In my previous article I outlined the potential of BLE (Bluetooth Low Energy) and the danger it poses to NFC (Near Field Communications).
Now I want to consider the potential implications of BLE, Apple's (AAPL) strategy and the future of the mobile payments industry.
Apple Has Rejected NFC
Apple first started investigating NFC in early 2010 and then hired experts in the NFC field. Here we are in late 2013, another iPhone has come out and there is still no sign of NFC. iBeacons are the final confirmation that Apple has rejected NFC.
Most people agree that the days of the physical credit card are numbered (even if they do not agree on the timing). Your debit and credit cards will be combined into a single digital wallet. The benefits are clear.
- You don't have to carry a bunch of different cards around wasting space.
- You don't have to worry about cards getting lost or stolen.
- It will save a huge amount of time when paying. I always thought this was a major flaw of cards. It's actually more time consuming and inefficient to pay with a card than with cash. I hate queuing behind people struggling with their cards and pins.
- Using Apple's TouchID your fingerprint should be more secure and you can't forget your pin (more on this later).
Assuming you can make it secure, the only major disadvantage of the digital wallet is that you might be left stranded if your battery runs out.
Google (GOOG) has developed Google Wallet as its digital alternative which supports all major credit and debit cards. It was designed to be used with NFC but I expect Google will adapt it to add BLE support in the future.
Google's open platform offers merchants and users free access to the wallet. It plans to make money by offering targeted ads based on users' spending patterns. Google has now implemented a Buy with Google Button which allows merchants to integrate Google Wallet into their own Android apps.
Even as I write this Google has announced a major update to its wallet, making it accessible on all Android phones running 2.3 or higher. The app is no longer limited to phones outfitted with NFC. In fact even phones with NFC may not be able to use it if they are on the wrong carrier. This might be a further indication that Google is backing away from NFC. Although clearly Google still has big plans for its wallet I think this marks a clear change in strategy.
So far Google Wallet has struggled. Until yesterday's update it was only available through Sprint (S) in the US because the US carriers (AT&T (T), Verizon (VZ) and T-Mobile) have developed their own rival service ISIS. ISIS works with an NFC SIM card and it uses the secure element embedded in the SIM. The Google wallet app also makes use of this secure element and this is why carriers like Verizon have been able to block Google wallet in favor of its own service.
ISIS has been in testing since October last year and has largely been forgotten about. But ISIS has just announced a nationwide roll out later this year.
Apple has not been playing along with ISIS, requiring ISIS to use an external secure element to make its product work on the iPhone. Now we know why (see below).
A major issue that has plagued Google Wallet is security.
Back at the end of 2011 Via Forensics found that Google Wallet left too much information unencrypted on the phone.
In February 2012 Security firm Zvelo discovered that the Google Wallet PIN, which is required of users to confirm purchases made with their phones, can be cracked via an exhaustive numerical search. Being able to access the PIN would allow criminals to use a Google Wallet-enabled phone to make purchases.
One reason that Google wallet hasn't worked so far is consumers understandably don't trust it. It could make you vulnerable to identity theft. Imagine losing your phone with all your cards and personal details in it.
NFC Security worries
A major issue with NFC has been security concerns. If your phone is lost or stolen there is nothing to stop a thief swiping the phone for his own use. Therefore a further authentication is required making NFC little different to conventional cards. Touch ID, Apple's new finger print scanning technology, could solve this problem.
Hill Ferguson, VP of Global Product at PayPal, believes that consumers don't trust the idea of putting a card on their phone. That gives PayPal a major advantage. It acts as a third party so there is nothing extra the consumer needs to do.
PayPal has just announced a major update to its iOS and Android apps designed at making this strategy a reality. The app is designed for seamless payment. It can be used to order items before you've even entered the store and then a visual confirmation is all that's required to complete the payment. I recommend watching this interview with Ferguson.
Ferguson makes the company strategy very clear - PayPal wants to take its user base into the physical world through mobile payments.
PayPal sees the huge potential in mobile payments. But what's interesting, as I showed in part 1, PayPal is clearly seem embracing BLE over NFC. PayPal has developed its own beacons to work with merchants.
It is also interesting to note Google's fallout with PayPal. Google negotiated with PayPal for two years for its wallet before instead hiring the PayPal executive negotiating the deal and other PayPal employees.
Apple's Mobile Payment Strategy
iBeacons true power could be revealed when combined with TouchID. I don't think it's a coincidence we are seeing iBeacons and TouchID launched together. The potential for TouchID could be enormous.
Will Touch ID work as Apple claims and will people trust it?
With the prevalance of privacy concerns, the fingerprint scanner was always going to be a potential banana skin. Already police scare stories are circulating which Apple can't do much about.
Early reviews of TouchID have been positive. TouchID works by scanning sub epidermal layers of the skin, rather than just a surface print. That means you won't be able to lift someone's finger print from a smudge and use it to hack their iPhone. Apple has also said that detection only works with living tissue.
Apple is not storing fingerprint data in the cloud. Instead fingerprint data is stored in a secure enclave on the A7 chip. This is reassuring but potentially has greater significance.
According to ARS Technica, if fingerprint data never leaves the device its weakness will be how it communicates the authenticated valid print with Apple's servers. If it uses an authenticated token, that token may be replicable and open to abuse. We will have to wait until we learn more and see how this works in practice.
The secure enclave in Apple's A7 chip may be far more important than we initially thought.
As Brian Roemmele, CEO of 1st American Card Service, says
"Very few people have really understood just how revolutionary TouchID is. Apple not only has developed one of the most accurate mass produced biometric security devices, they have also solved critical problems with how the data from this device will be encrypted, stored and secured."
So in a stroke Apple solves the major security issues which have plagued NFC and Google Wallet. And Apple won't have the same issues with the carriers. That's the genius of TouchID that we're missing. It's not just about the scanner, it's about the A7 chip which can act as a secure enclave for personal data. So if you lose your phone you don't have to worry about losing your identity or the phone being used to make fraudulent payments.
"It's clear that mobile payment is the core application behind ARM's work."
The closed nature of iOS also makes it ideally suited for a secure mobile payment system compared to the more open and potentially vulnerable Android.
"It Takes Time" - Apple Ad
Apple has been working on this since 2008. Yes since 2008, not long after the iPhone launched. I would be surprised if Apple doesn't have a clear strategy mapped out for this technology. This is not just a handy feature to save a few seconds when you unlock your phone. Mobile payments need security to work and Apple may just have solved that.
So how does Apple take its 575 million accounts and enable those consumers to seamlessly make mobile payments in the real world?
Passbook was Apple's idea of replacing the wallet. You take all your tickets, loyalty cards etc and put them in one app. The natural extension of this is to add in credit and debit cards and create a digital wallet.
I don't think Apple ever intends to open up Touch ID to third party apps. I expect everything will be routed through trusted apps, such as the App Store, Passbook or iTunes.
The question is will Apple launch its own iPay service? Will it have a button for third party apps similar to Google? Will it compete with PayPal and the card processors?
Credit card companies like Visa (V) and MasterCard (MA) won't welcome another party meddling in the purchase process they currently control. But Apple's 575 million account details should put it in a very strong negotiating position. That's more than PayPal and Amazon's accounts combined. Rather than directly competing, Apple may seek a licensing deal which allows other parties access to its secure hardware.
"Apple, Microsoft and Google want to own the biometric hardware for device access and also own the secure element hardware for OTA security so they can offer unbeatable security to third-party apps in exchange for revenue-generating license agreements."
How Does This Impact Apple's Bottom Line?
According to market research firm Gartner, every year people use their cell phones to buy $172 billion worth of items. And that number is expected to increase 249% by 2016.
The potential for mobile payments is clearly enormous. That potential is only realized with security and that's what could make this so valuable for Apple.
If Apple can take a cut of its account holders purchases in the real world it could have a very meaningful impact on earnings.
We thought Apple was about to revolutionize the watch or TV industry next. We were wrong. You combine the A7 chip, the Touch ID, the iBeacons, Passbook and Apple's 575 million credit card details and I conclude that it seems highly probable that Apple is preparing to make a major move into mobile payments.
Disclaimer: Each article or comment written by this author is intended as general information only, and is not intended to provide specific advice, or due diligence to be relied on. As such, the information presented in any article does not consider any reader's personal investment objectives or financial situation; therefore, no article makes any personalized recommendations. See full disclaimer here