Apple vs. Banks in Mobile Payments
Based on its patent filings, we expect Apple to extend its Passbook app (currently reserved for gift cards) so that it is compliant with EMV contactless and tokenization standards. This means customers, via their banks, can enable iPhones for mobile bankcard payments at merchants who have installed iBeacon technology (with which Passbook is already integrated).
- We expect Apple to position the iPhone as a digital shopping assistant (acting as an in-store navigator, “genius” recommender, virtual shopping cart, digital coupon-book, and mobile wallet all-in-one) rather than a stand-alone wallet. To make this work, merchants will need to install iBeacon technology rather than merely be compliant with EMV contactless standards.
- To improve the business case, Apple will be looking for card-present or “CP” rates (more favorable to merchants than the card-not-present or “CNP” rates on a PayPal wallet) and hence an EMV-compliant solution. In particular, this means payments information will be transferred from device to point-of-sale (POS) system over NFC even if Bluetooth (BLE) is used for data transfer (e.g. real time messages and marketing) between iPhones and iBeacons. Apple’s patent is explicit about this “dual air interface”.
The bankcard-enabled version of Passbook will compete with mobile bank apps on Android devices into which mobile payments is incorporated using host card emulation or “HCE” (now supported by Visa and MasterCard). HCE is software built into the device operating system that allows a phone to emulate a card while card credentials are stored in the cloud. It differs from the Apple solution (where card credentials are stored in a secure element built into device hardware) and the Isis wallet (where card credentials are stored in a carrier-provided SIM card).
- These three wallet solutions are the only ones that will qualify for CP rates and, in effect, substitute a phone for a card; other wallet solutions, such as PayPal, are assessed CNP rates because, in effect, they substitute a phone for a desktop.
- Both Apple Passbook and Android-based mobile bank apps will use tokenization so that sensitive card account information is not passed to merchant point-of-sale (POS) systems.
Apple’s control of device hardware allows it to make a unique and important contribution to reducing fraud risk through using TouchID to generate identification-and-verification or “ID&V” information in the form of fidelity risk-scores on fingerprint scans. Given large banks view lower fraud costs as a source of competitive advantage, they will likely negotiate reduced CP rates to the extent Apple provides this ID&V information; merchants will benefit from these lower rates improving the business case for investing in iBeacons, and Apple will establish an important use-case for its secure biometric solution to digitally identifying and authenticating customers.
Longer term, Apple’s solution is likely to pitch it against banks in shaping mobile payments. In all three of the immediate Apple, Android, and Isis solutions, banks can control which cards are provisioned into phones and will seek to reserve the mobile channel for premium products – in other words, banks will provision in credit cards but not interchange-regulated debit cards. A mix-shift to high-cost products as customers migrate to mobile payments is precisely what MCX is seeking to avoid, and is a key reason the consortium has asked members not to accept mobile wallets other than the MCX solution. However, Apple may turn out to be a key enabler of the MCX solution.
- While MCX will initially use QR-codes to transfer payments information between phones and POS terminals, we see the Apple solution as dovetailing well with MCX members who want to deploy iBeacon technology. Tokens for merchant-based card products can be provisioned into iPhones just as well as tokens for bankcard products, and merchants will find attractive the tight integration of payments and proprietary loyalty programs in Apple solution.
- Merchants will be concerned about the risks of data leakage in all third-party wallet applications but Apple is likely to position, credibly with both consumers and merchants, around better control of data than Android-based solutions.