The Verge has buried the lede here: major retailers are banding together to compete with Apple Pay, with their own system made out of QR codes and direct access to your checking account. Given the security track record of US retail the past few years, one might wonder what could possibly go wrong.
As I understand it, all the major payment processing companies have their weight behind NFC payments (Visa: paywave, Mastercard: paypass, Amex: expresspay). What's to stop them from all writing into their contracts that if you want to accept payments from our cards you need to accept them via NFC as well? I'm surprised they haven't already.
Seems like an easy retaliation for Google and Apple would be to just block the CurrenC applications from the app stores when they are released. It's very similar to what the retailers are doing by blocking Google Wallet, Apple Pay and paywave by disabling NFC.<p>Also, I just don't see the banks simply rolling over and losing their beloved credit and debit card fees. They will definitely find ways to make their money (sgentle mentioned through contracts requiring NFC, etc).<p>I've had a paywave for a while, and have used it at CVS quite a bit. Sort of annoyed it won't work anymore due to this issue.<p>And giving retailers direct access to your checking account via ACH..uffda.
The problem is that Apple completely played their hand in the markets they entered in early: music with iTunes and mobile apps with the AppStore.<p>Now that everyone has seen how much the experience has sucked for many participants in those markets, participants in other markets Apple wants to enter, such as ebooks, movies and tv shows, and now payments, are extremely wary about cooperating. They want Apple's solution, but I don't see any new market playing along unless Apple changes their strategy to one that permits openness and competition as a poison pill in the case that Apple continues to treat its "partners" like shit.<p>Openness is great because it forces the best solution out there to always compete on being best instead of competing by abusing its market position. No market wants to let Apple establish a strong market position anymore.
I work for a retailer that has a card-to-check form of payment already, and I'm required to use that for my discount. I don't love the idea of having my checking account tied to a piece of plastic, but since it stays all in the family (card is only good at the retailer, and the only plastic card is in my wallet), I live with it.<p>That all said, there's no way I'd introduce a third party to this, well, party, and give direct debit access to my checking account to someone I don't know, who's security practices I don't know, and who's primary form of interaction is a freaking QR code - and I have nothing against QR, but I would never trust this to a single barcode of any kind. And the retailers are all going through all of this effort simply to avoid interchange fees and the impact ApplePay will have on them.<p>To me, the winner will be whoever balances security with ease of use, and ApplePay is the winner right now (and I say that having used Google Wallet). I use my existing cards and retailers I already go to, so it feels the same, but no actual, useful information is being transferred, so I'm better protected. All transactions show on my statement as if I'd swiped. If retailers shut me out in favor of proprietary systems that require work on my part, I will vote with my dollars and shop elsewhere.
As soon as I have to fumble around looking for an app to launch, it's already easier to just pull out my credit card. I'll just be doing that.<p>Apple Pay is just easy enough that I will use it.
Apple describes the security features of Apple Pay (and the security features of iOS and Apple mobile devices in general) in the document "IOS Security October 2014"[1].<p>Of particular interest:<p>iPhone 6 includes a separate chip, called the "Secure Element", that is used as part of Apple Pay. Here's how Apple describes this chip:<p><pre><code> The Secure Element is an industry-standard, certified
chip running the Java Card platform, which is compliant
with financial industry requirements for electronic payments.
</code></pre>
Here is how Apple Pay uses the Secure Element:<p><pre><code> The Secure Element hosts a specially designed applet
to manage Apple Pay. It also includes payment
applets certified by the payment networks. Credit or
debit card data is sent from the payment network or
issuing bank encrypted to these payment applets
using keys that are known only to the payment
network and the payment applets' security domain.
This data is stored within these payment applets and
protected using the Secure Element’s security
features. During a transaction, the terminal
communicates directly with the Secure Element
through the Near Field Communication (NFC)
controller on iPhone 6 and iPhone 6 Plus over a
dedicated hardware bus.
</code></pre>
The information stored in the Secure Element, which is what is used to actually make payments, is restricted:<p><pre><code> Full card numbers are not stored on the device or on
Apple servers. Instead, a unique Device Account
Number is created, encrypted, and then stored in the
Secure Element. This unique Device Account Number is
encrypted in such a way that Apple can’t access
it. The Device Account Number is unique and
different from usual credit or debit card numbers,
your bank can prevent its use on a magnetic stripe
card, over the phone, or on websites. The Device
Account Number in the Secure Element is isolated
from iOS, is never stored on Apple Pay servers, and
is never backed up to iCloud.
</code></pre>
The system these retailers want to push, CurrentC, will just be an ordinary app. It will have no access to the Secure Element. Doesn't this considerably limit how secure it can be?<p>[1] <a href="https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf" rel="nofollow">https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_20...</a>
As with Coin, this seems like another rather US-specific situation.<p>I get the impression that in the US, credit cards are more common than debit cards, and the banks try to keep it that way. Debit cards are also somewhat expensive - customers pay 0.79% on average [1].<p>In the UK, and i believe in the rest of Europe, everyone uses debit rather than credit cards in shops, and they are much cheaper - interchange fees for debit cards are about 0.2% [2]. Most debit cards these days are also contactless payment devices.<p>If Apple Pay takes off here, it will be just another contactless payment option. I don't see any great reason for shops, banks, or customers to feel strongly about it.<p>[1] <a href="http://www.federalreserve.gov/paymentsystems/regii-average-interchange-fee.htm" rel="nofollow">http://www.federalreserve.gov/paymentsystems/regii-average-i...</a><p>[2] <a href="http://www.bbc.co.uk/news/business-23431543" rel="nofollow">http://www.bbc.co.uk/news/business-23431543</a>
It seems very much like the browser wars of old. I think that soon your NFC payment system on your phone will have to be your choice, and not that of the carrier or manufacturer. Retailers however will always have a choice to accept or not, unless collusion is found that is. When large retailers are the payment system, as is what it seems here, I think they will be forced to accept more than just their own.
I'm wondering why Apple keeps launching in the American market first. Both in mobile and payment the US has been pretty much the most backward and conservative of any of their primary Western and Asian markets.