
Apple warns of risks from German law to open up mobile payments - kayoone
https://www.reuters.com/article/us-apple-germany-apple-pay/apple-warns-of-risks-from-german-law-to-open-up-mobile-payments-idUSKBN1XP16M
======
aedron
The EU has been making some good moves in opening up the payment services
industry through regulation. The biggest example is the PSD2 regulations
passed in 2015[1]. Among many other things, this law requires banks in the EU
to expose APIs into their systems, that allow third parties to make transfers
to and from the bank's accounts, only subject to proper customer
authentication and AML compliance. This essentially lets third parties build
universal payment services on top of existing banking infrastructure.

> The law highlights the growing desire in Germany for tighter regulation of
> U.S. technology companies.

No, this highlights that the EU is willing and able to regulate markets to
keep them open to all participants.

Looking forward to laws opening up this sector even more.

[1]
[https://en.wikipedia.org/wiki/Payment_Services_Directive#Rev...](https://en.wikipedia.org/wiki/Payment_Services_Directive#Revised_Directive_on_Payment_Services_\(PSD2\))

~~~
Roark66
Yes, PSD2 is good, but I'm wondering why they didn't go further and mandate
something like UK's Open Banking.

The difference is that currently in EU banks are forced to expose a banking
API, but every bank can have their own API. While in UK there is one API
standard that banks are supposed to allow to be used.

So writing an app for EU one has to deal with tens (if not hundreds) of bank-
specific implementations while in UK one is all that's needed.

~~~
intarga
The real result of this is aggregators appearing, which present a unified
interface to all banks, hiding the implementation details under their own
interface. i.e [https://www.neonomics.io/](https://www.neonomics.io/)

------
jeroenhd
Apple could've probably easily prevented this if they had allowed banking
payment apps from the beginning, like Google did.

Without an exclusive payment system, they would just be a payment alternative
that would be way more user friendly than their competitors and everything
would be dandy. I'd even consider it to be a reason to buy an iPhone, given
their super simple UX flow compared to even the most user friendly bank apps.

I hope not just Germany, but also the EU will take action against companies
like Apple. These exclusive networks that serve no purpose other than vendor
lock-in are a lose-lose scenario for customers and even the most rabid Apple
fans should see how shitty their behaviour is.

They've made their bed and now they will have to lie in it. Good on Germany
for taking action.

~~~
systemtest
I've seen the mess that banking apps on Android made. Not supporting certain
phone models despite having NFC, needing a special SIM-card for the secure
element, horrible UX. Multi-bank support meant switching between apps before
payment. It's better now but far from perfect.

The benefit of the Apple Wallet for customers is having all your cards in one
app, available from the lock screen. The benefit to the bank is that they
don't have to make an app, they just need the back-end integration with Apple
Pay.

~~~
imtringued
>The benefit of the Apple Wallet for customers is having all your cards in one
app, available from the lock screen. The benefit to the bank is that they
don't have to make an app, they just need the back-end integration with Apple
Pay.

I don't understand this. If you can just add a credit card or a bank account
via direct debit then why does Apple Pay require cooperation from banks at
all? The primary reason why those banks want their own app is because Apple
doesn't want to integrate them into Apple Pay.

~~~
hwbehrens
There are additional privacy layers in the system, such that every time you
make a purchase, a temporary card number is generated and used, rather than
your actual card number. This is beneficial as it prevents the retailer from
tracking your purchases, but requires interactive participation from the bank,
which needs to map that number to your actual card number in real time. As
part of the onboarding process when you enroll a card, your bank must confirm
the enrollment to ensure this process can take place.

It seems to be part of a multi-step key exchange mechanism [0] mediated by
Apple but stored locally at either end, ensuring that Apple does not retain
your card details at any step of the process. Of course, without bank
participation, there aren't two parties to actually mediate _between_.

[0]: [https://support.apple.com/en-us/HT203027](https://support.apple.com/en-
us/HT203027)

~~~
mercutio2
“Every time you make a purchase, a temporary card number is generated and
used”

This is a common misconception. Every device receives a unique DAN, but when
multiple transactions happen across time using the same device, the merchant
will receive the same DAN.

This allows individual devices to easily be invalidated by the issuer, but it
doesn’t really provide much privacy benefit from, say, merchants aggregating
personal information based on your purchasing patterns.

------
izacus
Of course the monopolist is warning against having to allow competition to
their market. Nothing to see there.

If Apple Pay is so much better than what the banks offer (which it probably
is), then there's no issue, people will continue demanding and using it. It
will force Apple to improve their product over what the banks can do
constantly and that's how we customers win.

~~~
Matt3o12_
I think the problem here is that Apple wants payments on the iPhone to be
secure, easy and private. If they gave banks full access to the api, they
would do what’s in their best interest (reusing CCs numbers accross vendors,
making it harder to use more beneficial cards, less transparency). This would
mean that paying on iPhone would be considered harder or more inconvenient
then using a card because many consumers don’t know the difference between
Apple Pay and their bank app’s payment system. It would also mean that fewer
banks adopt Apple Pay, which is already not that great in many countries.

I’m honest not sure if opening up the system would be a net benefit. There are
certainly advantages to keeping it closed but we also miss many great
opportunities with NFC because of that. I would expect Apple to open it up
eventually, when users become used to using Apple Pay and expecting the same
convinces from their bank app

~~~
rat9988
> Apple wants payments on the iPhone to be secure, easy and private.

I don't trust apple for that more than I trust my bank anyway.

~~~
AmericanChopper
> I don't trust apple for that more than I trust my bank anyway.

Having worked for many banks, I’d advise you to reconsider that position.

------
thefounder
>> We are surprised at how suddenly this legislation was introduced,

Meanwhile we, the Apple clients are surprised why it took so long to pass this
legislation. I still wonder why nothing is done against the appstore/google
lock-in.

------
edualm
I don't see anything good coming out of this law, honestly. I've read some
other commenters saying that Apple doesn't want to talk to small banks, but I
find that to be the complete opposite of my experience.

Here in Portugal, only one bank supports Apple Pay, _and_ it's a small one
(apart from N26/Revolut, the online ones). None of the bigger banks support
it. Instead, they all support a national app that uses QR codes on iOS and
NFC/QR on Android for payments (but its UX is much worse, even on Android
where it uses NFC, and has a load of other problems - since it's properietary
it doesn't work internationally, etc.). Of course, there is no Google Pay
support at all here, and I blame the fact that NFC payments are supported on
their own app. There's even less incentive for them to support Google Pay at
all, and that's exactly what happened. I'm afraid that Apple Pay would be
dropped if Apple was forced to open up NFC for payments.

------
icebraining
Does anyone know which law it is and can post an English translations? Feels
like this HN thread will be too vacuous if we don't know what we're
discussing.

~~~
lorenzhs
[http://dip21.bundestag.de/dip21/btd/19/151/1915163.pdf](http://dip21.bundestag.de/dip21/btd/19/151/1915163.pdf)
from page 77, § 58a. IANAL but it looks like it matches the summary from the
article pretty well. There are some exceptions, like if you can _prove_ that
opening it up would weaken the security. But it's rather clearly tailored to
apply to Apple Pay.

Here's a lightly touched-up translation courtesy of deepl.com -- not sure if
the references made it intact (and pretty sure the legalese didn't), but it's
using "clause" to refer to the numbered sub-paragraph things:

 _§ 58a: Access to technical infrastructure services in connection with the
provision of payment services or the conduct of electronic money business

(1) An enterprise which contributes to the provision of payment services or
the operation of electronic money business in Germany through technical
infrastructure services (system enterprise) shall be obliged, upon request of
a payment service provider within the meaning of § 1 Clause 1 sentence 1
numbers 1 to 3 or of an electronic money issuer within the meaning of § 1
Clause 2 sentence 1 numbers 1 or 2, to make these technical infrastructure
services available without delay and subject to reasonable fees and reasonable
conditions of access. The provision within the meaning of sentence 1 must be
designed in such a way that the requesting enterprise can provide or operate
its payment services or electronic money transactions without hindrance.

(2) Clause 1 shall not apply if, at the time of the request, the system
operator is not a company whose technical infrastructure services are used by
more than 10 payment service providers within the meaning of § 1 Clause 1
Sentence 1 Nos. 1 to 3 or e-money issuers within the meaning of § 1 Clause 2
Sentence 1 Nos. 1 or 2 or which has more than 2 million registered users.

(3) In exceptional cases, the system operator shall not be obligated in
accordance with Clause 1 if there are objectively justified reasons for
refusing to make the service available. These are particularly present if the
system enterprise can prove that the security and integrity of the technical
infrastructure services is specifically endangered by the provision. The
rejection must be comprehensibly justified.

(4) If a system enterprise culpably infringes clause 1, it shall be obliged to
compensate the inquiring enterprise for the resulting damage. The ordinary
legal process is given.

(5) The duties and responsibilities of the cartel authorities under the Act
against Restraints of Competition shall remain unaffected._

~~~
icebraining
Thank you!

------
Ensorceled
I'm not sure I understand this law. My Apple Pay already hooks up to my
finance company's Mastercard and my bank's Visa. Who is getting access to
compete for service under this law? The banks? Some other payment processors?
Would it just be somebody else hooking up my credit card instead of Apple?

~~~
krzyk
Apple takes quite a huge amount from each payment (~10% I heard) so if you
could hook up the same credit card using e.g. Google Pay, the bank would pay
only e.g. 5% (I made that number up) per transaction.

Consumers don't see it, so this competition on iOS would benefit mostly banks
if you think only about costs, but there is another side to this.

If my bank doesn't support Apple Pay, but supports Google Pay, then I can't
use my iPhone to do payments because Apple prohibits Google Pay to access NFC.

~~~
narrowtux
> 10% per payment

that'd be ludicrous. I found a source that says 0.15% which is way more
reasonable: [https://www.macrumors.com/2014/09/12/more-apple-pay-
details/](https://www.macrumors.com/2014/09/12/more-apple-pay-details/)

~~~
Ensorceled
I'm amazed when people assert stuff that is ludicrous on the face of it.
Places that have signs that say "no Amex" because it's 1% more fees are also
implementing Apple Pay ...

------
mscasts
Thank you, Germany.

I love the EU and it's countries more and more for every news article like
this.

~~~
Angostura
What do you like about this regulation? What do you see being implemented in
practice and how will it change the customer experience? I seriously don't see
the advantage.

~~~
zihotki
In order to implement Apple Pay in a country, a bank needs to beg Apple. And
it looks like Apple doesn't care about smaller banks and small countries at
all. For example, in NL they allowed only a few biggest banks to implement
Apple Pay.

~~~
briandear
Apple wants every bank. The discrimination comes from the payment processors —
it’s likely that those payment processors who handle transactions for the
local banks don’t care about the smaller banks. For example, FirstData in the
US drove and facilitated adoption — it wasn’t the banks that reached out to
Apple or vice versa. It’s fun to say something like “a bank needs to beg
Apple,” but that is just not based in any sort of fact. Instead your comment
attempts to paint a picture that big, bad Apple is mean to little banks when
the truth is far more complex and has little to do with Apple and everything
to do with payment processors. It’s also very likely your small bank doesn’t
want to pay the 15 basis points on credit or the 3 basis points for debit.

But saying Apple doesn’t care about smaller banks — that’s just a lie. Some of
the smallest banks all across the US are using Apple Pay. It’s possible and
probable that your bank just does want to offer Apple Pay.

Here is an interesting article from 2015 about banks and Apple Pay:
[https://www.bankdirector.com/issues/technology/becoming-
an-a...](https://www.bankdirector.com/issues/technology/becoming-an-apple-pay-
bank-should-you-do-it/)

Please note the lack of “begging” involved in the process discussed in the
article linked above.

------
PeterStuer
Having sat in on some PSD2 fintech 'opportunity' presentations, I'm without
doubt that, while well intentioned, the brave new world of 'open banking'
regulation will be hell for consumers and a windfall for the least scrupulous
in the fintech sector.

------
BadThink6655321
If Apple has to open their infrastructure then there needs to be reciprocity.
I want Apple Pay. I don’t want Wal-Mart pay, Starbucks pay, CurrentC, ...

------
systemtest
What would stop Apple from disabling NFC inside the German borders? Germans
use cash for most payments, so they wouldn't lose too many customers.

------
thierryzoller
Sounds like this is just the Payment Service Directive ? Someone at APPLE must
have slept while on the wheel for years.

------
kayoone
I would not be surprised if instead of complying, Apple would just disable
ApplePay for Germany altogether.

------
simonh
I'm not against a law like this in principle, at least I don't have an
instinctive aversion, but it seems a mistake to ram it through without any
consultation or a proper review by technical and financial experts. And by
that I don't just mean industry insiders, but security researchers, etc.

~~~
martin_a
> without any consultation or a proper review by technical and financial
> experts

Nah, that would just have opened the door for more lobbyism. Apple seems to
have strongly worked against this law, seems like even the US ambassador was
involved [0, about half way on the first page]. Looks like somebody hit a very
sweet spot and an easy cash cow for Apple.

We need more open markets for processes like this. It's just fine that Apple
has to open up.

[0]: [https://www.heise.de/newsticker/meldung/Lex-Apple-Pay-
Bundes...](https://www.heise.de/newsticker/meldung/Lex-Apple-Pay-Bundestag-
bestimmt-offene-Schnittstellen-fuer-Bezahldienste-4586773.html)

~~~
simonh
So you can guarantee there are no security or privacy compromises in doing
this?

~~~
wsy
What Apple is forced to allow now is already practice with Android phones. So
we are really not talking about something new and risky, this is well-
established technology.

~~~
Ensorceled
We don't know how NFC is implemented on iOS. It could be tightly bound with
the iOS Secure Enclave and then it's NOT "well-established technology" since
Android uses different architecture(s).

~~~
wsy
The law has a provision for this case, but I highly doubt there is a technical
reason for not opening NFC on iOS.

~~~
Ensorceled
Yeah, this would definitely be a "show your work" situation if Apple said it
wasn't possible.

------
harperlee
Due to an anti-money laundering law? This sounds exactly like PSD2...

------
C1sc0cat
A motion Passed quickly late at night that doesn't seem at all odd.

Given that Angle Merkal wanted it pulled (for good reasons) sounds like this
was bounced though by either the greens or maybe by conservatives with input
from the German backing sector

------
Notz
Hi guys

------
classified
Apple's complaints were predictable. If we let them, they'll also argue that
hair loss or bad weather endanger the security of financial transactions.

