Some Apple Pay Notes

I’ve already written about Apple Pay (1, 2) and I’ve highlighted the fact that Apple does not store customer and transaction data. I also mentioned that this might be very attractive for merchants, banks and credit card companies.

As weeks pass from the big announcement on September 9th, more details about the system have been trickling out. An article by Yoni Heisler gives us a more in-depth look, and of particular interest to myself, it gives us the reason why credit card companies might be fully behind Apple Pay.

The credit card companies and other players in the transaction chain are a very important for the success of Apple Pay. Although a lot of attention focuses on the convenience of payments, the reality is that convenience itself is seldom a driver of adoption. In fact, I believe that looking at convenience alone is completely the wrong approach.

Instead, if there is a tangible cost saving associated with Apple Pay adoption, we can expect either merchants or credit card companies to aggressively entice customers to use Apple Pay. In addition to simply putting up notices in the store, this also may be via bonus loyalty points or discounts. Hence the financial benefits will be shared with customers, giving them a financial incentive to use Apple Pay. This will be a much stronger driver of adoption compared to convenience alone.

Yoni Heisler’s article clearly shows where the cost savings with Apple Pay are. Also if you consider the huge size of the savings that the article mentions, it is no wonder that merchants and credit card companies will be very eager to adopt it.

Noyes’ statement brings up an interesting point, namely that the fundamental aspects of Apple Pay weren’t concocted in Cupertino. Rather, Apple Pay was designed in accordance with an emerging token-based mobile payments standard which aims to increase security and reduce the incidence of fraud. To that end, Apple is getting into the mobile payments space at just the right time. So while Apple isn’t necessarily inventing the wheel here, Apple Pay again represents the first real implementation, on a massive scale no less, of the relatively fresh tokenization specification.

That said, it’s not as if Apple took the easy way out and simply developed Apple Pay to conform to the most general requirements for token-based transactions. On the contrary, sources at two top credit card companies who helped work on the implementation of Apple Pay told me that large technical teams from Apple, credit card companies, and banking institutions worked tirelessly over the past few months to implement additional layers of security into the Apple Pay platform.

What this says is that Apple Pay was developed in concert with credit-card companies. The credit-card companies have essentially invested as much in Apple Pay as Apple has. The reason for doing this is to reduce credit-card fraud which costs billions of USD to credit card issuers and merchants. The financial rationale for credit-card companies investing in the increased security is plainly obvious.

Token transactions as they have been implemented for Apple are a new and much higher standard of security for electronic payments. The amount of security built into provisioning tokens and supporting transactions is a new standard that I think will definitely shift fraud patterns going forward.

If it does indeed become the standard, then Google may have a problem as I mentioned in a previous post.

Apple Pay Momentumn

In a previous post, I described some differences in how Apple Pay handles data relative to Google Wallet, and discussed some implications. I also linked to an article on the New York Times (“Banks Did It Apple’s Way in Payments by Mobile”) that suggested that banks and credit card companies are quite eager to work with Apple Pay.

The interesting thing is, we are hearing about this more and more every day. Banks really do seem to be eager to get on board. For example, the Financial Times has an article titled “US banks race to gain Apple Pay card advantage”.

This kind of activity suggests that Apple Pay may at long last crack the nut on mobile, NFC payments.

Getting the channel this excited is a very, very big deal.

What If Apple Pay Succeeds?

Similarities and differences

Apple announced its entrance into mobile payments on Tuesday. In many ways it is very similar to the ill fated Google Wallet. They both use NFC technology and they both use software on your smartphone. In terms of security, they are both vastly superior to credit cards and their magnetic strips (or 3-digit security codes). I do not claim to know the details of both systems, but at least superficially, they seem to be much more similar than different.

What seems to be very different is the way they handle privacy issues. Eddy Cue, during Tuesday’s announcement, strongly emphasized that Apple will not store credit card details on the phone, nor will they store transaction details.

We are not in the business of collecting your data. So, when you go to a physical location and use Apple Pay, Apple doesn’t know what you bought, where you bought it, or how much you paid for it. The transaction is between you, the merchant and your bank. It’s fast, it’s secure and it’s private.

This means that Apple cannot use and is not interested in using Apple Pay as a means to collect point-of-sales data.

Obviously, this data is extremely valuable for advertising. Hence for a company like Google that generates the vast majority of revenues from targeted advertising, this data is too important to simply discard. In the Google Wallet Privacy Notice, Google says the following;

When you use Google Wallet to conduct a transaction, we may collect information about the transaction, including: Date, time and amount of the transaction, the merchant’s location, a description provided by the seller of the goods or services purchased, any photo you choose to associate with the transaction, the names and email addresses of the seller and buyer (or sender and recipient), the type of payment method used, your description of the reason for the transaction, and the offer associated with the transaction, if any.

Regarding how Google plans to use the data, they say the following;

In addition to the uses listed in the Google Privacy Policy, we use the information you provide us, as well as information about you from third parties, in order to provide you with Google Wallet services, and to protect you from fraud, phishing or other misconduct. Such information may also be used to assist third parties in the provision of products or services that you request from them.

This basically means that Google will treat your financial transaction data in the same way as they treat other data; it will be used to learn as much about you as possible, and to send you advertisements.

Can Google change its business model?

If Apple Pay is to succeed, it is very possible that Apple Pay’s business model will be the reason. Merchants and credit card companies will be understandably more willing to work with a company that promises to do only a single function, rather than work with a company that could possibly disrupt them in the future. However, this is not what I want to discuss. I am more interested in what would happen if Apple Pay does succeed.

Let us assume that Apple Pay does succeed and the business model plays an important role in it. Since all previous attempts have failed, this will set the standard for mobile payments. Merchants and credit card companies will expect new entrants to abide by store-no-data policies that are similar to Apple Pay.

Google will naturally have a hard time with this. Accepting a store-no-data policy directly conflicts with their basic business model. It will be interesting to see how Google will manage the situation.

Will other companies step in?

If Google hesitates to provide a store-no-data policy mobile payment solution, other companies might step in. For example, Samsung might add a mobile payment feature to their Samsung Wallet app. Samsung has a large share of the high-end Android market, and hence has access to a large proportion of the customers whom are attractive for a mobile payment scheme. They can also incorporate specialized hardware (secure enclaves and/or biometric sensors) which will enhance security.

Moreover, Samsung has no business model conflict in adopting a store-no-data mobile payment scheme. Like Apple, Samsung makes money by selling phones. They make money when their phones are better and have more meaningful features than the competition. In fact, Samsung would very much like to differentiate itself from the Android competition by including any compelling features that Google will hesitate to provide. If they can make money while doing this, that’s wonderful for them.

Other companies may also step in with a different business model, but still abiding a store-no-data policy.


Some other articles that suggest that Apple store-no-data policy is a big deal, but that other companies could technically adopt the same scheme if they were willing (Google does not currently seem to be willing);

“Here’s How the Security Behind Apple Pay Will Really Work”

There are a number of interesting implications here. First, while it may seem that Apple isn’t using any new technology, Lambert maintains that the combined use of tokens and biometric security features distinguishes Apple Pay from others. Second, Apple will not be handling the tokenization — the credit networks like Visa and MasterCard will be doing so. This essentially takes Apple out of the payment process — Lambert said that Apple will be acting “more as a channel and not a party,” and Apple already said in its major product announcement this week that it will not retain any transaction data. With Apple acting as a payment conduit and not a processor, it would already see little data, but Lambert said Apple has put up “some Chinese walls” to further prevent it from gaining access to payment data.

“Google Wallet Is Leaking Money”

For Google, the goal wasn’t to generate fee revenue from the transactions, as banks, PayPal (EBAY), and other companies do. The idea was to collect data on consumer habits and target ads to them. Google pays such high fees to the credit-card companies it works with, though, that it loses money on every transaction, says Osama Bedier, who stepped down as head of Wallet on May 20 and will shortly leave the company.

“Banks Did It Apple’s Way in Payments by Mobile”

“There are schemes that don’t respect and honor the payment networks,” said James Anderson, the senior vice president for mobile product development at MasterCard. “We want to invest in programs that respect our role in the ecosystem.”