With contactless payment increasingly trending over the past few years and cash becoming the exception, you’ve probably heard about Apple’s new mobile payment method Apple Pay, that initially rolled out in late 2014. But if you haven´t or if you just want to know more about it, this article is definitely for you.
What is Apple Pay?
Apple Pay is a mobile payment solution developed by Apple to make payments at point-of-sales (POS) terminals. It works with Apple devices such as iPhone 6, iPhone 7, Apple Watch, and more recent models.
Apple Pay replaces credit and debit cards with near field communication (NFC) and a two-factor authentication solution. It works with any POS terminal that accepts contactless payment. It’s very simple to use and safer than a credit card.
How does it work?
No extra apps are necessary to use Apple Pay, it is all accessible from your Wallet and you can make both point-of-sale and in-app purchases.
1. Point-of-sale purchases
In order to pay at a point of sale, just hold your authenticated Apple device to the POS system. If you are an iPhone user, you can get authentication by holding your fingerprint to the phone’s Touch ID sensor or facial recognition via Face ID. Meanwhile, for your Apple Watch, authentication takes place by double-clicking a button on the device.
2. In-app purchases
If you want to make a purchase for any of these items in a supported iOS app, you can choose Apple Pay as your payment method and use Touch ID to authenticate, or you can simply ask Siri to do it for you.
3. Person to person and Apple Pay Cash
Unfortunately, at the moment, these two options are only available in the US and on selected Apple products. They allow you to send and receive money and pay for just about anything, going from splitting a bill, sending money to a family member, or paying the babysitter. You can do it directly with iMessage or by just asking Siri. When the other person gets the payment, that money is added to their Apple Pay Cash card in their Wallet app. They can then decide if they wish to use the money instantly to pay someone else or make a purchase (in-app, in stores or on the web) or transfer it to their bank account.
How safe is it?
The main concern regarding any cashless payment method is whether or not it is safe. So let’s take a look at the security features for Apple Pay.
1. Secure Element
You can add payment cards to the service in any of three ways: through your iTunes accounts, by taking a photo of the card, or by entering the card information manually.
When you add a card (whether credit, debit, prepaid, or transit -where available-) to Apple Pay, the information is encrypted and sent to Apple servers. If you choose to use your device’s camera, rest assured that it is never saved on it or in your photo library.
So, how does the Secure Element -an industry-standard, certified chip that can run secure apps and store sensitive data such as for, in this case, payment- come into play? Well, as Apple explains on their support website, “After your card is approved, your bank, your bank’s authorized service provider, or your card issuer creates a device-specific Device Account Number, encrypts it, and sends it along with other data (such as the key used to generate dynamic security codes that are unique to each transaction) to Apple. The Device Account Number can’t be decrypted by Apple but is stored in the Secure Element […] on your device. Unlike with usual credit or debit card numbers, the card issuer can prevent its use on a magnetic stripe card, over the phone, or on websites. The Device Account Number in the Secure Element is isolated from iOS, watchOS, and macOS, is never stored on Apple servers, and is never backed up to iCloud.”
When referring to data security, tokenization is the process through which a sensitive data element is replaced with a non-sensitive one, which is called “token”, and has no exploitable meaning or value. It is merely a reference that maps back to the sensitive data through a tokenization system. Tokens cannot be reversed unless there is a tokenization system.
In our current context, the PAN (Primary Account Number) is replaced with a token through this method. How does this help? Well, instead of using the original card number in your transactions, the token is used, which may look like a regular card number but it is definitely not the original PAN. Tokens by themselves are of no use and it is impossible for criminals to reverse engineer the PAN from them.
You can learn more about Apple Pay’s security features here.
How can I add it in my app?
We have seen Apple Pay from the user’s perspective, but how does it work for the seller, specifically regarding in-app purchases?
In-app purchases fall under four categories all of which can be sold and promoted by Apple Pay: consumables (such as lives or gems in a game), non-consumables (which are purchased once and don’t expire), auto-renewable subscriptions, and non-renewing subscriptions.
According to Apple’s site, in order to add Apple Pay to your app, you will first have to “sign the Paid Applications Agreement and set up your banking and tax information”, then you’ll need to set up Xcode configurations to enable the service and finally configure the purchases in App Store Connect, including all the apps info (name, price, and description). After that, and once you’ve designed and implemented your in-app purchases and validated receipts, you can test transactions by using Apple sandbox testing environment and the full user experience by using TestFlight. Once testing is completed, you can submit your in-app purchases for review using App Store Connect once again, and you’re good to go.
An extra feature if you have iOS 11 is that you have the possibility to promote up to 20 in-app purchases at a time on your product package; this increases discoverability of content that could originally only be seen once inside your app. What is more, you can also issue promo codes to press and influencers to help you with marketing.
What else should I know?
If Apple Pay has caught your eye and you’re thinking it might be of use for you or your business, you’d be interested to know it is available in almost thirty countries and regions as of August, 2018, including the United States, the UK, China, Switzerland and, Brazil, with Germany in the works to join in the upcoming months. Moreover, over a dozen networks support it, including heavyweights such as Visa, Mastercard, and American Express, it’s been reported that it had 127M users as of February, 2018 and a study by Juniper Research also states the service will reach 200M users by 2020.