The Verge has buried the lede here: major retailers are banding together to compete with Apple Pay, with their own system made out of QR codes and direct access to your checking account. Given the security track record of US retail the past few years, one might wonder what could possibly go wrong.
Given the anti-competitive nature of this move, combined with the massive market power of those involved, I think the DOJ might take some action here. "Let's band together to crush our competitors and ensure the success of our own product" is generally illegal under US law. As a consumer, this is actually pretty upsetting, and I would be in favor of legal action. This doesn't just affect Apple Pay - it affects all contactless payments. I quite often use(d) my contactless debit card at CVS.
All of this to promote a payment system that literally has a 0% chance of success. As noted in the parent comment, given the history of major retailer data breaches, no one in their right mind is giving these people their checking account information. It's just not going to happen.
> All of this to promote a payment system that literally has a 0% chance of success.
I don't think so. If retailers choose to not support a system then the system itself is kinda doom because this system was made for retailers.
The current payment systems are becoming obsolete at a fast pace (faster than I thought anyway). Cryptocurrencies, large chains of retailers rolling up their own payment system, etc.
Just a small comment on security: Most banks suffer serious hacks that you and I never know about it, for obvious reasons. So don't be so sure that banking systems are more secure than retailers.
>I don't think so. If retailers choose to not support a system then the system itself is kinda doom because this system was made for retailers.
I disagree. I think people will just wind up using their standard cards if given no alternatives that are viewed as safe by most people.
>Most banks suffer serious hacks that you and I never know about it, for obvious reasons. So don't be so sure that banking systems are more secure than retailers.
True, but regardless, the banks have won the PR war here. For consumer products, that's really all that matters. When it comes to widespread consumer trust, perception is reality.
Anticompetitive goes both ways, though. Currently, on iOS, there is no NFC API at all; you might be able to accomplish something similar with iBeacon, but you can't replicate Apple Pay's single-touch flow (AFAIK, you'd have to swipe the notification, fingerprint to unlock, and then fingerprint again to confirm payment once the app had launched). Now, Apple is not a monopoly, and admittedly this is all brand new - opening up the secure element would be an implementation challenge, and it's possible that a new extension point will be added for lockscreen NFC handling in a future version, although not adding it would be nothing out of the ordinary for Apple. But the net result, for the time being, is that the retailers' payment system looks essentially doomed from the outset, since it can't compete with Apple's system on Apple devices.
Working by itself, Apple isn't being anti-competitive under US law. Anyone can be as exclusionary as they like on their own. Several of the largest retailers in the country working together to specifically block Apple Pay (and all other contactless payments), in favor of their own payment solution, is clearly anti-competitive behavior under US law.
True. I'm just saying that in a looser ordinary language sense of "anticompetitive", Apple by itself probably brings an amount of market share to bear comparable to these companies together - at least out of all US retailers supporting smartphone payments.
> I'm just saying that in a looser ordinary language sense of "anticompetitive"
I don't think that's a normal definition.
"Today Hoover released their new anti-competitive vacuum". Why is it anti-competitive? "They didn't create a network of 3rd party bag manufacturers on day one."
If they were going out of their way to prevent it (such as when Keurig or the printer companies added DRM to stop clones) that's one thing.
Apple doesn't let you choose a different keyboard manufacturer when you buy a MacBook either. Is that anti-competitive? Amazon's Kindle cases don't work with Nook tablets. Is that anti-competitive?
Security from credit cards isn't really any better, it's just that they established very strong fraud detection mechanisms and have accepted eating the losses from credit card theft as a cost of doing business. When I lose my credit card and someone starts using it to make purchases, so long as I notify my issuer promptly, they absolve me of being responsible for the fraudulent transactions.
So long as this new system accepts that this is a cost of doing business and implements a customer service policy where the risk is spread among all retail participants, this would be competitive with the status quo.
These merchants aren't going to get out of paying fees, but they should be able to reduce those fees to the cost of providing a competitive service to the credit cards. The benefit is that they won't have to also pay higher fees than necessary to get the benefit of the system.
If they provide this basic safety feature, than upgrading security will be a given since it will reduce a major cost on their balance sheet, which is dealing with fraudulent transactions.
Au contraire - security from credit cards IS better than the proposed competition from the retailers, which avoid CC fees by deducting your payment directly from your bank account.
Credit card security is better simply because it doesn't take your money directly -- the charge is added to a credit account that you then pay (or not pay if you dispute it).
While debit cards / bank accounts offer the same protection as credit cards, in that you have 0% liability for fraudulent/unauthorized charges, it still can take a period of time in order to "get your money back" after your account has been drained. That can pose serious problems if you are depending on that money to pay rent and other bills. Thus, the effective security of credit cards is in fact higher, because you are not parted from your money while you are waiting for the dispute resolution.
Sorry to pile on the "you're wrong" argument, but the existing replies don't address the distinction between ApplePay and CurrentC, and yes, ApplePay is more secure. CurrentC provides a central point of failure (and attack, for that matter), since they hold all the account details in their system. Contrast that with ApplePay, which doesn't even use the actual credit card number for the transaction, but instead a device-specific, remotely wipeable, single-origin system. ApplePay is definitely more secure, and I will actively seek out retailers who let me use ApplePay and avoid those that use CurrentC.
Voting with my dollars. Retailers who have success with ApplePay will make no secret about it, and those that aren't using it have to compare their YoY numbers to the published ones of those using ApplePay. Using my credit card as normal doesn't send that message. Not that my spending alone is enough to sway an industry, but if enough people vote with their dollars, the message gets sent.
I guess I was really asking why you, as a consumer, care if a retailer supports ApplePay? Is the checkout experience that much better in your eyes vs an ordinary credit card? Or do you like the added security? Or something else?
All of the above. I don't like carrying my wallet, but I always have my phone, so being able to use it in place of my wallet is something I want. I love the added security - I shopped at each of the major retailers to have a breach in the last year, and got a new debit card issued each time, which is a huge pain the ass. And, in general, it pushes the industry forward, which is good for everyone. If ApplePay gains traction, so will Google Wallet, and Windows Phone will have the road paved to offer NFC-payments.
The credit card servicers aren't eating the losses - they offload these onto the merchants. So retailers are already eating the risk while also paying fees.
They're also getting the benefit of easy and quick payment.
If a big chain tried to go cash and check only, how well do you think that would go over? Even if they included debit cards, my guess is it would be a big problem. I bet shareholders would revolt. The only reason they may get away with this is Apple Pay isn't established yet so there is no perceived 'loss'. Another commenter was right that if Apple pay impacts their growth numbers they may be forced to reconsider.
> So long as this new system accepts that this is a cost of doing business and implements a customer service policy where the risk is spread among all retail participants, this would be competitive with the status quo.
If they do this, then essentially the retailers would be setting up a credit card company of their own. But why would we expect their fees to be lower than the fees from the existing credit card companies?
As I understand it, all the major payment processing companies have their weight behind NFC payments (Visa: paywave, Mastercard: paypass, Amex: expresspay). What's to stop them from all writing into their contracts that if you want to accept payments from our cards you need to accept them via NFC as well? I'm surprised they haven't already.
Even if that happened, all the retailers have to do is push their alternative along until it gets traction. Their will be a cost of acquiring customers, but its in their long term interest to pay that upfront fee. Then once you have two competing systems, there is nothing preventing the POS system from first prompting for payment with CurrentC and then only falling back to Apple Pay and other CC company backed NFC solutions if that fails.
Why would NFC kill payment processing fees? There still fees involved when you use it with your contactless credit card. Apple doesn't ask fees, sure but they still need to pay credit card fees nonetheless.
Seems like an easy retaliation for Google and Apple would be to just block the CurrenC applications from the app stores when they are released. It's very similar to what the retailers are doing by blocking Google Wallet, Apple Pay and paywave by disabling NFC.
Also, I just don't see the banks simply rolling over and losing their beloved credit and debit card fees. They will definitely find ways to make their money (sgentle mentioned through contracts requiring NFC, etc).
I've had a paywave for a while, and have used it at CVS quite a bit. Sort of annoyed it won't work anymore due to this issue.
And giving retailers direct access to your checking account via ACH..uffda.
Yeah, they could do that, and if they do, I honestly hope this whole thing boils down to a standoff where government gets involved and regulates against blocking competitors from markets using app stores. Users should be free to install apps from other sources or other app stores. This is so obviously an anti-trust issue. Security is achievable without gatekeepers, but there has been no innovation in this space because their is a market incentive for abusing the monopoly power of app stores.
Apple or Google don't have to block their apps for it to fail. It's going to fail because it requires customers to give up their credit cards (which many people love because of the benefits) and connect their bank accounts instead. Also the UX of using the app versus Apple Pay will also prevent adoption.
Absolutely. They don't love their credit card companies, but it's crazy how many people (me included) have moved to an almost completely cashless existence.
If you are thinking of Blockchain's app, it was removed because it had major functionality that could be disabled/hidden or enabled remotely. They turned it off and hid it when the app was submitted for review, and then turned it on after the app was approved and went live.
That's a major violation of Apple's rules. You have to show the reviewers the same app that customers are going to get.
There are currently several Bitcoin wallets on the Apple app store. Blockchain's was even allowed back.
The problem is that Apple completely played their hand in the markets they entered in early: music with iTunes and mobile apps with the AppStore.
Now that everyone has seen how much the experience has sucked for many participants in those markets, participants in other markets Apple wants to enter, such as ebooks, movies and tv shows, and now payments, are extremely wary about cooperating. They want Apple's solution, but I don't see any new market playing along unless Apple changes their strategy to one that permits openness and competition as a poison pill in the case that Apple continues to treat its "partners" like shit.
Openness is great because it forces the best solution out there to always compete on being best instead of competing by abusing its market position. No market wants to let Apple establish a strong market position anymore.
They are shutting down NFC terminals so this also impacts Google Wallet and any other method that would use NFC. If they want to use their own implementation, let them, I'll be taking my business elsewhere.
Interesting. Funnily, I don't care either way. With the exception of eating out, entertainment and clothing, all the money I spend is spent online, so none of this impacts me either way.
I work for a retailer that has a card-to-check form of payment already, and I'm required to use that for my discount. I don't love the idea of having my checking account tied to a piece of plastic, but since it stays all in the family (card is only good at the retailer, and the only plastic card is in my wallet), I live with it.
That all said, there's no way I'd introduce a third party to this, well, party, and give direct debit access to my checking account to someone I don't know, who's security practices I don't know, and who's primary form of interaction is a freaking QR code - and I have nothing against QR, but I would never trust this to a single barcode of any kind. And the retailers are all going through all of this effort simply to avoid interchange fees and the impact ApplePay will have on them.
To me, the winner will be whoever balances security with ease of use, and ApplePay is the winner right now (and I say that having used Google Wallet). I use my existing cards and retailers I already go to, so it feels the same, but no actual, useful information is being transferred, so I'm better protected. All transactions show on my statement as if I'd swiped. If retailers shut me out in favor of proprietary systems that require work on my part, I will vote with my dollars and shop elsewhere.
So Appple Pay / Google Wallet is "touch phone to thing, enter password/fingerprint." According to an article [1] on how this competing product works:
"The application can be downloaded for free from the App Store and Google Play Store. Available for both iOS and Android devices, it is designed to ‘simplify and expedite the customer checkout process by applying qualifying offers and coupons, participating merchant rewards, loyalty programs and membership accounts, and offering payment options through the consumer’s selected financial account, all with a single scan.”
"Using CurrentC mobile payments the point-of-sale displays a QR code for the customer to read with their phone.
"The QR code generates the payment token on the smartphone which verifies the shopper’s presence, identity and initiates the transaction between the merchant and the bank.
"The phone connects with the cloud for authorization and sends the approval to the merchant.
Google Wallet and Apple Pay both have special status on their phones.
The CurrentC app will be just another app I assume, and so will be trickier to use than Wallet or Pay. I'm guessing the retailers disabling NFC at the moment are just trying to stall things until CurrentC is ready. i.e., they don't want people to get comfortable using alternatives before they have a chance to launch their app.
Sounds like a perfect way to trigger scrutiny of how the app approval process mixes with anti-competitive actions and maybe even an antitrust investigation.
Edit: (Unfortunately. I find this story utterly infuriating as a consumer who used Apple Pay at CVS just a few days ago.)
I suspect we will see there will be additional criteria for these sort of payment apps with the App Store soon -- which will include criteria about privacy/security at CurrentC will be unwilling or unable to meet.
Maybe they require a percentage of the revenue they earn through the app? Similarly to how they require a portion of the proceeds from web service sign ups via an installed app.
Either way, they'd make it unpleasant because it's their playground they pooped in.
As with Coin, this seems like another rather US-specific situation.
I get the impression that in the US, credit cards are more common than debit cards, and the banks try to keep it that way. Debit cards are also somewhat expensive - customers pay 0.79% on average [1].
In the UK, and i believe in the rest of Europe, everyone uses debit rather than credit cards in shops, and they are much cheaper - interchange fees for debit cards are about 0.2% [2]. Most debit cards these days are also contactless payment devices.
If Apple Pay takes off here, it will be just another contactless payment option. I don't see any great reason for shops, banks, or customers to feel strongly about it.
I'm inclined to agree with you here, but if I may question a couple of your points:
1. Isn't Apple Pay/the tokenization it uses is a whole new ball game? The contactless that currently exists in the UK is only for transactions up to 20 GBP, which presumably won't be the case with Apple Pay. Do we know that merchants will only be charged what they currently are for contactless?
2. Your statement that no one uses credit cards in shops seems anecdotal. Do you have a source? Most people I know in the UK do all their spending on a credit card, for a number of reasons. (Me included; I only use a debit card for the few things that have credit card fees - flights, council tax, ...)
Yeah, not giving Walmart (or its proxy, CurrentC) my bank account number. Sorry. The credit card system creates a buffer between me and vendors, and I like it that way.
You need to give them your checking account access.
You need to somehow show that QR code, the fastest I can think of on iPhone is getting it from location-based Passbook notification, which is still way slower than touching my finger to home button.
Sure, they won't notice me, but, well, Walgreens got a new customer.
The application can be downloaded for free from the App Store and Google Play Store. Available for both iOS and Android devices, it is designed to ‘simplify and expedite the customer checkout process by applying qualifying offers and coupons, participating merchant rewards, loyalty programs and membership accounts, and offering payment options through the consumer’s selected financial account, all with a single scan.”
1.) Using CurrentC mobile payments the point-of-sale displays a QR code for the customer to read with their phone.
2.) The QR code generates the payment token on the smartphone which verifies the shopper’s presence, identity and initiates the transaction between the merchant and the bank.
3.) The phone connects with the cloud for authorization and sends the approval to the merchant.
CurrentC doesn’t support the contactless Near Field Communications (NFC) used by Apple Pay.
That's a lot of steps. Maybe they'll get it right.
That's because Starbucks is giving customers additional value (free drinks, etc.) for using their app instead of a bare credit card. This is the "carrot" form of incentive, as opposed to the "stick" that the other retailers are resorting to. Give customers enough incentive and they'll inconvenience themselves a bit.
Technically there is a carrot here as well as the alternate system includes loyalty cards and coupons.
But I'd rather have my privacy, they want to track what you're buying. The fact there are multiple retailers makes me think they'll want to pool data across chains too.
I've stopped using most loyalty cards because the rewards are terrible. "You picked up a prescription, save $0.15 on Coke this week". "Why would I buy Coke from you at a $3 markup if you offer a $0.15 discount? The grocery store is 20 feet away." Or offering me CHAIN Bucks, which require some weird convoluted procedure to redeem instead of just giving me a straight discount.
Doesn't matter if it changes. They disabled the NFC readers and wouldn't be able to re-enable them without re-enabling Apple Pay since it's based on the industry standard NFC technology.
It's more likely that they're doing this to avoid some significant penalties written into their contracts. It's difficult for me to believe that they're doing this solely out of spite, as it's just not realistic that these merchants are going to stop accepting credit cards altogether for payment (which is really what they'd have to do in order to be consistent with blocking NFC reading for the sake of their bottom lines).
> It's difficult for me to believe that they're doing this solely out of spite
I can believe that. It can't be a coincidence that this is happening right after a competitor to their payment system starts to be used.
Their payment system has two advantages for them: they get data and they get royalties.
Since they're involved they want everyone to start using their new system because then they can collect a little fee on each retailer using the system through patents/licensing. When a customer uses Apple Pay (or Google Wallet, etc.) that doesn't happen.
More important to many stores is the data. Since Apple Pay uses unique IDs they can't track me. But their system is built around tracking people, purchases, and loyalty cards. Possibly across chains of stores. That's very valuable data.
"The problem is that under the terms of their MCX contractual agreement, [the merchants] are not supposed to accept competing mobile payments products like Apple Pay, according to multiple retailers involved with MCX, who spoke on the condition of anonymity. If these retailers break their contracts, they will face steep fines for doing so, these people said."
Exactly. Eventually they will converge and copy the best features. It might take them a while, but app building is a commodity now. If they build a shitty first experience, it will eventually get corrected. For example, look at airlines, it took them a long time to produce a decent experience, but now many of them realize how important design and UX is to their bottom line and have re-written their web interfaces to produce something usable.
Apple describes the security features of Apple Pay (and the security features of iOS and Apple mobile devices in general) in the document "IOS Security October 2014"[1].
Of particular interest:
iPhone 6 includes a separate chip, called the "Secure Element", that is used as part of Apple Pay. Here's how Apple describes this chip:
The Secure Element is an industry-standard, certified
chip running the Java Card platform, which is compliant
with financial industry requirements for electronic payments.
Here is how Apple Pay uses the Secure Element:
The Secure Element hosts a specially designed applet
to manage Apple Pay. It also includes payment
applets certified by the payment networks. Credit or
debit card data is sent from the payment network or
issuing bank encrypted to these payment applets
using keys that are known only to the payment
network and the payment applets' security domain.
This data is stored within these payment applets and
protected using the Secure Element’s security
features. During a transaction, the terminal
communicates directly with the Secure Element
through the Near Field Communication (NFC)
controller on iPhone 6 and iPhone 6 Plus over a
dedicated hardware bus.
The information stored in the Secure Element, which is what is used to actually make payments, is restricted:
Full card numbers are not stored on the device or on
Apple servers. Instead, a unique Device Account
Number is created, encrypted, and then stored in the
Secure Element. This unique Device Account Number is
encrypted in such a way that Apple can’t access
it. The Device Account Number is unique and
different from usual credit or debit card numbers,
your bank can prevent its use on a magnetic stripe
card, over the phone, or on websites. The Device
Account Number in the Secure Element is isolated
from iOS, is never stored on Apple Pay servers, and
is never backed up to iCloud.
The system these retailers want to push, CurrentC, will just be an ordinary app. It will have no access to the Secure Element. Doesn't this considerably limit how secure it can be?
It seems very much like the browser wars of old. I think that soon your NFC payment system on your phone will have to be your choice, and not that of the carrier or manufacturer. Retailers however will always have a choice to accept or not, unless collusion is found that is. When large retailers are the payment system, as is what it seems here, I think they will be forced to accept more than just their own.
I'm wondering why Apple keeps launching in the American market first. Both in mobile and payment the US has been pretty much the most backward and conservative of any of their primary Western and Asian markets.
I'm not sure how this will help, given the issue is retailers turning off the NFC readers. It doesn't matter if it's via a credit card, bitcoin, or Google paying everyone's prescriptions—if the NFC reader is off, transactions ain't going through.
