I understand what you are saying but it would not actually work that way. ApplePay is not a separate app. That's the point. Go into your banking app, look at balances and transfer money around, then just double tap to pay (with ApplePay). Balance shows up in real time (as long as your bank implemented it correctly) right in the app you have open, which would still be the banking app. You never actually have to leave the banking app to use ApplePay. And it is more secure as the tokenization is driven from the secure enclave which no app (including the banking app) has access to. And that one time you do just want to pay without opening any app, you can do that too.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Australian Retailers Back Banks' Right to Negotiate With Apple
- Thread starter MacRumors
- Start date
- Sort by reaction score
I understand what you are saying but it would not actually work that way. ApplePay is not a separate app. That's the point. Go into your banking app, look at balances and transfer money around, then just double tap to pay (with ApplePay). Balance shows up in real time (as long as your bank implemented it correctly) right in the app you have open, which would still be the banking app. You never actually have to leave the banking app to use ApplePay. And it is more secure as the tokenization is driven from the secure enclave which no app (including the banking app) has access to. And that one time you do just want to pay without opening any app, you can do that too.
Well I guess i mistook how it worked, however, my point still stands - The way Apple is doing things currently means I have no option to use my phone for NFC payments, and until the banks or Apple budge, it will be that way.
Apple made the investment in developing their way to extend NFC technology. Why shouldn't they decide how best to reap the rewards of that investment?
Should they just give it away because some butt hurt banking cartel says do?
Banks in general would Line up to use Apple Pay to allow ATM withdrawals if they didn't have to pay a fee for Apple's facilitating the transaction in a much more secure way. But few have because they will wait until the marginal cost of fraud exceeds the marginal cost to implement such upgrades.
Similar rules apply to a bank supporting AP. Until the marginal profit of retaining current transaction fee income - marginal cost of issuing cards, PINs, fraud loss, support, etc., falls below that of the same also minus the AP fees, few banks will sign up for AP.
The only thing that will alter the above is if AP has a wedge in each market that allows customers to defect from their member of the banking cartel. A steady stream of customer loss to a competitor offering AP is perhaps more worrying than paying AP fees because a bank losing a customer will lose all income associated with that customer, perhaps forever, and if they do manage to lure them back, there are costs associated with that as much as there are increased marketing costs to just attract their attention.
Finally, it is likely that the customers that leave are probably very desirable customers in terms of spending patterns as compared to folks using simple debit cards or credit cards. AP users tend to be younger, more affluent, spend more.
These are the types of prime customers banks like to get while young and keep for home and car finance and retirement investments. Losing them over AP, to a competitor that may not offer any other customer benefits, is not really very clever.
Finally, I wonder if Apple offered better rates to the first local bank, or Amex bank, in each market to sign up to create that wedge. If so, it could be that the outside cartel is aware of this and is trying to lever those first mover rates out of Apple by boycotting and seeking approval to pursue collusive negotiations.
The banks are also free to develop their own smart phone and market it.
Not to mention applePay doesn't let retailers track everything you purchase and sell your info to 3rd parties.
INSTEAD, the banks capture all that info and process it however they choose.
By the way, I'm pretty sure it's still easy for merchants who have loyalty or rewards cards to track your purchases by attaching your DAN to your company cards.
Actually that could not be further from the truth. Reality is that once ANZ broke rank and rolled out ApplePay, the other three major AU banks were put under incredible pressure to listen to their customers and roll out the service too. The reason this is all happening now is because they are losing accounts everyday because people are choosing the convenience of ApplePay as they finally have a choice. That scares the heck out of the other three banks.
We have no idea what Apple gets paid, but rumor is in AU the fee is even less than 15 basis points. The increased volume and account opening is covering the cost - it is trivial. Oh no, NAB, Westpac and CommBank are not "chorusing loudly", they are going to the government and begging to negotiate as a group. Which will almost certainly fail as there is no basis to invoke such an extreme measure in AU law.
Apple is in fact not disintermediating the banks. It is actually quite bank friendly and certainly Visa and MC friendly.
Last edited:
This is incorrect. (Not your fault; most early Apple Pay articles were misleading.)
1. There was no extra effort for that. Contactless payments have always been card present.
2. Apple didn't write the EVM applets. Apple is not part of the actual NFC payment transaction.
Of course it requires an app. What do you think pops up when you double-click the home button? Apple's Wallet app. This can be replaced by other wallets if Apple opened NFC.
Actually, your experience could be better and faster if Apple opened NFC. That's the beauty of it.
Done correctly, the correct app could open automatically for the particular store you're at, and automatically use the payment method and loyalty id (if any) that you had registered for that particular merchant.
That would be faster and easier than the current method of having to open Apple's Wallet and pick which card you want to use at that store.
In other words, any store specific argument for "easier" actually argues for opening NFC. Or transportation application etc, for that matter.
Really? Please explain why.
Apple Pay is a separate app. In fact, it's mostly a marketing name laid on top of the EMVCo payment system, which is what rankles banks who would rather have their own brand name foremost.
Apple Pay can also be an API, which is what has to be programmed into apps if they want to use it. It doesn't work by magic.
Nope, tokenization is NOT driven from the device's secure enclave. It's not even driven by the applets in the NFC secure element, which is perhaps the piece you actually meant.
In fact, nothing on the device knows that it's a token. It could be changed to the real account number and Apple Pay would work exactly the same as it does now.
The only part that knows it's a token are the back end systems, who recognize the account as a token and request the real account number from a token service provider who keeps the match in their own database. (Which hopefully will never get hacked.)
--
It's okay to debate which greedy corporation should get the money. It just needs to be done from a factual basis.
Last edited:
For those that don't already know:
Put your locked asleep iPhone near the NFC terminal and your iPhone will auto wake with your card. If your finger was already placed on the home button, it'll also auto scan.
I'm not going to use multiple apps specific to the bank/retailer. If banks/retailers can replace that wallet popup, I don't want it. I don't trust them with my security. BTW, you don't need to double click the home button, it's even easier, see above.
Based on my experience with banks and retailers, no it won't be better and faster.
Done correctly, that's highly unlikely. If it's done correctly, I don't trust banks/retailers with my security.
I'm able to use Apple Pay with city transit in Chicago.
Screw the banks! They don't care about UX.
Apple created the superior UX, they deserve the reward. It's funny that you compare Apple's greediness to a bank.
Put your locked asleep iPhone near the NFC terminal and your iPhone will auto wake with your card. If your finger was already placed on the home button, it'll also auto scan.
I'm not going to use multiple apps specific to the bank/retailer. If banks/retailers can replace that wallet popup, I don't want it. I don't trust them with my security. BTW, you don't need to double click the home button, it's even easier, see above.
Based on my experience with banks and retailers, no it won't be better and faster.
Done correctly, that's highly unlikely. If it's done correctly, I don't trust banks/retailers with my security.
I'm able to use Apple Pay with city transit in Chicago.
Screw the banks! They don't care about UX.
Apple created the superior UX, they deserve the reward. It's funny that you compare Apple's greediness to a bank.
Last edited:
Obviously that's why they want you to have a loyalty/rewards card of some type. At least in the US though some of the big holdouts don't want to implement applePay cause they do lose a lot of info versus a standard card or there own system.
"Australian Retailers Back Banks' Right to Negotiate With Apple"
No, that isn't in question.
What they are after is an exemption to anti-competition law so that they can form a cartel.
It would be just as reasonable for Apple, Samsung, Lenovo... to ask to be allowed to form a cartel to negotiate with one of the Australian banks.
i.e. not at all.
No, that isn't in question.
What they are after is an exemption to anti-competition law so that they can form a cartel.
It would be just as reasonable for Apple, Samsung, Lenovo... to ask to be allowed to form a cartel to negotiate with one of the Australian banks.
i.e. not at all.
You keep repeating this over and over like a broken record so please allow me to do so as well. It may be a marketing name and I believe you've called it a thin UI before as well. Today I opened an ANZ account. Their banking app is junk. Commbank is by far the best app in Australia, but it's still crap. Clearly you're an educated man but struggle to understand how simple Apple Pay is to use. It's more than a thin UI, it's a brilliant UX. No one can argue that fact. Today I saw an elderly gentleman use it and he loves it. Say no more.
I oversimplified. A banking app with direct access to the NFC chip can implement tokenization or not. Totally up to the bank. If they do not implement tokenization, the card number will be stored and transmitted just like a regular NFC contactless payment - which could theoretically allow the interception of a usable cc number.
With ApplePay and the locked down NFC chip on the iPhone, the only way to use the NFC chip is through the ApplePay service. This service enforces the storage of a piece of cryptographic information in the secure element chip. It then uses per transaction tokenization - sending a token and crypto key to the merchant, who forwards it to acquiring bank, who decrypts the token with the cryptographic information (via a switch to the scheme hub (i.e. Visa)).
So no, it can't be changed to the real account number by using a token service provider". In fact this statement makes no sense at all: "The only part that knows it's a token are the back end systems, who recognize the account as a token and request the real account number by using a token service provider who keeps the match in their own database. (Which hopefully will never get hacked.)"
You may be referring to the HCE scheme (Host Card Emulation), which is used by all other devices like Android Pay, Samsung Pay, etc. HCE essentially puts the token in an encrypted HSM in the cloud instead of a local secure enclave. Theoretically easier to hack, but in practice still using per transaction tokenization. In both cases, the actually credit card number is stored nowhere - and I mean no where. So it is not possible to get a usable cc number from a properly implemented HCE or secure enclave.
Last edited:
The merchants lose none of the customers purchase info THEY simply replace the customer's credit card number "attached to the loyalty card" with the bank issued (for ApplePay) DAN (device activation number) - the merchants continue to collect all the info they previously did.
Use the power of the state to force a private company to provide access to its proprietary infrastructure so that they can end run around them and avoid paying them for their work and technology.
Apple should cut you off. Until you realize no one owes you a living.
That's not how it works. Think of the iPhone as a secure version of your bank card linked to the same account (so there's actually no such thing as moving balances since you pay straight from your bank account). As you would tap and pay with a card, you just hold the phone instead. No need to wake the phone, no need to unlock the phone, no need to open any app. It just does it as long as your fingerprint is correct. Can't get anymore convenient than that really.
Apple Wallet is just an app to organise your various cards (link or unlink various bank cards you have). You don't actually need to even bother with it from your day to day use of Apple Pay.
Last edited:
I knew it! This is the smoking gun. This whole kerfuffle has nothing to do with paying a minuscule share to Apple. The banks are colluding with the big retailers in tracking, aggregating and monetising consumer behaviour and data about affluence/buying power, etc. They've turned this into a lucrative side business. ApplePay would rain on that parade, that's why they hate it.
I hope this prompts the ACCC to look closer into the wheelings and dealing between banks and big retailers.
I hope this prompts the ACCC to look closer into the wheelings and dealing between banks and big retailers.
ApplePay is not actually part of the Wallet app. The wallet app manages your cards sure, but when invoking ApplePay, a system level service is being called (sure it is still code, but it is not a containerized app). This does not even matter anyway as I am talking functionally anyway.
When you invoke ApplePay, an overlay comes up over any app you are using and recedes when the transaction is complete. It invokes none of the app paradigms of an app such as showing up in your fast switcher, remaining with a full screen view controller, nothing. Both technically and functionally it is not an app nor does the OS handle it as an app.
And ApplePay is specifically NOT an API. There is no API call available in the Apple developer framework to call ApplePay. That is the whole point. It is not accessible by any third party app and that is what can ensure an end to end path from the secure element to the scheme.
I kind of thought when I started replying you knew a bit about this but pretty much everything you have said is wrong, so I am done here. Don't have time for a payments and app dev lesson anymore.
Last edited:
Everyone is free to debate whether the banks would do a better UI if they had NFC access. Some like what the banks already do, some do not.
However, that has nothing to do with the technical underpinnings, which is what I'm talking about.
True, and heck, banks could even use tokens right now on contactless cards if they wished.
No sir. The crypto keys are only used for the surrounding authorization tokens, not the account token.
Token account numbers themselves are not secret, so there's no need to encrypt them. They are transmitted in the clear, so that terminals and half the backend payment setup can use them just like regular account numbers.
As I said, token account numbers are provided by a Token Service Provider (TSP) who charges for not only creating the token, but for each API call to look up and translate the accounts from token <--> actual. (The TSP can be part of a bank, or part of the credit card network, or a third party altogether.)
For example, Mastercard will create a token for 50 cents, plus 10 cents a month to keep it, plus 2.5 cents for each API call to translate it back and forth. It's another hidden cost of Apple Pay or any other system that uses tokens.
Last edited:
The answer is very simple - vote with your wallet and switch to ANZ. I did and haven't looked back. All banks in Australia are almost identical so there was no loss for me in switching to ANZ for ApplePay. It is ironic however that the ANZ banking app is very simple and doesn't even use touch ID like the other banking apps.
Are you joking? They have had the last 6 or 7 years to get their banking apps right and they're junk for the most part. What makes you think they'll do it right just because they have access to the chip and in any case they will never have access to the double tap of the home button and that's the winner right there. There's nothing else to be said, but I'm sure you'll find something
What? Of course there's an API for calling up Apple Pay. That's how bank and store apps access it internally now.
Heck, soon even websites will be able to use it.
https://developer.apple.com/apple-pay/