Apple ventures into FinTech with Apple Pay
Apple have entered the mobile payment platform game with Apple Pay, a mobile wallet that lets you checkout without using an actual card. We take a look at the technical details behind the FinTech platform.
Apple has entered the FinTech arena and recently launched their mobile payment platform Apple Pay, the payment system that allows users to tap their iPhone 6 or iPhone 6 Plus on any contactless payment terminal in order to pay in store. Users load their credit card information onto a secure part of the phone for their tap on payments to work.
In the U.S., more than 200,000 self service stations across the country such as parking and vending machines will gain compatibility with Apple Pay, thanks to support from USA Technologies Inc. On top of this, Western Union have also begun accepting money transfers and bill payments via Apple Pay, taking the platform’s usage and availability to higher ground.
The first question that people might have about this kind of FinTech technology would concern its security – what are the guts of the system and how is credit card information kept secure? To make one thing clear, no credit card data – even in encrypted form – is ever stored on an iPhone or on Apple’s servers. Similarly, no credit card data is ever transmitted to or stored on a merchant’s servers.
When a user signs up for Apple Pay via their iTunes account, the card information is immediately encrypted and sent securely to the credit card network required. Once the credit card has been confirmed as valid, a token is sent back to the device and safely stored within the iPhone’s Secure Element. This token is known as a unique Device Account Number.
By employing payment tokenisation, Apple Pay replaces a valid credit card number with a unique 16-digit number that is ultimately useless outside of the software. While the last four digits of both the valid credit card number and unique 16-digit code are identical, the new code, or token, is worthless on its own and cannot be decrypted.
The token is also bound to the phone being used, which prohibits its use on any other device.
Touch ID and cryptograms
As an additional security measure, completing a token-based transaction from a mobile device requires a form of personal authentication, which Apple Pay can satisfy via the Touch ID technology that is standard for all iPhone 6, 6 Plus, iPad Air 2 and iPad Mini 3 devices.
The platform also uses cryptograms together with a dynamically generated CVV to complete transactions and deliver a one-time use digital signature, which verifies that the token in transit originated from the device being used. The cryptogram includes pertinent transaction data such as the identity of the merchant and how much is being charged, thus is crucial to the process.
Is security still an issue?
While this secure payment technology sounds like the way forward for FinTech, Chris Mills has questioned the supposed ‘fix’ that Apple Pay provides, by noting a flaw in the process that lies in the credit card system itself. In this scenario, Apple Pay plays the victim and the guilty party in the process.
For criminals who steal credit card numbers, or the fraudsters who buy them online, Mills says there is nothing to stop them from “loading those same numbers into Apple Pay, in essence making themselves a handy fake credit card, without going to the trouble of making a physical fake.” While these acts are out of Apple’s control, the second issue is specific to Apple Pay:
In short, banks aren’t taking the proper measures to ensure that the credit card owner is the one using the credit card in Apple Pay… While there’s obviously not a lot that can be done about stolen credit card numbers, banks *should* be able to fix their authentication system to make Apple Pay less fraud-ridden in the short run.
The authentication system that Mills refers to used by most banks is a phone call, which has been labelled as “woefully inaccurate”.
A game-changing service
Apple’s entry into FinTech has been seen as game-changing by some who believe their service will transform consumer behaviour. For Bernard Lunn, the combination of the following three elements will ensure that waving your phone at checkout will feel pretty normal in the not-too-distant future:
- Apple gets the user experience right
- Apple is a trusted brand
- Apple has the clout to get partners on board
Will this kind of FinTech investment give Apple the edge over its competitors? Samsung have recently released their own mobile payment platform, and the rest of the industry are waiting to see what Google will pull out of its hat.