A Look At OS X Yosemite And iOS 8.1
by Brandon Chester on October 27, 2014 8:00 AM ESTApple's Foray Into Payments
Apple has made two announcements this year that show an expansion into areas outside of the technology industry. The first was Apple Watch, which is most definitely a technology product but looks positioned against the current premium watch industry just as much as against current smartwatches on the market. The second was Apple's foray into the payment industry, Apple Pay. While Apple Watch won't be around until next year, Apple Pay is here right now with one caveat. Apple Pay currently only works in the United States, or more specifically, only with a credit card issued by a United States bank. However, the service will eventually be expanded to support cards issued by banks in other countries.
How Apple pay works is fairly straightforward, that's the entire point of it. If the region on your device is set to the United States, the passbook app will contain a card that allows you to add a credit or debit card. You can then either type your info in, or use your camera to get the information from the card. Once the card is verified by your bank, you will have a card that appears in passbook and you're ready to start using Apple Pay. From the user's perspective, Apple Pay is simple and easy to use. But what goes on behind the scenes to keep everything secure can be quite complicated.
Security
The first thing to know is that your credit card information is never stored on the phone. Upon adding a credit card, the information is encrypted and sent to the appropriate issuing bank which confirms that the card is valid. A token is then sent back to the iPhone and stored in the secure element, which is essentially just an internal smart card chip. This token, not your credit card number, is what is used during payments. Apple's marketing and technical material refers to it as a Device Account Number. The token itself resembles a credit card number, but the only similarity between it and your card is the 4 digits on the end.
The use of tokens is where much of the security of Apple Pay comes from. By removing the actual credit card number from the equation, the merchant you're paying never gets to see your credit card number, security code, or your name. The token presumably is also only linked to the actual credit card via some database held by the bank, rather than some sort of equation that could be reverse engineered. This means that even in the event where a merchant is hacked and your token number shows up, it is entirely useless because it does not function as a credit card and is tied to the iPhone it was used on.
Beyond the overarching security, there's additional security at the time of payment. It begins with the use of Touch ID for authorizing payments. Although Touch ID launched with the iPhone 5s which does not have the necessary NFC hardware to use Apple Pay, I believe that this sort of service was the original goal when Touch ID was first being created. Paying with Apple Pay requires using Touch ID to verify your fingerprint. This prevents anyone from making purchases using your iPhone if it is lost or stolen.
One thing to note is that Apple Pay is not just a service for making purchases in stores. It also works for making purchases at online retailers than integrate it into their applications. All the security features that I've described apply to both in-store and online purchases, so there's no compromises on either side.
Going Forward
Making Apple Pay successful is going to take a lot of work on both Apple's part and on the part of retailers. Currently the service only works with cards from US banks, leaving out the rest of the world. Apple needs to expand the service much quicker than competitors have done so with theirs. For example, Google Wallet remains a US only service over 3 years after its initial launch. Apple Pay is not going to achieve success if it ends up in the same situation. Apple has given no timeframe for expansion to other countries, but if the iPhone 6 and 6 Plus get replaced by newer models before Apple Pay expands outside the US it will be a worrisome situation.
Apple also needs to convince retailers to support the service. The list of supported merchants on the Apple Pay section of their website has grown since its initial launch, and if Apple Pay is ever going to be a viable way to make everyday purchases that list needs to continue to grow. Work by banks to increase adoption of NFC capable terminals will also speed up this process, as Apple Pay works with existing NFC enabled checkouts. Apple also faces resistance from retailers that are partnered with other payment systems. Recently there have been reports that merchants who support the CurrentC mobile payment standard are disabling NFC on the payment terminals in their stores to block Apple Pay. I don't believe this will be an issue in the long term because consumers will realize when companies are prioritizing their own agenda over the customer's experience and they'll go to other retailers. If Walmart won't support Apple Pay and a customer wants to use it, they'll just go to Target instead.
As someone who doesn't live in the United States, I'm hopeful that the service will expand to Canada before this iPhone becomes obsolete. There are many obstacles in the way, but Apple appears to have put more effort into working with banks and merchants to get the service off the ground than any of the other mobile payment services we have today. How things play out will only be revealed with time.
Facebook
Twitter
RSS
173 Comments
View All Comments
KoolAidMan1 - Monday, October 27, 2014 - link
Maybe its because the products are actually good?Nope, its collusion and misinformation, says the fanboy.
mabellon - Monday, October 27, 2014 - link
Cool links. I completely forgot Samsung even had this. It would be nice if it was at least mentioned in the article.That said, Samsung's solution is the cheap hacky thing you do when you don't control the software on both platforms. It's mostly just shared input (keyboard/mouse) and copy+paste support. For example, using your phone as a second screen to respond to an SMS while cool is not at all the same as responding seamlessly from the OSX Messages app. Better than nothing and still would have been nice to see a mention in the review.
Also, I read the links you posted and they had nothing to do with the actual point made by Brandon in the article. His point was that there was no incentive to purchase a SAMSUNG laptop. As far as I can tell, Samsung SideSync works with any Windows PC. And frankly that makes sense because Samsung doesn't sell that many PCs.
Bob Todd - Monday, October 27, 2014 - link
Frankly, that looks retarded. My Atrix had a laptop dock with some full desktop Linux apps like Firefox, that doesn't mean it was a good experience. And that's the key here. Features for the sake of features that aren't worth using vs. things that will make your life easier.I'm predominately a Windows and Android user (Apple for work), but the integration with iOS 8.1 and Yosemite has some nice features which I hope Microsoft rips off for Windows 10.
* SMS Relay: don't have to check my work phone for texts, just respond from my laptop
* Answer calls directly from my laptop without fumbling for my phone
* Instant hotspot: don't have to grab phone, unlock, turn on tethering when I need to get online remotely
Even ignoring Handoff, those are nice features that can make your day-to-day life easier. I think Apple has actually been doing a _terrible_ job of integration across their products until now. They are unique in this space as controlling all of their hardware and software. This stuff should have been here 2 years ago.
In my dream world, Microsoft and Google make APIs to do these same things that work between their devices. Chrome OS doesn't fit my needs. Windows Phone app ecosystem still sucks. So unless they work through this together, just one of them building this functionality in a closed manner for _their_ systems won't do me any good.
Impulses - Friday, October 31, 2014 - link
There's literally dozens of apps on Play that accomplish the same thing as SMS Relay... I am jealous of call forwarding tho (then again I don't really talk much on the phone) and super jealous of instant hotspot. I'm gonna have to work on a Tasker shortcut to at least activate the hotspot on my phone from my smartwatch.gudomlig - Monday, October 27, 2014 - link
typical of apple. new features limited to small subset of hardware. why would you ever need applepay for a desktop or laptop is beyond me. and transparent windows and flatter presentation...um windows aero anyone? apple has totally lost their innovation, they are just copying what their competitors have already done.tim851 - Monday, October 27, 2014 - link
> why would you ever need applepay for a desktop or laptop is beyond meProbably as a PayPal alternative.
SirPerro - Monday, October 27, 2014 - link
I know a good paypal alternative. It's called credit card.Apart from NFC/Simplicity for the act of paying in a store, what does apple pay offer in a laptop which paypal/credit cards haven't offered for years?
Furthermore. How is ApplePay supposed to success on a niche operating system anyway?
invinciblegod - Monday, October 27, 2014 - link
thats a horrible paypal alternative. Apparently you forgot why people like paypal, which is that you don't need to make a new account for every website and the website don't get your credit card information.solipsism - Monday, October 27, 2014 - link
1) Pay coming to Mac OS X would mean a secure element on the device, tokens being stored for each card, and perhaps a convenient biometric to help prove your identity, just like Pay on the iPhone 6 series.All that is inherently more secure than storing your actual card numbers on your OS. That said, I think that would be a flawed setup because, currently, Pay rightly only works with direct payments and within apps, neither of which is feasible on a laptop or desktop.
What Apple would have to do is grow their Pay concept into having the financial institutions issue a unique token for each website/company that you have an account with so that if any one of those server's gets compromised it can't be used to make payments -or- create a service that is closer to PayPal so that no website will ever store your personal card data again, but that will mean Apple will be a middle man, which I don't think they want to do.
Regardless of how they proceed the current Pay system isn't complete if purchases on websites are weak point in terms of security.
2) Calling iOS "niche" or simply not including it with a comment about Mac OS X in a discussion about a service to service an ecosystem is ridiculous. Are you going to say that Pay will be useless on Watch that runs WatchOS simply because it will be a new OS when it launches? The multination and financial institutions are already backing Pay. It was a success before it ever launched. This is the future of mobile banking. Now that the path is being paved and the backend rejiggered there is no reason for others (save for contracts) to jump on board with a similar secure end-to-end system.
Bob Todd - Monday, October 27, 2014 - link
You can turn on tethering on your Windows Phone from Windows on your laptop? You can answer calls on your Windows laptop from your Windows phone? You can send/receive texts from your Windows laptop through your Windows phone?Bottom line is that Microsoft is just as guilty as Apple at doing a crap job of integration across their devices.