With Apple Pay, Apple just took payment security to the banks
Thursday 11 September 2014
- Analysis for The Conversation by Steve Worthington, Adjunct Professor, Swinburne University of Technology
Today’s launch of the Apple Pay mobile payments service has the potential to eliminate the need for us to carry payment cards in our purses or wallets - but as always converting potential to reality is not a given.
The new service will be available on the iPhone 6 and the Apple Watch and is activated by the customer taking a photo of their payment card(s) on their iPhone which then verifies the card with their card-issuing bank. The customer can then hold their device near a contactless reader and verify the payment with their finger, using Apple’s Touch ID system.
The biggest US banks and the major payment card acceptance marques, such as MasterCard, Visa and American Express have agreed to be part of the Apple Pay service. The banks will however have to give up some of the merchant service fee they currently charge the merchants for accepting payment cards.
It is uncertain whether Apple Pay will be widely accepted by merchants, as their acceptance might trigger even more use of payment cards and hence even more fees. Fast food chain McDonalds has signed up to accept Apple Pay in the USA, although there are some suggestions that rather than being a feature at the point of sale (POS), Apple Pay’s advantage might lie in online shopping, where the need to type in payment card information is an annoyance for consumers.
Australia vs the US
Apple’s target in the US is the five-decades old magnetic strip which is on the back of payment cards, Instead, Apple Pay will use Near Field Communication (NFC) technology to effect the payment. This may hinder its acceptance as the US has yet to fully adopt the “Chip and Pin” technology that underpins the use of payment cards in Australia, in particular the use of “contactless” cards, which the consumer merely waves at the POS terminal in what is called a “Tap and Go” transaction.
Some Australian retailers and banks are already trialing their own online payment technology, with for example Coles testing an eftpos system for web purchases, which allows users to make online payments with a username and password, without having to enter their payment card details.
This system, which will compete with PayPal, also allows both merchants and consumers to set heir own limits, which will trigger additional security features. In July, Coles also launched the Coles Mobile Wallet which enables their customers to make contactless payments, using a Coles Pay Tag, which is attached to their mobile phone.
Competing on security
In their responses to the interim report of the ongoing Financial System Inquiry, both PayPal and eftpos stress that while new technologies such as mobile payments enable innovation, this should not be at the expense of the security, integrity and reliability of payments. This is particularly pertinent given the news earlier this month that US DIY retailer Home Depot had its payment systems breached by hackers and data stolen from customers who shopped at any of its US or Canadian stores. This could compare in scope to the theft that hit US retailer Target earlier in 2014, in which data on 40 million credit and debit card transactions at their stores was stolen. This resulted in the banks having to re-issue cards to all of the affected customers and offer redress to any cardholder whose data had subsequently been compromised.
The question of customer redress is a challenge to any new innovator in the mobile payments space. If a physical payment card held by a customer is compromised through no fault of the cardholder, then redress is a relatively simple process of contacting the card issuer and letting them deal with the fraudulent use of the card and to reimburse the cardholder.
For a mobile payment transaction the redress process is less clear - does the customer contact the phone network who is their service provider? Or the payment system that the compromised transaction took place on? The US currently has the world’s biggest card fraud problem, with losses up 14.5% to US$5.3 billion in 2012. This is one of the attractions of Apple Pay, in that it does not transmit the card details, thus making card fraud less likely.
The traditional suppliers of payment services be they financial institutions, acceptance businesses or relatively new entrants such as PayPal, may have to step up their focus on the security, integrity and reliability of their systems, to persuade both consumers and merchant.ts that their products are inherently safer than Apple Pay.