“The introduction of Apple Pay – and the coming of its rival, CurrentC – has retail CIOs looking, again, at how customers pay,” Jen A. Miller reports for CIO. “Apple pushes Pay as one way to stop security breaches. That’s because a retailer doesn’t store credit card information. Instead, Apple stores that data, and gives retailers a ‘token’ that stands in for payment.”
“‘The credit card isn’t transmitted during the transaction, and the retailer will not have the credit card number in [its] systems,’ says Jim Maholic, author of Business Cases that Mean Business and vice president in Hitachi Consulting. That way, even if the retailer is hacked, the customer’s information isn’t put at risk. ‘As a CIO, I [would] feel better if I have more customers using Apple Pay, because I haven’t exposed their numbers to risk,'” Miller reports. “‘There’s a certain number of affluent customers who use the iPhone 6 [and iPhone 6 Plus],’ says Maholic. If one store offers Apple Pay and the other doesn’t, those well-heeled customers are more likely to walk in the Apple Pay door. ‘Now that I’ve got that customer, it’s harder for somebody to steal that customer.'”
Read more in the full article here.
Related articles:
Apple Pay consumers can now use their Barclays, Navy Federal and USAA MasterCard – November 10, 2014
Apple Pay now available for U.S. Bank customers – November 10, 2014
Apple Pay wallet killer is already making an impact at Whole Foods – November 8, 2014
“If one store offers Apple Pay and the other doesn’t, those well-heeled customers are more likely to walk in the Apple Pay door. ‘Now that I’ve got that customer, it’s harder for somebody to steal that customer.’”
Exactly my experience with Apple Pay – in my small town, we have four similar stores – Walmart, Kmart, Target & Meijer. One of them accepts Apple Pay, the other three do not. I have shopped in one of them a LOT since Oct 20, the others I haven’t been in since.
Meijer? In California we don’t have that option.
I wonder how many more months it will take for all retailer CIOs to realize Apple Pay via iPhone 6/Plus has already won the NFC pay race? I mention Apple Pay every time I have to buy something at a non NFC Apple Pay enabled checkout terminal. And I also speak to the manager of the store about it every time too. Repeatedly – every time I have to present my card instead of Apple Pay. I am trying to repeatedly remind them that Apple Pay is here now and it’s here to stay the winner.
Also I had a manager at the Capitola CA Save Mart tell me they weren’t going to support Apple Pay because he heard on TV that Apple Pay is a dismal failure. I had a good laugh and told him that was one of the funniest stories I’d heard in a long time. Hilarious. 😜
Instead of fighting Apple, these companies need to start writing their own Apps for customer loyalty. I long since transferred all my customer “loyalty” cards to my phone with an app. I would gladly let them collect all the data on me they want when the app is running in their store. It can track what isles I go down, what I paused to look at, keep my shopping list in place, and generally help me have a great shopping experience giving me free coupons the whole way. But let me use Apple pay at the register. And for simple in and out purchases stay out of my way. I should be able to shut it off if I find it does not improve my shopping experience and pay for itself.
Obviously Apple has credit card info for any cc one has associated with an Apple ID, but for additional cards added to Apple Pay via the iPhone, does Apple acutally store this data (as the article suggests)? Isn’t that kept in the secure enclave on the device?
I think you are correct as I understand it.
No, no credit card numbers are stored on your iPhone at all.
When adding a new card to Apple Pay you take a picture of it and all that does is give apple the number and your name.
Apple then verifies it with the bank that you are who you say you are and that the card is yours. Once that is done Apple pay then creates a unique device id for that card. That unique id which is not the credit card number is stored in the secure element. Every time you use that card at a retailer, a one time transaction token, and one time security number (the 3 digit number on the back of your credit card) is created by the secure element and given to the retailer. that number is then transmitted to the bank or credit card company and is redeemed for the amount of the purchase.
After the token is created the iPhone has nothing to do with the transaction anymore. it is all between your bank and the retailer. Only your bank knows what card is associated with your unique device id that is unique to only one card on your iPhone.
For a really good explanation of how Apple Pay really works read here http://www.kirklennon.com/a/applepay.html
Also I was wrong in one aspect of my apple pay explanation above the secure element does not create the one time use token. The credit card company does and sends it to your iPhone and stores it in the secure element. When the token is used it is then matched to the secure device id that was randomly created for your card.
To clarify, Apple Pay does not use one-time use tokens at all. When you add the card, a reusable token (which Apple calls Device Account Number) is generated by the issuer and sent to the phone. When you pay, the number is retrieved from the Secure Element and sent, along with a dynamically generated security code, to the payment terminal. The same token is reused for all transactions. However, unlike a regular credit card number, the token cannot be used outside of Apple Pay, so it’s not useful if stolen.
So you’re saying that, if you use Apple Pay at a particular merchant a lot, that they could capture that token (DAN) for customer identification purposes, but not for credit card fraud purposes?
Sounds to me like Apple Pay is the best of both worlds, in that case. Merchants can identify their customers all day for marketing purposes without putting credit card information at risk. I for one don’t mind merchants knowing what I buy; it tends to lead to better pricing on what I buy.
Pretty much, yes. Another difference, however, is that with Apple Pay they don’t get your name either; you are *just* a number, which limits their ability to sell/share your purchase data with other sources. You’re an anonymous shopper, but you’re the same anonymous shopper across repeat visits. Of course, if you then use a loyalty card or traceable coupon, then you’ve linked that to your identity, but that’s a choice people can make on their own. On the other side of things, every time you upgrade phones, you become a new anonymous person. And if you pay with both your iPhone and Apple Watch, those are two separate numbers as well.
No, it scans it, recognises important data items, open a secure connection to APPLE gets dynamic ID, deletes original data. Not needed any more
Thank you all for the feedback. I questioned it because of this quote from the article, which sounded completely wrong to me:
“That’s because a retailer doesn’t store credit card information. Instead, Apple stores that data, and gives retailers a ‘token’ that stands in for payment.”
This kind of misinformation is sometimes worse than blatant FUD. Because the author is supporting Apple it seems reasonable to accept her explanation of the process. Which, in this case, she got very wrong.