18 months (and likely raise compliance costs for merchants).
US banks and merchants have experimented with “PayPass” technology, and many credit card terminals already accept “PayPass” transactions, where you simply hold your card up to the terminal and the transaction is complete—no swiping. PayPass enables mobile payments since a smartphone can use the same technology (called “NFC”) to transmit card numbers.
The problem is storing the card information in mobile devices. The card numbers must be heavily protected, and any gateway card vaults are susceptible to hacking. Chip & pin (“EMV”) cards use the card’s chip and encryption provided by the issuing bank. This means the banks would have to cooperate in any mobile payment wallet technology which incorporates EMV. Only a very large player in the payment industry can make this cooperation happen: Apple.
Apple has solved two problems at once: using network-side tokenization means that the cards stored in Apple’s iPhone 6 and Apple Watch devices are not your real card numbers, but special card numbers provided by a token service provider on the card network. The token service provider looks like a bank to the merchant, and it handles the transaction and swaps out the real card number before the sale reaches the actual issuing bank. This means there’s no gateway-side card vault to be hacked. The card numbers are stored directly in the mobile device.
The second problem is solved using NFC (“PayPass”) and EMV on a mobile device. Apple implements a technology you’ve likely seen advertised but not used often in the USA: Verified by VISA and Mastercard Securecard—these collectively are called “3-D Secure” technology. Apple simulates an EMV transaction, as if it were using a card with a chip, and encrypts the card token using 3-D Secure when it transmits the data to the terminal. This makes the transaction look like an EMV to the terminal, and it’s practically immune from hacks that caused the Target breach.
Apple Pay is the only service to combine network-side tokenization, which eliminates gateway card vaults, 3-D Secure, EMV, and NFC technologies on a mobile device. This means it is the most secure electronic payment method ever. As in ever. If you want more technical descriptions, this is a great description of how it works.
If you want to play in the electronic payment business from now on, you’re going to have to do it Apple’s way. All other card payment technologies, including plain old swipe cards, will eventually go by the wayside. Either you will carry a wallet full new EMV-enabled “chip & pin” cards, or you will carry a digital wallet based on Apple Pay’s technology.
Apple Pay is a transformational moment in electronic payments. Kudos to Tim Cook. Everybody said that the spirit of Steve Jobs died with his physical body—I don’t know if that’s true, but with Apple Pay, Apple has changed the world again.
P.S. Yes, I ordered an iPhone 6 Plus. Mostly because it’s got a big display to help my failing eyes. But also because it’s got Apple Pay. I’m going to pass on the Apple Watch; I’m sure other Apple Pay wearable devices will be out soon enough (how about cufflinks?).