Meet: Apple Pay

Well its been a huge week for mobile payments, centered around Apple finally throwing their hat into the ring. Looks like a lot of what I anticipated actually made it into to Apple Pay: the incorporation of Touch ID as an authentication method at the point of sale, and shortcutting the on boarding process by using any card stored in your iTunes account (augmented by OCR or image recognition scanning of any new cards that are added).

NFC is not new technology. Still, there are a handful of typical innovations that distinguish this payment experience from others than have come before.

1. Tokenization
This is probably the least sexy feature, but its the most powerful in terms of security. Apple has taken a cue from the existing payment networks (Visa, MC, AmEx) to incorporate using a proxy card number at the point of sale, in the form of a token. The diagram below illustrates how this works: when Apple Pay takes in a user’s PAN (primary account number or card number) the payment network will give back a token that is stored in the secure element on the user’s iPhone, and will take the place of the actual card number at the point of sale. This is accompanied by a dynamic cryptogram that changes often, kind of like the 3 digit security code from the back of your card (or 4 digits on the front of an AmEx card).
Apple Pay tokenization flow

When the user taps their phone on the reader, that token (plus the cryptogram, which again is dynamic and can expire) is passed to the merchant via NFC, and the merchant can accept it because it looks very similar to the traditional16 digit card numbers we already use. The merchant sends along this token through the payment ecosystem, where the token will be translated back into the user’s PAN and the payment will go through, all in half a second. This differs from historic NFC, in that the PAN and card data is never passed in the clear — only the token & cryptogram pass from the phone to the reader. Got it? No? Well, this blog post from Clover breaks it down a bit more, especially for developers.  The end result is a more secure payment method, which will prevent cardholder data breaches like the Target and Home Depot incidents.

2. Touch ID
In Apple Pay, the user might tap their phone on the reader twice: once if the screen is locked to wake up Passbook and open the user’s default card, and once after the user has authorized to pay with Touch ID. If their phone is already unlocked and Passbook is open, that first tap is not necessary.  This is similar to the Open & Tap method I described in Designing Mobile Payment Experiences. As usual, Apple takes special care to handle error flows with care: if the Touch ID scan doesn’t take, there appears to be an alternate method, which employs the user’s phone unlock PIN.

Paying with iPhone6 3. Access
The breakthrough which will be most apparent to users with Apple Pay is the unprecedented number of banks and credit AND debit card issuers supported: American Express, Bank of America, Capital One Bank, Chase, Citi and Wells Fargo off the bat, followed by Barclaycard, Navy Federal Credit Union, PNC Bank, USAA and U.S. Bank shortly after. Compare that to Isis/Soft Card, which only has three (Chase, American Express, Wells Fargo… sometimes credit cards only). Google Wallet supports any card, but at the point of sale uses a virtual MasterCard. Most NFC wallets in Europe, South Korea and Japan are single-issuers or stored value cards. The fact that Apple Pay will support the majority cards used in the US opens up the user base significantly.

Apple pay banks
4. Comfort
Historically, a NFC antenna would be located on the center-back of the phone. Apple has placed their’s near the top of the phone. Why does this matter? It makes presenting the phone to a reader much more natural, given how the majority of user’s hold their phones (via Steve Hoober‘s research). Again, the goal is to make tapping fast and easy. To get a consistent read with Android wallets like Google Wallet and Isis/SoftCard, the user often has to tilt their phone sideways (aka landscape mode) to fit the orientation of the contactless pads on most POS readers. This was reflected in the UI of Isis/SoftCard to that the user’s card is presenting horizontally, as well as in their tutorial diagrams (see below, right).

Apple Pay versus Isis

I’ll  re-visit the Apple Pay experience once the phone comes out next week, but on face value, Apple Pay will no doubt play a huge role in how consumers use and track their day-to-day finances.

How Apple could change mobile payments

As the release of a new iPhone nears (Sept. 9), there are more than a few rumors swirling about whether or not it will have built-in payments capability. This is no different from any other year of course — there have been hints that Apple was at least considering how its mobile products could be used in retail transactions, dating back to their initial patents for an “iWallet” back in 2010.

The initial aspect that many seem to focus on is the tools. Which technology will power an Apple-controlled payment system? Will it be iBeacons? NFC? The Cloud? Light? Sound? These are all perfectly viable methods… but I think the larger question here is the network effect, and what will happen to the way consumers shop and manage their money, when and if Apple steps into the mobile wallet wars.

Let’s start with the numbers:

  • 18% of consumers around the world have an iPhone
  • The first weekend the iPhone 5S with Touch ID went on sale, it sold 5 million devices, with several thousand more sold every day (Apple has sold half a billion iPhones as of July 2013)
  • Apple currently has about 800 million iTunes accounts backed by credit or debit cards, which is twice more than Amazon

Android may have more market share globally, but it doesn’t have near the amount of cards-on-file as Apple. No one does… and that allows Apple to sidestep one of the biggest hurdles when onboarding a consumer into a mobile wallet experience: getting the user to link a funding source to the wallet. Apple users are halfway there already, if they opt-in to using an Apple Wallet.

This means there would be few (if any) lengthy credit card forms to fill out for most users, assuming that their “primary” card is already added to iTunes. No one likes to enter their 16 digit card number and billing address on a tiny form. Its takes too long and it opens up vulnerabilities, real or imagined (though card.io and others are masterful at making this a speedier process). Apple will still have to fight to win their user’s trust, to ensure that their financial privacy is secure. Consumers are more wary than ever of faceless hackers gaining access to their accounts and transaction patterns. Again, Apple has another asset to address this very personal need for information privacy with Touch ID, which could be used as a “lock” for the Apple wallet, and a means by which the user could authorize purchases.

wallet-iconApp icon by vikas1307 @ dribbble

If Apple announces a payments app, especially if it is backed by the established card networks, then mobile payments will no longer be relegated to food trucks and person-to-person transfers. In markets like the US where mobile payments have been slow to take, we could see the usage of mobile payment apps (of all types) double within a year, I would expect.