Apple Pay hits 1,000 US card issuers ahead of planned retail expansions

13»

Comments

  • Reply 41 of 45
    rob53rob53 Posts: 3,241member
    timbit said:
    Canada has had NFC terminals for years. Just need banks to jump on board and we will be good to go. But that will take forever. My bank app doesn't even use Touch ID for logging in yet.....
    Neither does Wells Fargo's iOS app even though they push Apple Pay using their Visa cards. Amex allows use of TouchID, however I'm dropping it this summer (new timeframe) when Costco changes to Visa.
  • Reply 42 of 45
    MarvinMarvin Posts: 15,310moderator
    volcan said:
    Your first remarks specifically mentioned small retailers but as I wrote, the iOS device is really the only way to work with Apple Pay so the retailer would have to have an app and you would have to be registered and logged in with them prior to starting your shopping session, so no brand new first time shopping on a new site as you suggested before. In order to put that sort of e-commerce solution together you would have to have more resources than a typical small retailer would have. 

    The retailer can't generate the token without the phone present because it needs the secure element where it encrypts the device ID with a secure certificate. I don't think we will ever see any stand alone e-commerce solutions using Apple Pay that do not include an iOS device with an app or a POS terminal in retail. No mash-ups of website and background intermediate payment servers.

    Take a look at this WWDC video for a better explanation. 

    https://developer.apple.com/videos/play/wwdc2015-702/
    That video describes what I was saying but with in-app Pay:



    In a retail setting, the retailer shows the payment sheet and gets a token from the phone via NFC then encrypts it using their merchant certificate and sends it to the payment processor for validation. Inside an app, they don't put the certificate there, the token gets sent from the phone and the transaction happens entirely between the phone and the Apple Pay server. Apple's server wraps the data up and sends it to the payment processor.

    When you walk into a retailer that you've never shopped at before, you can use Pay so the same would apply to a website. Let's say you have a laptop and an iPhone. You decide you want a snack so you load up sendmesnacks.com and you've never used it before. That company would have an Pay merchant id and secure certificate. You load up your basket, click Pay and this can go two routes. It can either get an anonymous identifier from your smartphone locally (bluetooth or wifi) to encrypt and send to the Apple Pay server (no token at this point), which then sends a notification to the phone for validation or the payment sheet is generated locally on the phone via bluetooth or wifi and then validated from there. Once the validation is sent from the phone to the Pay server (this would have merchant id, payment info and token, maybe shipping address), Apple does the same as it does with in-app purchases and sends it encrypted to the payment processor. When that's validated, the merchant would be able to see the payment for that transaction id was successful and the transaction is done. This would all happen within seconds.

    There would be no requirement for the buyer to have an account already on the website and the merchant doesn't need an app. When you make person to person Pay payments, you won't need your own app to do it. It will be as simple as entering an amount, a recipient and then validate it.

    It takes the hassle out of dealing with as many different e-commerce sites where you have to update your cards on each when they expire or you change address. It removes the worry of having to enter card details on unfamiliar sites where they might store details insecurely. It removes the annoyance of entering card details every time on sites that don't store data. I would have expected them to tackle e-commerce first and take on the likes of Paypal. Retail is much harder to get traction in. It also makes it easier to buy things you wouldn't necessarily want to share too many personal details with. Take the Ashley Madison hack, any kind of site payment needs to verify your name and address with your card details as a basic check. With Pay, the site doesn't need to get that info. It wouldn't even need a valid email address that Paypal needs. It's not quite cash-level anonymity because Apple knows the merchant ids and who you are but that's still better than the site storing the details because they can all be taken at once.
  • Reply 43 of 45
    volcanvolcan Posts: 1,799member
    Marvin said:
    That video describes what I was saying but with in-app Pay:

    No point in discussing this further. Apple is not going to allow you to use Bluetooth or wifi from an iPhone connecting to a desktop browsing a website to make a transaction with Apple Pay. End of story.
  • Reply 44 of 45
    jfc1138 said:
    adamski said:
    Require a photo ID! That's nuts. Should just be, customer inserts card chip into terminal then punches in PIN. That's how it's done in Canada. Actually more commonly now since our terminals have NFC we just tap the card to the terminal and that's it. I've even heard that some USA stores that offer card tapping still require a signature after you tap, that's crazy! That's what Walgreens did when I tapped my Canadian Credit Card in Vegas. 
    They're checking for identity to make sure the card is being used by the owner: not a bad thing overall. That card may not be "fake" but the buyer sure could be with a wallet pickpockets etc.
    But that's the point of the PIN. We don't ID up here which I'm thankful for because seems like a waste of time. If misuse of cards was a problem then I'm sure we'd require ID but we don't so must not be that big of an issue.
  • Reply 45 of 45
    volcanvolcan Posts: 1,799member
    adamski said:

    But that's the point of the PIN. We don't ID up here which I'm thankful for because seems like a waste of time. If misuse of cards was a problem then I'm sure we'd require ID but we don't so must not be that big of an issue.
    The chip and PIN is much better than chip and signature that we have in the US. Hardly any retailer asks for ID so if your card gets stolen, it could be used everywhere until the bank voids it. Of course the fraud is covered by the bank anyway so the user is not out any money usually. At some self serve gas pumps in the US it asks for a zip code. 

    Misuse of cards is a pretty common occurrence in the US. I had a different kind of fraud happen just last week. Someone stole a commercial check out of the mail and altered it by somehow washing the info and putting their own name and a huge dollar amount, then successfully cashed it. I went to the police station to report it and had to wait in line for 45 minutes behind lots of people reporting credit card fraud.
Sign In or Register to comment.