Making us Pay

by | Sep 11, 2014 | 3 comments

That’s exactly what Apple’s been doing. Seemingly lost between Tuesday’s unveiling of yet another pair of new iPhones (the 6 and 6 Plus) and the Apple Watch–which will no doubt sell by the truckload despite its hefty price tag ($349 and up) and the fact that it needs to be accompanied by an iPhone for full functionality–was the revelation that Apple has concocted a “virtual wallet” payment system to accompany its newest smartphone models.

This system works with your existing credit cards, but it’s more secure than any available payment method. It’s dead simple to use, incredibly convenient, and already supported by national chains like Macy’s/Bloomingdales, McDonalds, Subway, Walgreens, Petco, Toys “R” Us, Staples and more.

Apple calls it simply Apple Pay. I call it pretty remarkable because after seeing the demo and the ecosystem they’ve created around it, I think it truly does have the potential to change the way we pay for things. It’s not the first system to take a crack at mobile payments via a virtual wallet (see Google Wallet) but it’s the first one to come out fully locked and loaded, with retailers, banks, and credit card companies already on board.

Apple Pay is based on an already-existing technology called near field communication (NFC). Put simply, it’s a way for two devices to “talk” to each other over very short distances by establishing a temporary wireless connection. By waving your smartphone in front of an NFC enabled device at your friendly neighborhood retailer’s checkout, a credit card payment can be made in mere seconds. No need to launch an app; in fact, you don’t even need to unlock your iPhone–thanks to the Touch ID technology that Apple introduced with the iPhone 5s.

When you compare this experience to fumbling with credit cards, security codes, picture IDs and swipe card readers that never seem to get it right the first time, the advantages in terms of convenience are pretty obvious. What’s probably not as obvious are the advancements in security and privacy that are baked into this new system. Although Apple Pay can make use of any VISA, American Express or MasterCard, it never actually uses (or stores) credit card numbers or security codes on your iPhone.

Instead, a unique secure ID is encrypted and stored on your iDevice for each of your credit cards, and it is this information, along with the transaction info and a one-time security code, that is sent to your credit card company. At that point the unique secure ID is linked to your actual card no. and account, and payment is transmitted to the merchant. This means that your card number is never sent anywhere in the process of making a purchase, and because you don’t actually hand the card to the cashier, no one even sees your card number–much less any other personal info–at the point of sale.

Further, if your new “virtual wallet,” aka iPhone, is lost or stolen, you can remotely suspend all recent payments and wipe the device from any other iDevice or Web browser using Find My Phone. That’s not really new, but consider this: Because the credit card numbers and other info for each card are not stored in the iPhone, and because–in theory, at least–you left your actual wallet at home, you don’t need to call up and cancel all your credit cards. You just import their info into your replacement iDevice, and you’re back up and running. Or buying, as the case may be.

Apple’s demo of Pay at Tuesday’s press event made it seem almost impossibly simple, convenient and secure. And it just might be all that when it comes on line this fall. As you may have already guessed, this revolutionary payment system requires the purchase of the new iPhone 6 or 6 Plus. So now that Apple has made us Pay, Apple is going to make us… pay.

Or, to paraphrase the official motto of the Commonwealth of Virginia: Sic semper Appleus.

A brief note on security, or, what else is new?

Regarding the recent “celebrity photo iCloud hack,” which most of you have probably heard of by now, it appears after much investigation and finger pointing that there is no inherent security flaw in the iCloud system, and that these were isolated attacks specifically directed at the iCloud accounts of female celebrities (Kirsten Dunst, Jennifer Garner, Kate Upton etc.) in hopes of discovering compromising images to post online. The attacks were conducted using common “brute force” hacking techniques; in other words, sending password after password at the account in rapid succession until the correct one was discovered.

Nothing new or innovative about that, and since the targets were specifically young, nubile female celebs, it’s probably safe to assume that none of us were affected. In the wake of these attacks, Apple has pledged to improve iCloud security, but also urges users to implement strong passwords as well as to enable two-step verification, which is generally a good idea in terms of making your Apple ID even more secure. Because TSV involves a very specific setup process and requires that you have a cellphone with you whenever you make a purchase on the iTunes Store, we’re going to explore it in a future posting to help you decide if it’s the right move for you, or if it will cause more problems than it solves.

So what’s the moral of this story? It’s two-fold:

  1. Resist the temptation to post naked selfies to your Photo Stream.
  2. Use a strong password for your Apple ID/iCloud account. If any or all of the celebs affected by this had employed strong passwords, their accounts would not have been compromised.

Finally, some of you have been asking about the Home Depot hack, which was confirmed this past Monday and potentially affects up to 60 million accounts. It really has nothing to do with your computers or iDevices, and since it had been going on undetected for at least six months, you probably already know if any cards you used there have been compromised. Just to be sure, however, check your recent statements carefully for any suspicious charges and report them to your card issuer ASAP.

3 Comments

  1. Ron Chen

    Thank you for a clear explanation (as always) of how the “magic” works. It’ll be interesting to see if/how it works in the next year.

    Reply
  2. Bernard Abramson

    I remain sceptical about electronic payment systems. If Apple Pay turns out to as you describe then it may be a rare case in which convenience and security are not mutually exclusive. My experience with an electronic payment service here in Princeton was miserable. About 100 retailers including the main supermarket participate in the service. They have installed readers etc. and offer a free app. I loaded the app on my iPhone and went through the non-trivial validation process (twice, the software failed at the end of the first attempt). To use the service for a purchase one has to:

    – enter your phone pin
    – open the app
    – enter the app’s pin
    – enter a third pin to authenticate your bank (or credit card) to the app.
    – complete the transaction through the reader at the check out counter.

    This process replaced one step: swiping a credit card. In many cases the value of the transaction is below the threshold for a signature. Not insignificantly, the electronic payment required two hands while the plastic method used only one.

    I do not find that it is any easier to take out my phone than a credit card but dropping one of these on a hard floor has very different results.

    Also, I am not ready to say that Apple will do a better job of implementing the software than our local folks did. I recently attempted to add 2 step verification to my Apple account. That took two (lengthy) tries as, guess what, the software failed at the end of the first attempt.

    As I say, your description of Apple Pay addresses most of these issues. I will wait and see.

    Reply
  3. Moira Horan

    Thank you.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *