Apple officially launched a TouchID & NFC-based mobile wallet service called Apple Pay that will allow users on newly launched iPhones to buy physical goods and services in the United States.
The service is limited to iPhone 6 and iPhone 6 Plus users only, however Apple mentions that users on older iPhones like iPhone 5, 5c and 5s will be able to make use of this service through the newly launched Apple Watch that is expected to go on sale early next year.
Note that Apple had earlier hinted at an expanded mobile payments strategy for its capacitive fingerprint sensor Touch ID and had opened up the TouchID API to third party developers in June this year. Apple had also filed a patent for a touchless e-wallet in January this year while reportedly laying groundwork for an expanded mobile payment service that includes facilitating payments of physical goods and services from its devices in January this year.
Bank tie-ups: Apple mentions that users can either use the existing credit card present on their iTunes account to the Passbook or add a new credit card by capturing it with the iPhone camera.
The service currently supports credit and debit cards from three major payment networks Amex, MasterCard, and Visa issued by six US banks including Bank of America, Capital One Bank, Chase, Citibank and Wells Fargo that apparently represent 83% of the credit card purchase volume in the country.
Note that Apple probably has the one of the largest, if not the largest active credit card base in the world right now, with most of its 800 million iTunes accounts having a credit card on file, as of April 2014.
Focus on privacy: Addressing potential privacy concerns, Apple senior vice president of Internet Software and Services, Eddy Cue noted that the transaction will be entirely between the user and the bank. Apple will not know what users bought, where they bought it and how much they bought it for. The merchants will also not see the payer’s name or the credit card information.
How it will work is, whenever an user adds a credit or debit card to Apple Play, a unique Device Account Number is assigned to it, rather than storing the actual card numbers. These numbers are apparently then encrypted and securely stored in the Secure Element on the user’s iPhone or Apple Watch.
Each transaction will then be authorized with a one-time unique number using this device account number. Also, instead of using the static card security code, Apple will apparently generate a dynamic security code to securely validate the transaction.
Cue mentions that users can also make use of Apple’s Find My iPhone service to suspend payments just for that device, in case their iPhone is lost or stolen.
Merchants: At launch, Apple claims to have tied up with retailers like Macys, Walgreens, Subway, McDonalds, WholeFoods, Disney (retail stores and Disney World), Bloomingdale’s, Duane Reade, Sephora and Staples among others for this service. The company claims the service will currently work at over 220,000 merchant locations across United States.
Users can also pay for physical goods & services online through mobile apps like Target, Groupon, Uber, Starbucks, MLB and OpenTable among others.
Apple Pay APIs: Developers can also enable purchasing physical goods within their apps through the Passkit framework that will apparently provide APIs for Apple Pay. Along with this, they would also have to setup an account with a payment platform like Stripe, First Data and Cybersource among others. More details on pre-requisites here (pdf).
Charges? Apple mentions that it does not charge users, merchants or developers to use Apple Pay for payments. A source-based Bloomberg report suggests that Apple will collect fees from banks for each transaction.
India? The service will start rolling out next month in the United States and Cue mentions that they are “working hard” to bring it to more countries. It’s not clear whether India features in the list of countries where Apple plans to introduce this service. If it does, it would probably have to change the payment mechanism quite a bit to include the 2-factor authentication in order to remain compliant with RBI’s guidelines.