Last year in my Perspectives On Management class, Bill Clerico, co-founder of WePay, said physical payments will soon become obsolete and that at some point, people won’t have to carry around credit cards or cash with them. He stated that it is still barbaric that in restaurants people give a waiter or waitress their credit card to walk away with for several minutes. These restaurant employees have the power to take the credit card information with ease. However, with the rise of new technologies, payments and other physical transactions have become more seamless and safer than ever before. Apple and their Apple Wallet platform have dominated this space and are leading the charge towards a secure card-less and contact-less payment norm.
Apple Wallet is a feature on the iPhone and Apple Watch that allows users to store their credit and debit cards, plane tickets, concert tickets, rewards cards and even now student ID’s among other things for immediate use when they are scanned. Juniper Research forecasts that by 2020, roughly 450 million people will be using contactless payment systems. In 2018 alone, contactless payments surpassed $1 trillion for the first time ever. Juniper also forecasts that half of those users will be on the Apple Pay platform. That being said, it is clear that Apple is dominating the space through its seamless integration and other sticky features that enables it to be the world’s leader in contactless payments.
Apple Pay has a variety of features that makes it so effective, efficient, and secure in purchasing through apps, stores, and on the web. It also enables people to pay their friends and family through messages, all without any cash or cards changing hands. What makes Apple Pay so secure are the several safety measures put into place to ensure that a users personal payment data cannot be breached. First, Apple Pay assigns a device specific number and unique transaction code for every purchase. By doing so, Apple Pay never stores a user’s credit card information on the Apple servers or even on the user’s iPhone. Additionally, these features enable Apple Pay to complete a transaction without ever giving the merchant access to the user’s credit card number.
Although this secure transaction appears to be simple, it requires a complex back-end process to enable Apple to never store the card number or give it to the merchants. The way this process works is as follows: When an iPhone user signs up for Apple Pay, they are prompted to enter their credit or debit card information. Upon entering this information, it is immediately encrypted and securely sent to the users credit card network where it is validated. If the encrypted card information is deemed valid, then a token is sent back to the iPhone and stored within its Secure Element. The Secure Element is a platform capable of securely hosting applications, confidential information, and cryptographic data. The token that is sent back is a random 16-digit number that resembles a credit card number but is valueless. It serves as a place holder for the actual credit card information and has the same last 4-digits as the actual credit card. Tokens are extremely secure and valueless for several reasons. First, the tokens themselves and their number combination cannot execute a transaction on their own, it is basically an inactive credit card number. Next, the token numbers are not mathematically encrypted, but are instead random, so nobody would be able to decrypt or reverse engineer the token number to discover the real credit card information. Also, only the token issuer can map the token back to the actual credit card information. And because in Apple Pay’s case the credit card network is the token issuer, the credit card information never leaves the user’s credit card data networks.
So what happens internally when an actual transaction is made? Upon paying for a product, Apple Pay sends the token to the merchant, then the merchant sends the token to the credit card network. The network then maps the token to the actual credit card number to which the credit card network contacts the bank for authorization. If the card number is approved, then the bank sends the card information back down the line of authentication factors and allows the transaction to proceed. By using this token technology, Apple eliminates the risk of credit card attacks such as fraud and credit card skimming because no credit card number is ever present.
Apple Pay’s security does not stop there. Token transactions on mobile devices require authentication, and that’s where Apple’s Touch ID and facial recognition comes into play. When an Apple Pay transaction is made, Apple creates a CVV and a cryptogram. The CVV is like the three digit number on the back of your credit card, but in this case, is a dynamically generated three digit number attached to the token. The cryptogram is a one time use digital signature that uniquely identifies the device that created the token, however, most of the cryptogram features at Apple or not public knowledge. The cryptogram ensures that the token can only be used from the device in which it was initially created. That being said, it is evident that Apple Pay is securing its payments through its use of tokens and the tokens’ authentication features.
It is no question that Apple is changing the way society makes payments. With these technologies, Apple Pay customers can make secure payments across their different applications, websites, and other merchants without having to worry about their credit card information being stolen. Apple Pay is dominating the United States, however, since Android phones are the primary phone used in international countries, Apple must make strategic advancements in their technology to surpass Android’s secure payment technology and grow their international market share.
Now that Apple has successfully created a secure payment platform for its users, it will be interesting to see how Apple attacks the restaurant industry, where credit cards and cash are still changing hands in an extremely non-secure way. Once Apple successfully integrates this technology into the restaurant industry, this will make Apple Pay as well as the iPhone even more sticky than it already is for society and its users.