UK banks prepare for Apple Pay 'invasion', look to slap on bonking protection Apple's attempt to launch its NFC payment solution in the UK could be thwarted by some financial institutions' concerns over privacy and security issues surrounding Cupertino's "invasion" of the banking industry. The system, which has been developed with the credit card companies, has been tried by two million iPhone 6 users …
"...Airing concerns about security, money laundering and financing of terrorism is a standard tactic employed by the banks..."
Hence the recent humomgous settlements paid by HSBC and others to the US regulatory authorities for dealings with massive sums of drug money, financial dealings with terrorist-sponsoring states, and myriad other skullduggeries.
Concerned - but mainly about how much they can make from it, it seems.
1) "... banks concerns over privacy ..."
2) "... a beachhead for an invasion of the banking industry ..."
Point 1 is not the customer's privacy that the banks are concerned with. It's the details of the ways in which customers tend to interact with the banks. The banks regard this as their private information. It's point 2 that the banks are worried about.
Banks are not filling up their pockets as they used to, so get ready for more of the hoopla from the banks. Probably voe days for the banks with stiff competition as the payment industry enters new era. Yelling, weeping, crying out foul is not going to help the banks.
Another report about this had Apple saying that privacy etc isn't an issue, as the transaction only involves the customer, the retailer and the bank.
In which case, how do Apple justify taking any commission, even if it's 0.15%? Surely any costs to Apple should be paid by a one-off fee to purchase some form of App?
It's a bummer though? Who do I generally trust less? The banks or Apple? That's a hard one.
Who do I trust less when it comes to data security? - that's easy, Apple.
Where does Apple fit in? Look at recent massive security breaches, like 76 million credit card numbers stolen from one major US retailer alone. With Apple Pay, nobody involved ever learns your credit card number. As a result, no credit card numbers can be stolen. And since the biggest cause of money loss is using stolen credit card numbers for online purchases, every time Apple Pay is used one such scam is prevented. That's why the US banks are paying Apple quite willingly. And it's not as if this isn't widely known by now.
And I'd be curious to know why you wouldn't trust Apple with data security.
On your second point apple had to build a secure element into the iphone to hold the payment app (along with the secure keys), plus they also have to build some of the infrastructure to support setting up the payment app.
The payment itself is between the phone and the merchant which then gets authorised through the scheme by the issuer of the card (or token in the case of the bonking applet).
It's apple at the end of the day and they will charge what the issuers are prepared to pay. The issuers dont have to play with Apple, they can build their own secure application/infrastrure (like the telco's tried to do).
I'm not sure Apple is accepting any liability, do you have a source?
Apple worked very closely with the banks to develop the secure element, with the understanding it would be the banks' IP, and I've heard the banks will eventually require its inclusion in any phone allowed to make EMV payments. So don't be surprised to see it included in Android phones next year (though it may be called something different) Maybe the 0.15% was quid pro quo for that help, or the licensing of patents that were used in its development. Presumably the banks believed Apple's help would push EMV adoption, which is something that will reduce the banks' costs.
Anyway, it comes down the fact that Apple gets 0.15% because that's what the banks were willing to give them.
"In which case, how do Apple justify taking any commission, even if it's 0.15%? "
I don't know what is like in the UK, but in US/Can the credit card processors take at least 10 times that, or 1.5% to handle a transaction. And if you are a small, less well known merchant, it is usually 2.5% or more. They just take it from the merchant as a "discount fee". As long as the merchant doesn't think themselves as being big enough to launch their own payment system as CVS and Rite-Aid think they can, 0.15% is very merchant friendly.
The real companies under threat here are Visa and MasterCard. And they are both completely embedded into the banking industry.
You misunderstand. The retailer is paying the same commission they pay normally when you pay with Apple Pay. The 0.15% Apple gets is out of the bank commission of 1-3% (exact amount depends on various factors)
If retailers were only paying 0.15% they'd be going for Apple Pay in droves, and the banks would not only have not worked with Apple on it, they'd be doing whatever they could to torpedo it as it would take billions a year off their profits.
Seriously? The banks are constantly being broken into. Some aid criminal organizations by laundering money. Both American and British banks have been caught doing that, though is seems to be a British speciality.
The only real thing you can point to with Apple is the somewhat false notion that they were broken into concerning some celebrity accounts, which was a result of robo password breaking, now fixed.
Apple Pay has been explained by third parties as being very secure. Apple has nothing to do with the payments themselves. Unlike Google Wallet, where all information passes through Google, nothing passes through Apple.
Apple has agreed, as has been mentioned already, to assume all fraud costs. As American Express has stated, this .15% transaction cost will be less than the cost of the fraud they are paying now. It's expected that fraud will be very low to nonexistent with Apple Pay.
" If customers wish to use another card, they can photograph the card with the phone’s camera."
Great, but I hope there are some additional steps to it, like Paypal or Steam does it (having a tiny amount drawn from the card, which you need to verify by entering the exact amount or a code from the bank statement).
Your bank sends a verification code to you via various means before they let you use Apple Pay. The banks use their own security systems to make sure it's a kosher registration. Photographing the card using the phone's camera is just a convenience measure. You can use the camera to similarly scan iTunes gift cards, rather than typing in a long number.
AFAIK, cards that are already registered for iTunes payments are already verified by your bank.
Works very well.
I'm back in blighty for a while having lived the last few years stateside and when I picked up an iPhone 6 here it noticed that the card on file with iTunes was a Wells Fargo one and would I like to add it. I then had to log into the Wells Fargo online banking and confirm that I did indeed want to grant iTunes the ability to use this card for iPay and it was all done in about 10 mins.
Works very well over here (Greggs, Boots, Sainsburys...anywhere that the contactless payments thing is shown it would seem). The killer for it will be the 20quid limit they arbitrarily set. Stateside I can wander into BestBuy and spend as much money as I have with the phone, I find the limit somewhat curious and pointless (although I assume it's rooted in the banks not wanting to let anyone in on those juicy high value transactions (or a percentage thereof)).
I would assume this is old hat to those with a 'droid mobile, given there have been NFC chips in those phones forever...
Do Apple have any plans to allow one to add other NFC cards to the passbook thing? would be nice to get my oyster card/Reading bus ticket in there so all I need for my day to day stuff is the telephone...
Yes, you have to go through a separate approval process with your bank. Some banks use SMS, some require you to call in, others use email. And since the transactions can be traced back to a specific mobile device, it should discourage fraud. I suppose you could use an iPhone as a burner, but it would be an expensive burner.
A good friend of mine has been a coin collector for decades.
The quality of coins from the Royal Mint has, he said, depreciated and if you send a proof coin back to them as being below par, (BU standard) and they disagree with you, then they shove the onus of proof on to you. I believe they've reduced the number of strikes on proof coins, or something. He did tell me all about it.
He also saw loads of commemorative coins being released to try and encourage people to collect coins, but the shear number and value of them would cost an average new collector a small fortune. In his opinion, they've flooded the market and, from what I've seen, I think he's got a very valid point.
So, well, I guess I'll stick with the paper ... ahem... plastic stuff then.
This is a blog post I wrote a while ago, based on what he told me ... http://msknight.com/loas/?p=282
Mattress? for storage
Cash? Chicken bones? Nose rings? for payments
It will not be apple, for either, ever.
Others are welcome to their own position; for the moment it is still a free - ish world and would do nothing to limit those with the desire using apple if they so wish
Maybe you should try posting humour, then it doesn't need a joke icon. You just posted "wouldn't it be funny if Apple did something that showed huge contempt for every potential customer and drive them away, and which would at the same time be immensely stupid because it would drive away more than 90% of their existing customers away as well". What's funny about that?
And "posted by an anonymous Apple leaker" - how would you know this was an Apple employee if the person was anonymous? Or was that a "joke" as well?
I would suspect that the banks' real objection is that somebody actually wants to offer these things to their customers. I don't know about the UK, but in the US they all sell data on their customers and make nice piles of overdraft, late payment, and credit limit exceeded fees if your accounts are breached.
I know that people here love to bitch and moan about Apple's expensive offerings, but at the end of the day they understand that what they sell is the product - not their customers' data. As opposed to the banks, Google, etc.
apart from the fact they could do evil with it, next they will set up an Apple credit bureau. Along with health, Apple has a lot of data to sell.
Coming soon ... walk by CC data theft. Or even by 'bumping' someone whilst making a call and getting credit approval info.
Well, Apple has claimed very loudly in public that they don't have access to your credit card details. It's hidden a way in some chip that nobody has access to. (The exception is if you use the credit card that you use for the App Store, then Apple as a retailer has your credit card information).
Since they made this claim very loudly in public, if Apple _could_ "do evil" with your data (normally that term is associated with Google), that would be the mother of all lawsuits hitting Apple. I don't know if you read anything about Apple Pay, but the whole point is that your credit card information is _never_ accessible to anyone, and Apple Pay can only be used by someone who has your phone and your fingers.
Not a lot of point in having a card then surely? There's a shedload of well publicised breaches from large and supposedly respected retailers, and plenty of smaller websites and retailers handle data in ways that are distinctly iffy. And almost all (or those processing data on their behalf) will sell it on, whereas Apple specifically state they don't - granted they might be talking bollocks.
Using a card anywhere carries a risk, but as I understand it applepay transactions only exchange a meaningless transaction token, so you're haemorrhaging less data than you would in a conventional CC transaction, and the retailer doesn't get sight of personal details unless they're given in a way unconnected to the payment, presumably voluntarily.
The transactions require authentication by either passcode or fingerprint reader, so the 'walk by' scenario would seem unlikely too, at least in my understanding; conventional NFC payments is a far more likely target.
By all means slag apple because you just don't like them, but I wouldn't harbour any illusions about other uses for a CC being less scammable, and the banks approach to online security (my own bank certainly) and some aspects of payment authentication is completely mickey mouse, far more intent on pushing liability back to the customer than providing any meaningful security.
So why are we still waiting to be able to use Apple Pay in the UK ?? I've been looking forward to be able to use it for ages now! It's a more secure system than anything else available, and is massively more convenient for me than using a card or Barclays rubbish "gloves" or whatever they've developed this week. I would also like to replace or enroll all my cards like TFL Oyster etc on my iPhone and have done with it. At least then if I lose it, it's more secure than my cards being stolen, it's fully encrypted and I can remotely wipe it. Why are the banks even allowed to drag their feet on this to try and derail it when it is massively in the consumer's interest?!?
The banks have to do some work for that. It actually works already if you have a US credit card, as some Americans visiting the UK have tried. When you use your credit card, it sends a message "this is robin's credit card" to the terminal. Which is then sent to your bank, they check it, and payment is made. With Apple Pay, the phone sends something like "this is Apple Pay magical card 39fj9212^51238*" to the terminal. Which sends it to the bank, and the bank has to check it, figure out that it's _your_ bank account behind it, and make the payment. Several US banks have done this, UK banks haven't.
I also hear that the usual limit of £20 is built into the terminals, so they might want to change that in the terminals to allow higher purchases with Apple Pay than with a credit card.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
