There have been a lot of pretenders to the throne, but mobile payments have yet to take off in the United States for a variety of reasons. Credit cards have been ubiquitous and accepted at every online storefront. Mobile software has been buggy and cumbersome to use. eWallets were numerous and offered conflicting standards. And until the last few years, many people didn’t have smartphones to run the software anyway.
These inhibitors have for the most part vanished: now almost everyone is buying an Apple or Android smartphone. Credit cards are now at risk and breeches have become more numerous, or at least are reported more often, with the latest Home Depot and previous Target exploits as notable examples. Square has revolutionized the ability for any merchant to accept credit cards using their iPad or smartphone.
But more importantly, Apple has entered the game, with its Apple Pay and Passbook software that will be available next year.
The goal is to use better point-of-sale terminals that don’t rely on embedded Windows XP or older, less secure operating systems and credit card swipes. Instead, retailers will upgrade with terminals that don’t require any physical contact with your phone, using a special radio device called near-field communications that works like Bluetooth only at shorter distances. When a customer wants to pay, they send a special sequence of numbers that is unique to that transaction, so the merchant never transmits the actual credit card number through its payment network. Even if a criminal were to eavesdrop on the transmission, the information wouldn’t be of much use to them.
So the first attraction is better security, something that will take a major infrastructure upgrade to the payment networks, to the actual retail stores, and for consumers to upgrade their phones too. All of these aren’t a slam-dunk and will take some time. Outside of the US, most developed countries have upgraded their credit card systems to have special chips in them that can protect them better than the simple magnetic stripe that we use here.
The second attraction is that Apple has tremendous market power, and can unify the numerous wallet software versions behind its standard. You can read up on what is involved in adding Pay to your particular application here. Whether Android users will ever have access to this technology isn’t clear.For now, you must have an iPhone 6 or 6+.
Third, Apple has very cleverly focused on using the touch sensor on its newer phones as the gateway drug into its wallet system. Passbook was very clunky before the touch sensor; perhaps this will give the whole idea a needed boost.
Finally, Apple has signed on the major payment processors up front, eliminating one of the challenges faced by other wallet developers.
Security firm FireEye writes on its blog, “If Apple can implement its near-field communication payment system correctly, it can absolutely increase security, guarding against the disastrous types of credit breaches that have dominated headlines.” There is one weakness still: users must first enter their credit cards via taking a picture using their iPhones or typing in the information. If malware is present on the phone during this process, this information can be copied and abused.
Certainly, criminals are adaptable folks, and can focus their efforts on exploiting the new wallet technologies and point-of-sale readers. As FireEye says, hackers will “redirect their efforts toward the next weakest link in the [payments] chain.” We’ll see if Apple Pay can change the course of mobile payments soon enough.