Maybe I'm old school but I'm actually finding that payment options are getting worse, not better. This is another example of further fragmentation. Tap cards, stripe cards, chip cards - all the machines have different interfaces, some touch screen, some with pens. Not sure about you guys but I forget my credit card pin compared to my bank card pin half the time. I have a way to many accounts to remember already. What happened to just a signature?
It's like someone needs to come up with an interface for payments. That universally accepted. Think of a wall socket for power, 3 prongs, supports 2 prong interface. Works great.
Lets step back. Oh wait, we have one. It's called CASH.
Cash seems to make more and more sense these days. No overage fees for using your own money. Accepted everywhere already. It doesn't get malware and steals your data. It doesn't need charging or have bugs. Doesn't seems as easy to spend when you physically see it leaving your old school wallet.
I for one won't ever use my phone for payments nor will I be looking to work on apps trying to convince others that its fairy land for payments and makes your life better because of revolutionary Apple marketing spiels. Virtual apps on the app stores, fine, I see it makes sense. Brick and mortar, I just don't see it.
And cash? Don't get me started. Cash can be physically lost. Cash can be stolen. When you pay with cash, you get given coins as well as the thing you are buying. Coins suck. To me, cash makes less and less sense these days. In Canada, I never carry any. In California there are enough cash only places (in 2014!) that I have some at most times.
I will probably not know it when I see it, but I look forward to the last day I touch cash.
Last time I came to the US, I realized my cards' magnetic bands weren't working. Would have never noticed otherwise, chips don't wear off. Had to prepare for new cards before my next trip. Chips came so long ago in Canada that I can't recall when. My surprise every time I remember they're still not here.
Then cash only places and having to receive coins; the worst. And then what do you do with the coins, hope that one day you'll get the chance to use them? That never happens. You must accumulate coins in your pockets. Accumulate discomfort and never dare throwing them away. And what's up with cents, what do you buy with a cent?
Back in Canada, all I carry is a debit/credit card (wink) and a health insurance card (wink).
I left Canada in 2008, and I don't remember chip & pin being prevalent as it is now, so it's not quite as "long ago" as you are implying.
But... you might have issues carrying just a credit card. Many places only accept debit due to there being smaller merchant fees and there are still many cash-only places (in Toronto at least).
And seriously? When I end up with cash / change in my pockets I end up using it. Your comments about "OMG! What do I do with physical money?! It's sooooo useless" are a bit hyperbolic.
You dump the coins in a change jar on top of your dresser. Then once a year or so, when you have accumulated $100 in coins, you bring the jar to a coinstar machine at your local supermarket and get the coins converted to an Amazon gift certificate.
The chips may not, but the contact surfaces corrode. Then, when you're facing a slightly aged payment terminal with also corroded contacts, your card gets rejected no matter what you do.
So from my view, NFC in phone has two things going for it: it can be toggled on and off, effectively preventing drive-by cardjacking; and it is better protected from elements.
The fact that I have other personal reservations about contactless payments is different matter altogether.
Oh that's so not true. I keep my cards in my pocket and I already had to replace a few due to the fact that they wouldn't be recognized at terminals anymore. And I am a huge supported of chip+pin.
Though I agree with the lack of security offered by a signature, that method of payment is basically offered everywhere in the US. Compared to Canada its uncommon to be asked for a 5 dollar minimum purchase or a 50 cent surcharge for a credit card transaction. Furthermore, the credit limits in Canada seemed downright restrictive.
Say whatever about the security of credit cards in the US but as a consumer the product is much more compelling. I can go almost anywhere, rarely pay extra fees and easily spend all of my own money. Furthermore, why would I care about a signature? Yes its antiquated but who cares if its never used, I can charge back fraudulent charges pain free in the US which has not been my experience in Canada.
Basically, I think the user experience of paying money is really important, but chip and pin doesn't solve that problem.
Credit limits in Canada start out restrictive, yes, though I've generally found that if you ask for a higher limit, they will generally grant it. I've had good credit though. That probably makes a difference.
I've been lucky enough to never need to do a chargeback in Canada or the US. Maybe it's not easy in Canada.
That said, I don't think we will ever live in a cash-less world. There are too many merchants for whom any technology is too much. Also, a lot of merchants don't want to pay credit card processing fees (which I expect don't go away with this system) and still others like to cheat on their taxes and running a cash business makes that easier.
Apple use HTTP Live Streaming for their live streams. This is an open technology they are trying to get adopted more widely (RFC: http://tools.ietf.org/html/draft-pantos-http-live-streaming-...). Currently, HLS is not implemented by Chrome or other browsers, in part because Google are pushing a competing standard (http://en.wikipedia.org/wiki/Dynamic_Adaptive_Streaming_over...).
I'm not sure it's clear cut if one is better than the other. I've used HLS and implemented a toy HLS server, and can say anecdotally that it was easy to use and quite a nice standard, although not brilliantly implemented by clients so far. Because of this, I understand why Apple continue to push HLS, and why Google continue to push DASH, and why neither will implement the other's technology in their browsers.
Edit: Just to be clear, it is really interesting and appreciate your comment, but it's still silly for Apple to limit their advertisements to Apple users.
Re the iphone I think it'll use the same NFC terminal I just paid for my coffee with at Pret. Being able to wave a phone rather than my bank card is a bit ho hum. I guess for sums over £20 I could use my finger print rather than having to enter the pin as one does at the moment. The advantage seems a bit marginal.
The point about it getting lost is actually worse for a phone. You can also lose your smartphone. Losing your phone is a greater risk than losing the minimal amount of cash you carry on you. Think about it, if you don't have a password on your phone or you do and someone gets in, how much data are you exposing? Facebook, mass messaging all contacts, Banking, App stores, Email, the list goes on and on.
Not to mention you're phones likely in a contract and you hold a few hundred dollar balance remaining on the item itself.
The problem with any technology is that even though we put our best foot forward, there will always be bugs and glitches. Cash, always, just works.
Really? I've found that processing machines can tend to take a while. Some of them are also super slow for no reason (and if you don't go at their pace they force you to restart the transaction).
I applaud Apple for trying to make transactions safer, but
I honestly don't even trust Apple(never gave them the family
credit card for ITunes). By the way; I hardly ever use ITunes anymore. I couldn't be the only one? I'm surprised
ITunes doesn't have more competition by now--a good alternative?
I agree with the psychological effect of spending cash compared to a card (digits don't mean as much as handing over a bunch of paper), but things like IC cards are great for people who hate fidgeting with change (this is especially bad in places like Europe/Japan where a handful of change can end up being over $20).
And it's not like cash has disappeared. This is one more option.
If you're going to make negative comments like that, it would be helpful if you were to offer some kind of alternative and why it's better.
I'm very hopeful that we will be able to reverse this trend as I see decentralization efforts everywhere (internet to press, 3d printing to manufacturing, bitcoin to currency, blockchain to public ledger, photovoltaics for power, etc).
All the gas stations give 10c/gal, my credit card gives 5%. at 3$+/gal I'm at 15c/gal.
What does this actually mean?
edit: getting downvoted like a champ. The Cult is strong with HN.
It's a serious question -- what does this sort of talk actually mean? What would "subscribing to The Cult of Apple" mean in this situation? Using Apple Pay? Believing it will succeed? What?
I'm sorry... what? How is this different from Google making Google Wallet back in 2011? They both use the same tech (PayPass, an industry standard), and both are made by an OS company.
Google only partnered with MasterCard, and only released in a limited number of handsets (they were all Nexus if I remember correctly). Apple partnered with Visa, MasterCard and AmEx ahead of time, as well as a dozen or so merchants, so that anyone who gets an iPhone 6 can actually use ApplePay nearly immediately without jumping through hoops or hoping they have the right handset. At least that's what I read as "broad, inclusive."
For what it's worth, I tried using GWallet when it came to my Nexus S years ago, and got the strangest look from the guy at the convenience store when I held my phone to the reader and the register marked the transaction as complete. Just because Google was first by no means did it right or best, as evidenced through us not all walking around with Androids paying for things.
Even if they do it better, that doesn't mean they're the first.
Not even Steve Cook has a reality distortion field strong enough to pull that one off.
Android is a popular operating system. Android made payments a platform service. Therefore, that sentence is blatantly false.
I'd also say that the only thing that may stop Apple Pay from being a business failure is that it's Apple doing it this time (even tho, frankly, their UI looks significantly worse than Google Wallet, and has far less functionality, and Google Wallet is no longer impeded by the carriers)...
But that's not what the article section i quoted was talking about. It just made an unqualified claim "this is the first time an OS maker has made a payments product for the physical world"
but the bigger point: you're quibbling over the first of three points i made in an aside (the other two being that google wallet has way more features, and that google wallet is now not blocked from being on Verizon et al). The larger point is that the article saying that this is the first OS to have a payments solution is... very strange.
Bad android sales doesn't affect Google. Bad iPhone sales would tank Apple.
So if the last section of the article is correct that means ApplePay will be compatible with Mastercard PayPass terminals?
If this is true it would be really easy to roll out ApplePay as for example in Switzerland most terminals are PayPass ready.
However, POS software is not at all standardized. You'd likely end up rolling out support for one POS platform at a time. They'll have the hardware you need to support ApplePay, but the rest of the work is probably tricky.
tl;dr POS software systems that accept PayPass can change their software to accept ApplePay.
"Once authorized by the user with Touch ID, your app receives a payment token from PassKit.
The payment token encapsulates the information needed to complete a payment transaction. It
includes a cryptogram, unique to the specific purchase, that can be decrypted with your private
key or when the payment information is transmitted to a payment processor’s server that has
your private key.
Figure 2 illustrates a typical payment flow. First the app checks that it can offer Apple Pay as a
payment method. In this example, the app needs the postal code from the selected shipping
address to calculate shipping cost and update the total amount due. When the user authorizes
payment, your app receives a payment token from the Secure Element, via PassKit.
Finally the app calls appropriate APIs in the payment processor SDK to pass the payment
information to the payment processor, they process the transaction. "
Pg 4. - The payment flow. You are asking about the payment provider. They need an SDK or API from Apple whether it's a POS terminal, or mobile device. Once they implement it they can theoretically accept payments. But will Apple allow this?
Anyone can be become a merchant with a PayPass reader today. Apple Pay is not changing that, nor can it since that sector is entirely dependent on local commerce/finance laws and payment processor anti-fraud costs.
Because in the physical world the friction is not "oh I need a card" it's physically getting the customer in the door. Otherwise, what's involved is needing merchants to have NFC readers. This might be an exciting new thing in the US, but certainly in my neck of the woods NFC has near universal penetration.
In the virtual world...this problem has been solved over and over and over. I'd argue it would be very surprising to see Apple displace Paypal. Everyone has Paypal - very few people (relatively) will have ApplePay.
Today Paypal has something like 150 million users worldwide while there are 72 million iPhone users in the United States alone. Presumably all of these people will eventually upgrade to an iPhone supporting ApplePay.
Moreover, there's almost certainly >50% overlap between iPhone user/Paypal user/other service user.
I'll never forget the day they held a gun to my head and made me buy my first iPod.
Just so I get the terminology right though, when you register a card within itunes Apple is forcing you to do so, but when you register it with Google Play, Google is reluctantly allowing you to do it. Did I get that right?
Google Play does not ask for a credit card unless you actually make a purchase.
What is this? I've never seen this before. Loading (and reloading) pages from this domain prompts this popup.
I have a hunch that Apple might not be making any money at all off of Apple Pay. Apple operates their business very differently than many tech companies. The vast majority of Apple's profit comes from the ridiculously high margins on their hardware. They develop services to increase the capability of the hardware platform; and any money resulting from the operation of those services is secondary.
When Apple initially released the iTunes store, they operated it at a loss. The entire iTunes store and all the payment systems, etc. that go along with it were built in order to sell iPods.
There's a very real possibility that Apple looked at the mobile payment market and said "Shit, there are way too many entrenched interests for us to insert ourselves in the value chain and take a cut. But having a superior mobile payment system will help us sell more iPhones, so we'll do it anyway." Those entrenched interests are what have kept every other mobile payment company from making a real dent in the overall payments ecosystem. Unlike with iTunes where Apple made demands about how the store had to function, they placated the industry while coming up with a solution that worked for both end users and the industry players. We'll see if it catches on, but I expect it will.
I am not saying you are wrong, but could we see a source for that please? I always assumed that no matter what they do, the profit margin on hardware cannot be THAT large, because the costs of R&D and marketing for apple devices must be huge(they ship with their own in-house developed operating system,after all), so I always assumed that Apple makes most money off platforms like iTunes, not hardware profits. I would be very happy to be proven wrong though.
As a percentage of revenue, Apple's operating expenses (which include R&D and the operation of the Apple stores, servers, etc.) are pretty low -- less than 10%.
All of this info comes from Apple's 10-K: http://investor.apple.com/secfiling.cfm?filingID=1193125-13-...
- it breaks more easily and wears out quicker than a card
- you can't lend it to a friend to have him buy stuff for you ( i don't have a pass id iphone so maybe i'm wrong on this one)
- it gets stolen more often because it has intrisic value ( and a big one for the iphone)
- if it gets stolen, how are you going to call your bank to disable it ?
Plus, retrieving fingerprints from a stolen iphone was demonstrated last year and seems pretty easy. Now that iphones will be used to pay, you can expect criminals to get very familiar with the technic very fast.
I don't know about you, but personally I use my phone far more all of my credit cards combined on a daily basis. Is pulling out my phone to process a transaction going to add additional ware to it? Probably not. It's most likely out already from me using it while waiting in line.
- If your iPhone gets stolen then you deactivate it via Apple's existing Find My Phone feature. Deactivating your device will block payments but you won't have to talk to your bank nor will you have to get the cards themselves replaced.
- You can use a password instead of the thumbprint to pay. So you could indeed lend your phone and password to somebody for them to buy things for you. Or you could just reimburse your friend for whatever they purchased.
- People already have a working smartphone on their person at nearly all times, I don't see how "wearing out more easily" is much of a critique. Nobody is suggesting that once somebody starts using ApplePay they destroy the corresponding physical card.
Not really, if you can't activate it.
You'll go to icloud.com and deactivate it yourself.
2) that's not allowed by your existing cardholder agreements anyway, but if you need to do so, just give your friend your actual card
3) Demonstrably false - my CC has been replaced by my bank multiple times due to large data breaches, but my iPhone has never been stolen
4) you don't - you use Find My iPhone to disable it and your original card still works because your phone has been using tokens and one-time crypto for transactions.
#4) You call your bank and they don't allow that token to be used anymore, pretty simple really.
You don't even have to change cards because all they got was the token, which can only be used where you authorized it, once. So if someone gets the token it's pretty useless.
If it takes place per transaction then the PAN must be saved in the phone somewhere and the phone would have to be online to do the tokenization in real-time.
If it is a one-time tokenization that happens when the card is added isn't that token just as valulable as the PAN since the token can be used across merchants? Maybe the 3-D secure piece of the puzzle protects the token but I think this still means the phone has to be on-line to use the NFC payment feature.
That chip, with its unlimited-use token then generates one-time tokens which are sent over the payment network.
In theory the chip could issue an arbitrary number of tokens if criminals got ahold of it. But in practice, it stores a little bit of the data it needs to make a token in the neighboring TouchID chip, which operates on essentially the same principle (stores fingerprint data and missing payment data in secure hardware location, only lets it out if fingerprint sensor looks good).
To summarize you have to steal both the phone (or both chips anyway) plus the fingerprint information so the chips are useful. But wait, you say--I did steal the fingerprint data! The user left fingerprints on the back of the phone!
Well, you've got me there. But hopefully by the time your very sophisticated gang of gloved thieves has bagged and dusted your phone for prints, you've made your way to iCloud.com and revoked the phone's forever-time token, so all future one-time tokens will be considered invalid.
Keep in mind, the standard being replaced here is one where you carry all your payment information around in your pocket in plaintext. This scheme is a massive improvement on that. There's an old saying that seems relevant here: I don't have to outrun the bear, I have to outrun you. There's tremendous amount of value in being marginally safer than the next guy.
The token is stored in the secure element but is generated by the Token Service Provider (for example Visa Token Service).
After reading the EVM token spec linked in the post and the developer guide I think I'm able to answer my own question.
The card is only tokenized once (or at least not per-transaction). For in-app purchases it is using 3-D Secure and for NFC is it using EMV, both of which provide some per-transaction security. Unlike a standard card the token will only work with 3-D Secure or EMV. For example a standard Chip&Pin card could still have it's mag-strip data extracted by a malicious POS system and used at a merchant that only uses magstripe terminals. With Apple Pay (and any other network token based system) a copied token would be worthless because it can't be used at a magstripe terminal.
Basically the phone is acting both as an automated 3-D secure checkout (it is processed by the processors just like 3-D secure but the authentication process is automated) and as a contactless EMV card without the downside of also having a magstrip with the PAN on it.
If they do, they would get more sales. More people wielding compatible phones would also drive adoption. (Think of how Discover used to be made fun of on Family Guy, but now almost everywhere will take it)
I personally think that will be the tipping point to getting a critical mass of users - making sure it's cross platform.
In Denmark a large number of banks would present you with a Java applet on the 3DSecure page, that's not really going to work on the iPhone.
If the internet was invented today, we would have AppleMail instead of email and GoogleTrans instead of http.