Sunday, September 7, 2014

Apple, NFC and Payments

It's beginning to look like Apple will include NFC and a payment system in its new wearable and iPhones, using Touch ID for authentication and the Passbook app (and system integration) for user experience.

A report earlier this week claimed Apple will be able to store credit card information in a "secure enclave" on the A8 chip (similar to how fingerprint representations are currently stored on the A7), and treat credit card transactions implemented using the phone as a "card present" transaction, which means discounted fees from the credit card networks/banks since there's much less likelihood of fraud if the user authenticates by fingerprint.

Today 9to5mac states the NFC payment system will use one-time-use tokens rather than transmitting sensitive credit card information (such as the magic three-or-four digit code on the back of the card), thus preventing the types of breaches we've seen where bad guys have hacked into retailers' back ends to get lists of credit card numbers and authenticating details:

Apple reportedly planning to implement tokenization in NFC payment system | 9to5Mac

A hacker, at best, could only replay the same transaction (and in reality not even that, since the token is presumably time-coded or tied to a central database so it can be executed only once).

Assuming all of this is true, presumably you will be able to go to many retailers and, using a combination of NFC and iBeacons, bring your phone close to a widget on the counter.  A screen will pop up showing you the total to be charged, and you use your fingerprint to complete the transaction, with funds applied either against your iTunes account or from a linked credit card.  (Of course I'm speculating).  Presumably there is an app that keeps track of all these transactions (there's got to be a good reason us developers haven't seen a beta in a long time), possibly all linked to your iTunes account.  In the Apple store, Nordstrom, and others using Apple POS equipment, perhaps you won't even have to tap your phone on a widget - roaming employees can direct the charge right to your device via iBeacons and knowledge of who you purport to be.

One could even imagine being able to receive payments in the same way, phone-to-phone, with the money applied to your iTunes account balance.

One wonders if we'll be hearing Tuesday afternoon from eBay, Amazon, Google, Square and the like about how this is a tough business and Apple can't just walk in and figure it out.


No comments:

Post a Comment