For those who find carrying around and safeguarding their credit and debit cards a hassle, a hi-tech, easier-to-use alternative is at hand – or so Apple would have us believe.
The world’s most valuable company has extended its mobile wallet service Apple Pay to the UK, making it the first country outside the US to get the facility.
The scheme has the potential to further enrich the tech giant. But, of course, it’s far from being the first to try to popularise a digital wallet, and other rival services are on their way.
Once a user has added their payment card details to the platform, they can buy things in high street stores, restaurants and other real-world locations by using just their iPhone.
To trigger a payment the shopper brings their phone close to one of the contactless readers already used for tap-and-go sales in the UK, and use the handset’s fingerprint sensor to confirm their identity.
There is no need to launch a special app, but the consumer will need to select a different card from the screen before entering their fingerprint if they do not want to use the default option.
Alternatively, if they own an Apple Watch, they can make purchases by holding the wearable up to a reader and double-clicking its side button.
In addition, iPads join the watch and iPhone in being able to buy products from online shops, apps and adverts served up via Apple’s iAd platform.
Are there any restrictions?
Yes. Shoppers require at least one of Apple’s newest devices to get going.
Only the iPhone 6, iPhone 6 Plus and Watch contain near-field communication (NFC) chips, which are required to make contactless payments.
And the iPad Air 2 and iPad Mini 3 are the firm’s only tablets fitted with fingerprint readers, which are needed for online sales.
According to research firm KantarWorldPanel, there are currently 2.9 million Apple Pay compatible devices in use in the UK, although it should be recognised that older handsets can be used if paired with the smartwatch.
Another restriction is that just as tap-and-go card transactions are limited to £20 – rising to £30 in September – the same will be true of Apple Pay at many retailers.
Stores can, however, upgrade their back-end software systems to recognise fingerprint readings as an ID-check alternative to pin codes in order to remove that cap.
Finally, the service is only offered to those aged 13 and above.
Who is going to support it?
The UK’s leading credit card providers – Visa, Mastercard and American Express –have all signed up, and the initial wave of banks and building societies includes Ulster Bank, Nationwide, NatWest, Santander, MBNA and the Royal Bank of Scotland.
HSBC had also been listed as being set to participate as late as Monday evening, but now says it is not quite ready. A spokeswoman denied it had been punished for leaking the launch date over the weekend.
“We’re working hard to bring Apple Pay to HSBC and First Direct customers, and they’ll be able to use it later in July,” she told the BBC.
Halifax, Lloyds, Bank of Scotland and TSB also say they will join “soon”.
What was the biggest hold-out, Barclays, has also revealed it intends to join the platform despite having only just launched three contactless payment devices of its own.
“We are really excited about the launch of Apple Pay and can confirm that we will bring Barclays debit cards and Barclaycard credit cards to Apple Pay in the future,” said a spokesman.
That still leaves the Co-operative Bank uncommitted – it says it is still “actively looking into our future participation”.
As far as participating outlets are concerned, Boots, Lidl, Transport for London and M&S are all being promoted as big-name participants.
But, in truth any organisation – large or small – already using one of the UK’s 410,000 contactless pay terminals should be able to offer it.
What if someone steals or hacks one of your devices?
In theory, your details should still be safe because of the way the system is designed.
Rather than save the original card details on a device, Apple Pay requires each of the banks and payment networks involved to create two new elements:
- a 16-digit token – called a Device Account Number – unique to each piece of kit
- an encryption key, which creates one-use “signatures” called cryptograms. A fresh one is generated for every transaction after a fingerprint is provided
The token and encryption key are installed into a dedicated chip on the devices, which their operating systems cannot access.
To authorise an in-store sale, the device’s token and an associated cryptogram are transmitted via the contactless terminal to the payment provider, who checks they belong together.
Even if a thief did manage to intercept the information, they could not re-use the token without knowing a way to make new matching cryptograms, nor could they reverse-engineer it to reveal the original payment card’s details.
This should protect users – but there are caveats:
- Apple warns users not to “jailbreak” or otherwise modify its iOS operating system
- The card companies are urging users not to let family members or others add their fingerprints to the devices
- Although consumers can put the machines into “lost mode” to suspend Apple Pay, some of the payment firms are insisting they be notified as soon as a device is thought to be missing if the user wants to avoid becoming liable for unauthorised purchases
Does this mean Apple can start tracking people’s payments?
No – or at least not in a way that they can be linked to individual shoppers.
The firm’s privacy statement promises: “Apple Pay doesn’t collect any transaction information that can be tied back to you. Payment transactions are between you, the merchant, and your bank.”
So, while the iPhone’s Passbook app can be used to display the last 10 transactions per card, this information is provided by the payment providers themselves rather than recorded on Apple’s servers.
That does not mean, however, that Apple collects no data at all.
If the user has the “location services” option switched on, the tech firm can anonymously track the time and place a real-world purchase is made.
Similarly, if Apple Pay is used to buy something within an app, the company retains data about the sum spent, when the service was bought and who the merchant was – but not the shopper’s identity.
And if Apple Pay is used to buy something from an iAd promotion, details of the purchase “that can’t be tied” to a specific user are shared with the advertiser.
All of this is potentially commercially useful to Apple.
How else might it benefit?
Once a user has registered with Apple Pay, there have an added incentive to stay within Apple’s ecosystem, helping it sell them more phones, smartwatches and tablets.
Last year, the Financial Times also reported that Apple had convinced the US banks to let it keep a 0.15% cut of each transaction, which comes out of the lenders’ fees. It is not known if it has struck the same deal in the UK.
And a recently published patent suggests Apple is also exploring extending the service to let users send payments to each other, for which it could charge a fee.
But more people use Android than iOS. What about them?
Samsung has announced its top-end handsets will soon offer Samsung Pay in South Korea, the US and Europe.
In addition to using similar NFC-based tech, the facility can also mimic the swipe of a magnetic strip card.
That may prove popular in the US where terminals that accept contactless and chip-and-pin payments are relative rare.
Meanwhile, Google intends to revamp and rebrand its US-only Google Wallet mobile service as Android Pay.
The new version will support the use of fingerprint scanners and also support typed-in passwords or drawn patterns as alternative ID checks.
Both Samsung Pay and Android Pay will adopt similar token-based security system to Apple’s.
Are there other mobile wallet schemes?
In the UK alone, shoppers can use Barclays’ Pingit and PayM to send and receive money by using mobile numbers.
PayPal – already popular for online money transfers – has also been trialled in-store and in-restaurant payments with Gourmet Burger Kitchen and Wagamama among others.
Visa’s V.Me service allows users to store a range of credit card details securely online to help speed up internet purchases.
And on the horizon, a new service called Zapp promises to let older smartphones make bank debit payments in stores belonging to Asda, Sainsbury’s, House of Fraser and Clarks among others.
Read more at http://www.bbc.com/news/technology-33489066