Well, today was the big day. Yes, a cusp in the annals of payment history. The day that mobile payments became real etc etc. Apple Pay in dear old Blighty! And a surprising amount of media attention.
It is the first time the “tap-and-pay” system — which allows users to pay for goods and services by touching their smartphones on contactless payment points — will be available outside the US.
Hurrah! Now, I’ve been tapping and paying with my iPhone for ages using my splendid Barclaycard sticker. But now the rest of you can join in the fun. Well, at least those of you with some of the latest Apple gear, that is.
Owners of an Apple Watch synced to an iPhone 5, iPhone 5c, and iPhone 5s will also be able to use Apple Pay, albeit without the extra security of Touch ID available only on the latest iPhone 6/6S model. Those with the latest iPad Air 2 or iPad mini 3 will also be able to use Apple Pay within apps to make purchases online.
The launch of Apple Pay meant that I had a pleasantly busy media day, starting of in Salford with BBC TV’s national “Breakfast” show. This was really fun but it’s quite difficult because you have to boil down what you want to say to the bare essentials and talk in a language that a normal person (i.e., not someone obsessed with the future of electronic transactions) can connect to. The main point that I wanted to get over was that this really does mean a payments revolution, but because it brings security and convenience in-app and online, not because you can tap to buy cups off coffee, no matter how cool.
One question that I was asked more than once during the day was “is it secure?”. I sometimes find this a little odd, because it suggests that Apple, the international card schemes, Britain’s leading retail banks and top consultants were thick as planks and hadn’t thought about it. My consistent response was that not only is it secure (or, at least secure within the bounds of the economic parameters appropriate to the business model, which is what I always mean by “secure”) but it is very secure indeed. The truth is though that none of this actually matters when it comes to adoption.
according to our Technographics data from Q1 2015, 27% of UK online consumers owning an iPhone would trust Apple to provide a mobile digital wallet but they are still more likely to trust PayPal (43%), a bank (41%), a credit card network (40%), and Amazon (32%).
Now, it’s very important not to listen to consumers at all about this sort of thing. How secure a transaction mechanism is or is not has almost no bearing on whether people think it is or is not secure and no bearing at all on whether they actually use it or not. If you look at what people say and do, it’s clear that they are unconnected and surveys are a bit of a waste of time.
So, broadly speaking, people think that mobile payments are not secure, but since they don’t care about security and value convenience more highly, they will use mobile anyway.
The fact is that whatever people think, mobile payments are more secure than card payments. They might even, as it happens, lead to their demise. Anthony Jenkins, when head of Barclaycard, rather famously (to me) said that mobile phones would get rid of cards before they got rid of cash. I hate to say it, but it looks like he was right. Look at the trajectory. A decade ago, Bank Technology said that:
In the US, bank-issued contact smart cards are already in decline. In March of this year, Target said that it would discontinue its smart card programme because so few of the cards were ever used to download coupons as intended. Financial Insights reckon that the numbers in circulation will continue to fall from the peak of 21 million in 2002. Unless there is a dramatic increase in card fraud in the US, the business case for investing in anything other conventional magnetic stripe cards remains non-existent.
Well, there was a dramatic increase in fraud, yet the business case remains uncertain. US issuers are hardly racing to implement EMV. The costs of card-not-present (CNP) fraud and PCI-DSS all fall on the merchants, not the issuers, so their incentive to change is limited. But — and this is a perspective we need to explore — EMV has not been a magic bullet against fraud elsewhere in the world. The UK has had EMV for years, yet card fraud is still a major, major problem.
Damning research shows up to 3.8million bank and credit card frauds are left out of the Crime Survey for England and Wales, distorting the true scale of offending. If they were included, the number of annual offences would rise by 50 per cent, from the record low of 7.3million to 11million a year. It means seven people are defrauded every minute.
The reason is two-fold. First, over time, criminals have become more inventive and have found many scams to obtain cards and PINs. Second, and most importantly, EMV did nothing about CNP. This is what Apple Pay is about to change, followed by bank schemes, Google Pay, retailers own schemes, Samsung pay and what ever else.
According to a variety of figures I’ve looked at, retail e-commerce is growing at around 10% per annum whereas card fraud in retail e-commerce is growing at double that rate. It’s time for a step change in the fight against card fraud. But what? Well, back in January 2014, I said in passing that “until we get a more secure mobile phone-based card infrastructure in place with working tokenisation” we would be stuck with these high levels of card fraud. Of course, I’m not quite the guru you might imagine for saying this, because I knew that my colleagues at Consult Hyperion were already working on tokenisation, but you can see what I was getting at.
I made this point again when I got caught up in an interesting discussion about card fraud a couple of days ago. The circumstances aren’t germane and I wouldn’t want to mention any of the organisations involved, and I hope none of them will mind if I mention that one of the main points of discussion was the relative security of mobile transactions over conventional card transactions. I think is fair to say that, broadly speaking, the discussion subgroup who came from banks agreed with me that mobile would in time be more secure than cards while the subgroup who came from merchants wanted to know if this meant changes to rules and rights. (I think it will.)
So why did the bank group think that mobile holds so much promise in security terms? As you’d expect, device fingerprinting and location-based services were seen as transforming the security around the payment transaction, and I couldn’t agree more. They also thought that this would mean that, in time, card-present (CP) rules and rights could be extended to mobile transactions. Personally, I am more bullish than that and would push further. I think that in time “cardholder present” transactions will actually be cheaper for the merchants than CP transactions and will be more desirable for the merchants because they allow for the sophisticated handling of payments related data within a transaction.
This must mean that in the longer term merchants will incentivise the use of mobile payments (e.g., Apple Pay) over the use of plastic cards and this will further support the evolution of in-app payments. As I said to a journalist this morning, Apple Pay is huge, but not because you can tap your phone to buy a coffee. Apple Pay is huge because it is the mass-market dawn of the change from card-present and card-not-present to cardholder-is-present and cardholder-was-present transactions.
But back to breakfast television. In the “green room” I ran into Mark Thompson, the astronomy chap, who was in to talk about the Pluto mission. As an experiment we decided to try out Apple Pay on his iPhone, which all went swimmingly. He opened up “add a card”, scanned his credit card and then… “sorry, your card is not supported”. He was using a Barclaycard.
I showed him my sticker.