To absolutely no one’s surprise, Apple announced the iPhone 6 on Sept. 9 in the usual over-the-top event, complete with a short concert by legendary rock band U2. There are actually two versions of the iPhone 6, the standard one and the 6 Plus, which has a larger screen, better battery life, and some features such as optical stabilization for the camera.
The new iPhone is probably the biggest departure from its predecessor of any iPhone. Besides having a new and faster processor, the 6 comes with more memory on most models, better mobile radios, better WiFi, a better camera, a more flexible user interface, and even a one-handed keyboard reminiscent of the one on BlackBerry 10 devices.
But the most significant improvement to the iPhone’s user experience comes from a feature you can’t see and which may be more important than any of the others. That new feature is Apple Pay.
While Apple Pay is a wallet app, the differences between it and other digital wallets is significant. In addition to being supported by MasterCard, Visa and American Express, Apple Pay effectively virtualizes your credit cards so that the merchant never gets the number. Instead it stores an encrypted version of the card using a chip called the Secure Element.
The way it will work when it starts operating in October is that consumers will take a photo of their credit cards using the iPhone 6 camera. The first card becomes the default payment card, but any number of other cards can be added as well. The iPhone will let them make a payment using Near Field Communications (NFC) and a wireless enabled card reader, of which there are many.
The important part is that the merchant gets the credit authorization and the charge goes through while the credit card number is never provided. Instead, Apple creates a single use number just for that transaction. The merchant doesn’t keep the number and neither does Apple. Because the card number is created for each transaction, it wouldn’t matter if they did keep the number—it still couldn’t be used.
Furthermore, the details of the transaction don’t go to Apple, so the company has no idea what was bought or how much was paid. Apple Pay also works for online transactions with a variety of vendors, including Target and Uber, although obviously NFC isn’t part of those payments.
By now you’re probably saying to yourself, “Hey—that Home Depot breach never could have happened with this!” and if you did say that, you’d be right.
For consumers using the Apple Pay system, there is little chance that their payment card information would be stolen. For merchants, this is a plus because it dramatically reduces the risk of data loss—not that the data can’t be lost, but because it won’t matter after the transaction is complete.
Apple Pay Could Be a Credit Card Security Game Changer
The news about Apple Pay is that it’s hitting the market just as merchants are in the process of upgrading their point of sale terminals to accept cards with EMV chips. Virtually every EMV enabled terminal is also able to handle NFC, which means that both payment systems can be enabled at the same time.
“From an acceptance perspective, the timing is really good for merchants,” said Randy Vanderhoof, executive director of the Smart Card Alliance, the group that’s coordinating the move to EMV chip-equipped credit cards. “Many are already looking to install new POS terminals to accept EMV chip cards, so they can also look at enabling NFC acceptance at the same time. Both features are available on most POS terminals shipped today.”
Vanderhoof noted that while consumers have previously shown support for NFC payments, restrictions on which payment card could be used slowed adoption of wireless payments. “No one can change consumer behavior like Apple,” Vanderhoof said in a prepared statement. “This move will make the market for mobile payment explode. And it is a great endorsement of NFC technology as the best way to secure mobile payments.”
“This could be the turning point for NFC that will make it a commonplace technology,” Vanderhoof said.
Right now, five of the biggest U.S. banks will be working with Apple Pay when it’s rolled out. They include Capital One, Bank of America, Chase, Citibank and Wells Fargo. A number of smaller banks will be joining Apple Pay in the near future.
Most stores that accept contact-less payment cards will be able to accept Apple Pay, with some major retailers stepping up immediately, including Macy’s and McDonalds. Unfortunately, Dunkin Donuts isn’t on the list yet, meaning I’ll have to keep paying cash for my coffee.
There are, of course, some concerns. The first is whether Apple can be successful at keeping hackers out of Apple Pay. Once it takes off, Apple Pay is going to be a high-profile, high-value target. Fortunately, Apple has managed to find ways to keep snoops out of its iOS devices, including being able to (some say) block the NSA. But whether Apple can block the hackers remains a question.
The second is whether Apple Pay will be available in some way so that other vendors can use the network. While it’s unlikely that Apple will be willing to provide critical information to Android or Windows app designers, the fact is that payment card security is everyone’s problem, and it is important that Apple not prevent other devices from using such security.
Perhaps if Apple Pay or something like it takes hold, stories like the Home Depot or Target breaches won’t keep happening.