How ApplePay was created - the revolutionary mobile payment system

At the presentation on September 9, 2014, Apple, in addition to iPhone 6 and AppleWatch, introduced the new mobile payment system ApplePay. What is she good at? And how will the future of payment systems change? Few people have thought about it yet. In the article Brian Roemmele under the cut, which we translated for Habr, - the whole story of Apple's path to this innovative technology.

ApplePay's Long Way

On ApplePay a lot of things will be written and said. Even many astute experts will assume that it took Apple a year or so to create this new payment system. To tell the truth, in fact it was a real Odyssey, which covered almost a whole decade. On the Apple side, it was really the skill of negotiating not to try to get into the competitive environment of payment system representatives, not to fight with them, but to cooperate.

Yes, for Apple and payments, it was a very long journey that began just a few months after the announcement of the release of the first iPhone. Apple chose to slowly but surely go to what would later become a function that would allow iOS devices to go much further than all its competitors. The first patent applications that were directly related to the payment system began to appear in 2008, and at the same time, they were not obvious to anyone until the last few weeks. Even a few days before Apple released the iPhone, one could see the basis for future fingerprint scanners and other security systems.

Apple realized very early that if you want to use a mobile wallet, it should be as secure as possible. The result of this idea was the TouchID technology, the foundation for which was laid during the purchase of AuthenTec. Security has also been enhanced with the ARM processor of iOS devices. This has been achieved through the use of TrustZone / SecurCore ARM, designed specifically to protect financial data. Apple developed Secure Enclave based on it.
')

Violations in the work of payment systems have changed everything

The leakage of cardholder data from the Target retail chain was a turning point in the payment card industry. Up to this point, members of the payment ecosystem had very little motivation to change the way they process payment cards. Since the 1970s, the era of magnetic stripes has been the main system used in the United States — dozens of startups have spent billions of dollars over the past two decades trying to “destroy” this system, but all to no avail. But data leakage from Target changed everything: a huge number of card numbers were stolen from 5 top retailers, and this attracted the attention of government regulators. On January 10, 2014, I argued that the companies issuing payment cards would start supporting new technologies in order to provide a higher level of security. I said the following:

"Secure Enclave and Apple Touch ID appear like a movie
As if at the beginning of a spectacular film, Apple introduced a fully encrypted wallet called the iPhone. The new iPhones use Secure Enclave, iCloud Keychain and Touch ID to make the iPhone and iWallet, which is already on the way, a fairly reliable solution to many of the above problems. By the end of 2014, we will see the result of almost a decade of Apple work - the first real, useful and secure mobile wallet " , - January, 2014

EMV conquers America, but is it the best way to pay?

This set the stage for the biggest change in history regarding card payment terminals. Visa and MasterCard offered an EMV standard used in other parts of the world to replace the magnetic stripe on a payment card. The difference is that in the States you will not need to enter a PIN code. Hidden in most recent EMV standards, the system is called Wireless EMV. Wireless EMV is NFC (Wireless High Frequency Communication Technology) under any other name and with some extensions. I think that both NFC and Wireless EMV used this method. The first shift affected large-scale retailers in the United States in 2013, and this is happening again today. For the vast majority of sellers in the US, these updates will be either free or very cheap. Almost in every terminal for a new payment card located in the USA, of course, EMV is a key part of the device, although most of them include NFC. The reasons are simple, but they are quite a lot. Using an EMV will almost always take longer than taking a card through a terminal. But even worse, in the safest mode, EMV requires a PIN code - this can add more than 45 seconds to the time of the transaction, which was done in a few seconds before.

There are other problems associated with EMV, for example, nothing has been done to detect the cause of data leakage from Target. The EMV system does not encrypt data when it is sent from the card to the merchant payment system. The only way to change this is to use one-time passwords and encrypt all data from start to finish. This means that the payment card data is encrypted in the process of transfer through all payment systems, so trying to hack it in any way it is useless. Thus, EMV did not provide a sufficiently satisfactory solution to what the real problem was with the massive leakage of payment card data.

Apple has developed a beautiful solution. By maintaining the security of the payment card in the iOS device inside the Secure Element and reading the data from the card solely in an encrypted form, the three global problems of retail payments are completely solved:

• Payment cards are always safe.
• Eternal card validity
• Perform a new transaction faster than swiping a card through a terminal

ApplePay: patents showered one after another

The system was based on more than 50 patents and patent applications, and it was obvious that Apple would use NFC technology as the basis for its own retail payment system. However, first it was necessary to agree on the way in which the Secure Element, controlled by cellular operators, will be replaced by the ApplePay system.

This allowed Apple, and not operators, to control the fate of ApplePay. This method was approved, including in writing, by Visa and MasterCard and received the name Host Card Emulation and Tokenization. These systems are the foundation of how ApplePay works. Initially, this system was related only to NFC, but Apple expanded its use for the purchase of applications.







ApplePay features: account numbers that are exclusively for devices are stored in the Secure Element system, the payment code is one-time, the security code is dynamic.

Apple proved themselves to be negotiators, communicating with the developers of each element of the existing payment system. Apple also successfully negotiated with record companies, the film and television industries, the book industry (not so successfully), mobile operators, automotive industry and home automation companies. Apple had to work with:

• MasterCard, American Express, Discover, UnionPay
• Leading banks
• Top processor companies
• Top payment card companies
• Top payment terminal companies
• Top retailers
• Top Application Developers





What Apple paid attention to the audience:








- Security
- Anonymity
- Apple doesn't know what you bought
- Apple doesn't know where you bought it.
- Apple doesn't know how much you paid for it.
- The cashier does not see your name.

How does ApplePay read a payment card?

Downloading a payment card is a simple process. You can register a payment card in iTunes or just take a picture of the card, and it will be encrypted in the security element. Apple verifies that your card is valid, and that you are an authorized user. Currently, 85% of US payment cards are compatible with the Host Card Emulation / Secure Element that Apple uses. The rest too will be able to do it soon.

How ApplePay works in stores

From the user's point of view: you go to a store that uses the updated ApplePay NFC system (this is a minor update for any merchant - the cost will be either very small or zero). To make a purchase using the iPhone 6, you need:

1. Come to the store for shopping and choose a product
2. Go to the checkout
3. Take an iPhone and hold it over an NFC reader
4. Confirm the default base card you selected on the Passbook screen, or select another card
5. Press your finger on the TouchID.
6. Payment completed

The operation is instantaneous, Passbook gives you a receipt. It will be much faster than using a card through a terminal or in the future using a client-side EMV terminal that recognizes faces. The Apple Watch will have a Passbook application and the ability to select multiple payment cards, despite the fact that there will not be a TouhId, unique biometric data will be used to verify the user. ApplePay offers customers:

• Security: disposable cards cannot be stolen.
• Speed: you need to put very little effort in order to spend an Apple Watch or iPhone in front of the terminal.
• Efficiency: all your cards are stored on one device, and your wallet will be thinner.



From the seller’s point of view: the transaction goes through traditional payment systems and does not require any new contracts or agreements - everything just works. It is believed that "the card is presented at the time of purchase." This is important because all other operations using a mobile wallet would cost the seller more money after the electronic payment start-ups stopped generating revenue. Thus, all a seller needs to do is install an NFC update. ApplePay offers sellers:

• Security: they are no longer responsible for stealing data from any payment card
• Speed: the process will be faster, as there will be less delays
• Efficiency: sellers will no longer need to ask for an ID, as this will not be allowed

From an Apple point of view: Apple provides a useful service for storing payment cards in the most secure system integrated into a mobile wallet. This will make Apple the center of the universe in terms of innovation in the payment system and will allow you to use this service to the fullest in the future.

How ApplePay works inside applications

Another aspect of ApplePay is application work. Apple created an API that allows retailers to get a one-time card number in a very secure way, as well as with the ability to transfer demographic information with the user's permission, including the address. Thus, with a single touch, Apple will complete the transaction and allow you to move on. Stripe was a valuable Apple partner and gained early access to the ApplePay system. As a result, Stripe has created a convenient and beautiful API that allows application developers to get quick and easy access to ApplePay.



Apple did not stop there: they open this API for all developers and payment methods, and I predict that it will turn into the main method of payment within applications.



- Authorization by one touch
- No need to enter card number
- No need to drive in the address
- No information about the card is transmitted to the seller

In the case of Target, for example, the buyer simply makes purchases as usual. When they are ready to pay, the cardholder simply needs to tap TouchID to complete the transaction.



In the case of OpenTable, Apple Pay allows you to pay for ordered food by simply clicking on the TouchID. No need to provide any payment cards after meals.

Apple: Payment Intermediary

The beauty is that Apple does not require the retailer to change the provider that provides the transit account for the merchant, and the existing systems work the same way as before. This contrasts strongly with the interruption model of the operation, which is used in virtually every startup involved in payments. Apple's strategy is to work together with other members of the payment infrastructure, rather than compete with them - this is the only reason Apple’s success in this business, and not its size. If Apple approached this problem with the intention to take possession of “both sides of the transaction,” as most payment companies do, they would face serious resistance.

Apple does not process payments, Apple does not issue payment cards, Apple will be only an intermediary in the existing system, which will noticeably improve in the course of its work. Apple will securely store payment card data, encrypt it using various technologies to transfer it safely during the transaction.

It all began with the announcement of the IPhone 5s, when Apple first held meetings with banks, as well as representatives of the companies Visa and Mastercard. They wanted to introduce a new way to make mobile payments, which would be much safer than any other method in history. In addition, they also wanted to request a reduction in the total cost of the transaction. Finally, they asked for privileges, as well as a share in the future profits of the issuing bank of the payment card for creating the method.

In sum, it was all a daunting task, because Apple needed the approval of many participants. They had to convince payment card issuing banks that supporting Apple’s new methods was in their interest for many reasons. The majority do not understand that about 85% of the funds that the cardholder pays for the operation will go straight back to the bank that issued the payment card. Apple needed the consent of the top ten banks to earn less money in order to offer Apple something for the technology that the company would provide. In addition, Apple had to convince Visa and MasterCard, but it was the easiest part of the deal. For all this work, Apple will receive a share of the fees received by payment systems. At the same time, both parties to the transaction will not pay anything more for using the ApplePay system.



Apple receives income in the form of a share of transaction fees of the bank that issued the payment card. Neither the seller nor the consumer notice any increase in value. The seller can choose any provider.

This is just the beginning, ApplePay will still show itself

The ApplePay system, which we saw on September 9, 2014, is not an ApplePay, which we will see in a year or more. ApplePay is similar to the iPhone 1 - and this is only the first step in a much longer journey of Apple and payments in general. I am sure that the desire not to try to force merchants to change their trading account, as well as retailers not to change their systems or processes that they have already built, will be the basis of success. We will see presentations from Apple's new add-ons that will interact with users even better, because Apple is beginning to integrate ApplePay into retailers' POS systems. This process will also include the transfer of data to the ApplePay user, which will be based on a transaction within a real and efficient receipt receipt system.

We will also witness the introduction of iBeacons that will be used in conjunction with ApplePay. This will be a huge next step for ApplePay, which will also be a huge step towards ApplePay 2.

To achieve success, ApplePay needed recognition from a wide range of vendors, and I am 100% sure that this part of the journey to ApplePay was the best. Soon we will find out what to expect next!

It just works: ApplePay Magic

Typical users of the iPhone or Apple Watch will be able to experience what many people call the magic of Apple. This will all work, and you will be required less than simply carrying a payment card through the terminal.

When Apple finishes adding new features to this system, most people will no longer want to use any other method of payment. I think ApplePay will be an exclusive addition to new iOS-based devices, such as white Apple headphones for the iPod and iPhone 1. This is a clear sign that you have become a new Apple iWallet user. Of course, this will lead to the fact that Apple iWallet will become an indicator of prestige and high status, and this is not accidental. Soon we will see that this interesting payment method will become almost iconic in the next few months.

I have always said that in the case of mobile wallets, we will all vote with a ruble in the literal sense of the word. We needed a reason for us to want to use a new payment method. I think ApplePay is the first system that can start a real evolution of payments. With ApplePay, Apple will be able to permanently change the method of payment for goods and services. There will be less reason to show your payment card. Your iOS device will take care of everything, and it will work.

Amazing journey

I think history will remember that ApplePay has been the biggest improvement in the payment system since the invention of the magnetic strip of a payment card. We have already come a long way since Dotea Perry accidentally invented a modern payment card in the early 1960s, when she was ironing IBM white shirts for her husband. How far we have been from that evening in the 60s.