Apple vs. Banks in Mobile Payments: Update
The first media reports appeared today of Apple’s discussions with retailers around a mobile payments system where payments are integrated into a premium shopping experience relying on wireless communication between iPhones and iBeacons (as piloted already in a few Apple stores).
While the initial launch will likely be a “pay-with-iTunes” model leveraging Apple’s 800mm cards-on-file, we expect this to evolve to a model that is compliant with network “EMV” standards using NFC to pass card credentials from the secure element of the iPhone to the merchant point-of-sale (POS) system as outlined in our note of May 23rd “Apple vs. Banks in Mobile Payments”.
- There are three implementations for EMV-compliant mobile payments that vary in where the card credentials are securely stored: on the SIM card (which is the solution for the Isis wallet); in the operating system (which is Google’s “host card emulation” solution launched last September for Android “KitKat” 4.4); and on a secure element embedded in the ‘phone hardware which is a solution that will be adopted by device manufacturers such as Apple.
The advantage of EMV is that merchants receive the lower “card-present” rates that apply for physical card transactions than the higher “card-not-present” rates that apply for e-commerce; in addition, merchants are indemnified by banks against fraud losses. The disadvantage of an EMV implementation, from Apple’s standpoint, is that it cannot use cards-on-file but will rely on NFC communication to pass bank-provided tokens (aliases for card credentials) from the secure element built into iPhones to merchant point-of-sale (POS) systems.
There will likely be an important negotiation between Apple and large banks over the terms under which these tokens will be made available, and this will broaden to encompass bank-funding of rewards programs and the provision by Apple to banks of the risk-scores from fingerprint scans on TouchID devices; the scans themselves, of course, are unavailable even to Apple.
- These risk scores are valuable because they have the potential to allow banks to reduce fraud losses, and raise the possibility that the Apple mobile product may involve lower costs to merchants not only than the card-not-present rates that apply on, say, PayPal transactions but also the card-present rates that apply on physical cards.
In an architecture where tokens are provided by bank issuers and reliable cardholder authentication is provided by a mobile phone, the value of network-level fraud risk-management services declines. More broadly, mobile may catalyze a shift of intelligence to the periphery of the networks.
- While public figures are not available, we believe fraud services account for a meaningful portion of the difference between the network fees charged by V and MA (6-7 cents/transaction for debit and 11-13 cents for credit) and the sub-1 cent fees charged by national payments systems such as Interac in Canada and EFTPOS in Australia; we do not expect even the for-profit FIS to charge more than 2 cents/transaction to for processing MCX transactions.