The long-awaited Apple Watch was unveiled on Monday, and Apple hopes wearers of the luxury time-piece will use it, among other things, as a mobile wallet. Ralf Gladis, CEO of payment services provider Computop, tells Multichannel Merchant what sort of impact Apple Watch will have on mobile payments.
MCM: Why should we use Apple Watch in order to pay for our purchases?
RG: Paying with an Apple Watch will be much faster than a normal card or cash payment because no PIN, signature or print receipts are needed. No fumbling with cash, cards or paper. The user just taps his Apple Watch on the merchant’s POS terminal. That’s easy for consumers and provides a better throughput at peak times for the merchant’s checkout. Those are two powerful advantages that will not only lead to Apple Pay’s success but also help Visa, MasterCard and American Express with the deployment of EMV and Near Field Communication (NFC) enabled POS terminals. To date, NFC has delivered slow adoption. That will likely change now as Apple Watch will be an accelerator for NFC and a door opener for Visa, MasterCard and American Express which have been challenged in the area of mobile payments by many small but innovative competitors.
MCM: For retailers EMV and NFC enabled POS terminals are quite an investment. Does Apple Watch make any difference with such investment decisions?
RG: Yes, Apple Watch does make a difference for two reasons: Wearables like Apple Watch are perfect tools for quick NFC payments because a watch is on the consumer’s wrist already and he doesn’t have to fumble with his iPhone. Consumers will like that.
Moreover, Apple Watch is just one of what will be many of its kind with regards to portable devices and wearables for payments. In my opinion the achievements of Apple Pay are less based on the innovations of Apple and more on Visa and MasterCard technology that is available to everybody: EMV and NFC. At Computop we expect more smartphone manufacturers like Oppo, Samsung and/or Sony to add their own NFC payment solutions based on Android. When retailers consider investments in EMV today they should expect other manufacturers to provide smartphones and wearables with EMV and NFC payment solutions to a much larger user base than the Apple community – and with such volume comes opportunity.
MCM: How does Apple Watch work when it comes to payments?
RG: Apple Watch uses NFC radio technology in order to process payments with the merchant’s POS terminal. When a consumer taps his Apple Watch it transmits encrypted payment data and tokens to the POS terminal and the retailer should get an authorization from the bank within a second or two. That’s fast and simple. As long as the watch is connected to an iPhone 6 only the watch has to be unlocked. In conjunction with an iPhone 5 Apple Watch will require an additional code before starting the payment.
In order to provide security around high value purchases, however, there are open questions whether or not PIN entry is necessary. According to the EMV standard NFC payments above certain limits, say beyond $30, still require a PIN entry. Such limits vary with geography, though. iPhones can compensate the security provided by a PIN with the Apple TouchID fingerprinting, but Apple Watch doesn’t have such sensors. Therefore, there is speculation around high value purchases: Would Apple Watch users have to enter their PIN on the merchant’s PIN pad? That would adhere to the EMV standard, but what we heard so far is that no PIN would be required with Apple Pay. Or would Apple Watch be allowed to deviate from the standard and only ask for a PIN once the watch is taken off and put on again? Another option could be to tap the Apple Watch and use the iPhone in order to provide a TouchID fingerprint in order to compensate for PIN entry. However, there are discussions on Apple’s support platform where users claim that they had to type in their PIN on the merchant’s terminal even for a small $7 purchase. I am curious to see what the solution will be. It could be that PIN handling depends on the issuing bank’s individual policy.
MCM: We heard a lot about the security of Apple Pay. Would that be true for Apple Watch, too, or will it come with additional security risks?
RG: Apple Watch works in conjunction with an iPhone, and it’s using the same security technology that is based on proven technologies: EMV, NFC and tokenization. When a new credit or debit card is added to Apple Passbook it doesn’t store real card data but only a derived Device Account Number (DAN) on a secure element that is held separate from the operating system and no part of a backup. The DAN is a token which is unique for each device and each card. When Apple Watch processes a payment it transmits the DAN and a onetime security code to the POS terminal. When the POS terminal forwards the payment data into the payment network of Visa or MasterCard they match it to the real card data. Neither the device nor the merchant will see actual card data during this process. That reduces the risk of merchants and issuing banks, and it is a much better security level than everything we have seen before. Moreover, Apple’s promise to not track payment activities and keep them private for consumers and merchants should add more confidence than we could probably have with some of Apple’s competitors in that area.
MCM: If Apple Pay is so secure why did we see news about fraud with Apple Pay recently?
RG: The Apple Pay technology provides safety for the payment process by replacing real card data with secure tokens. As fraudsters can’t steal data they focused on the enrollment process with issuing banks. At Computop we heard that fraudsters managed to trick banks into enrolling stolen credit cards for Apple Pay. Issuers should have been able to avoid that. It seems that issuing banks didn’t craft their enrollment procedures well enough. For instance, fraudsters used stolen data in order to answer so called safety questions like the cardholder’s mother’s maiden name, but that kind of data typically is being stolen from websites together with card data and available to fraudsters nowadays. That enrollment process is being updated right now. In short: The devices are safe. Current fraud issues are caused by weak authentication and enrollment procedures at the issuing banks.