back to article UK banks prepare for Apple Pay 'invasion', look to slap on bonking protection

Apple's attempt to launch its NFC payment solution in the UK could be thwarted by some financial institutions' concerns over privacy and security issues surrounding Cupertino's "invasion" of the banking industry. The system, which has been developed with the credit card companies, has been tried by two million iPhone 6 users …

  1. Ted Treen
    Devil

    Bah! Humbug!

    "...Airing concerns about security, money laundering and financing of terrorism is a standard tactic employed by the banks..."

    Hence the recent humomgous settlements paid by HSBC and others to the US regulatory authorities for dealings with massive sums of drug money, financial dealings with terrorist-sponsoring states, and myriad other skullduggeries.

    Concerned - but mainly about how much they can make from it, it seems.

  2. frank ly

    Points

    1) "... banks concerns over privacy ..."

    2) "... a beachhead for an invasion of the banking industry ..."

    Point 1 is not the customer's privacy that the banks are concerned with. It's the details of the ways in which customers tend to interact with the banks. The banks regard this as their private information. It's point 2 that the banks are worried about.

    1. Tom 7

      Re: Points

      2) there are plenty of other beachheads into the banking industry most of which will be a cheaper than the banks and therefore a lot cheaper than any iBanking.

  3. Anonymous Coward
    Anonymous Coward

    Money laundering....

    "Airing concerns about security, money laundering and financing of terrorism is a standard tactic employed by the banks when they want to slow the adoption of a new technology."

    And when they're not actually aiding money laundering and financing terrorism.

    1. got handle?

      Re: Money laundering....

      Banks are not filling up their pockets as they used to, so get ready for more of the hoopla from the banks. Probably voe days for the banks with stiff competition as the payment industry enters new era. Yelling, weeping, crying out foul is not going to help the banks.

  4. Pen-y-gors

    Where do Apple fit in?

    Another report about this had Apple saying that privacy etc isn't an issue, as the transaction only involves the customer, the retailer and the bank.

    In which case, how do Apple justify taking any commission, even if it's 0.15%? Surely any costs to Apple should be paid by a one-off fee to purchase some form of App?

    It's a bummer though? Who do I generally trust less? The banks or Apple? That's a hard one.

    Who do I trust less when it comes to data security? - that's easy, Apple.

    1. gnasher729 Silver badge

      Re: Where do Apple fit in?

      Where does Apple fit in? Look at recent massive security breaches, like 76 million credit card numbers stolen from one major US retailer alone. With Apple Pay, nobody involved ever learns your credit card number. As a result, no credit card numbers can be stolen. And since the biggest cause of money loss is using stolen credit card numbers for online purchases, every time Apple Pay is used one such scam is prevented. That's why the US banks are paying Apple quite willingly. And it's not as if this isn't widely known by now.

      And I'd be curious to know why you wouldn't trust Apple with data security.

      1. Ambivalous Crowboard

        Re: And I'd be curious to know why you wouldn't trust Apple with data security.

        http://www.theregister.co.uk/2015/01/10/spotlight_caught_spreading_your_delicates/

    2. sugerbear

      Re: Where do Apple fit in?

      On your second point apple had to build a secure element into the iphone to hold the payment app (along with the secure keys), plus they also have to build some of the infrastructure to support setting up the payment app.

      The payment itself is between the phone and the merchant which then gets authorised through the scheme by the issuer of the card (or token in the case of the bonking applet).

      It's apple at the end of the day and they will charge what the issuers are prepared to pay. The issuers dont have to play with Apple, they can build their own secure application/infrastrure (like the telco's tried to do).

    3. Mike Bell

      Re: Where do Apple fit in?

      Apple assumes some of the liability for fraudulent use. For this they receive a small commission on each transaction. It would an odd world if they took on liability without reimbursement.

      1. Anonymous Coward
        Anonymous Coward

        Re: Where do Apple fit in?

        I'm not sure Apple is accepting any liability, do you have a source?

        Apple worked very closely with the banks to develop the secure element, with the understanding it would be the banks' IP, and I've heard the banks will eventually require its inclusion in any phone allowed to make EMV payments. So don't be surprised to see it included in Android phones next year (though it may be called something different) Maybe the 0.15% was quid pro quo for that help, or the licensing of patents that were used in its development. Presumably the banks believed Apple's help would push EMV adoption, which is something that will reduce the banks' costs.

        Anyway, it comes down the fact that Apple gets 0.15% because that's what the banks were willing to give them.

    4. Tom Samplonius

      Re: Where do Apple fit in?

      "In which case, how do Apple justify taking any commission, even if it's 0.15%? "

      I don't know what is like in the UK, but in US/Can the credit card processors take at least 10 times that, or 1.5% to handle a transaction. And if you are a small, less well known merchant, it is usually 2.5% or more. They just take it from the merchant as a "discount fee". As long as the merchant doesn't think themselves as being big enough to launch their own payment system as CVS and Rite-Aid think they can, 0.15% is very merchant friendly.

      The real companies under threat here are Visa and MasterCard. And they are both completely embedded into the banking industry.

      1. Anonymous Coward
        Anonymous Coward

        Re: Where do Apple fit in?

        You misunderstand. The retailer is paying the same commission they pay normally when you pay with Apple Pay. The 0.15% Apple gets is out of the bank commission of 1-3% (exact amount depends on various factors)

        If retailers were only paying 0.15% they'd be going for Apple Pay in droves, and the banks would not only have not worked with Apple on it, they'd be doing whatever they could to torpedo it as it would take billions a year off their profits.

    5. melgross

      Re: Where do Apple fit in?

      Seriously? The banks are constantly being broken into. Some aid criminal organizations by laundering money. Both American and British banks have been caught doing that, though is seems to be a British speciality.

      The only real thing you can point to with Apple is the somewhat false notion that they were broken into concerning some celebrity accounts, which was a result of robo password breaking, now fixed.

      Apple Pay has been explained by third parties as being very secure. Apple has nothing to do with the payments themselves. Unlike Google Wallet, where all information passes through Google, nothing passes through Apple.

    6. melgross

      Re: Where do Apple fit in?

      Apple has agreed, as has been mentioned already, to assume all fraud costs. As American Express has stated, this .15% transaction cost will be less than the cost of the fraud they are paying now. It's expected that fraud will be very low to nonexistent with Apple Pay.

  5. KjetilS

    " If customers wish to use another card, they can photograph the card with the phone’s camera."

    Great, but I hope there are some additional steps to it, like Paypal or Steam does it (having a tiny amount drawn from the card, which you need to verify by entering the exact amount or a code from the bank statement).

    1. Mike Bell

      Additional steps...

      Your bank sends a verification code to you via various means before they let you use Apple Pay. The banks use their own security systems to make sure it's a kosher registration. Photographing the card using the phone's camera is just a convenience measure. You can use the camera to similarly scan iTunes gift cards, rather than typing in a long number.

      AFAIK, cards that are already registered for iTunes payments are already verified by your bank.

      1. OllyL

        Re: Additional steps...

        Works very well.

        I'm back in blighty for a while having lived the last few years stateside and when I picked up an iPhone 6 here it noticed that the card on file with iTunes was a Wells Fargo one and would I like to add it. I then had to log into the Wells Fargo online banking and confirm that I did indeed want to grant iTunes the ability to use this card for iPay and it was all done in about 10 mins.

        Works very well over here (Greggs, Boots, Sainsburys...anywhere that the contactless payments thing is shown it would seem). The killer for it will be the 20quid limit they arbitrarily set. Stateside I can wander into BestBuy and spend as much money as I have with the phone, I find the limit somewhat curious and pointless (although I assume it's rooted in the banks not wanting to let anyone in on those juicy high value transactions (or a percentage thereof)).

        I would assume this is old hat to those with a 'droid mobile, given there have been NFC chips in those phones forever...

        Do Apple have any plans to allow one to add other NFC cards to the passbook thing? would be nice to get my oyster card/Reading bus ticket in there so all I need for my day to day stuff is the telephone...

        1. melgross

          Re: Additional steps...

          That would be up to the London transit organization. Apple is happy to have every NFC enabled service on their system. The Chevon oil company is working with Apple to implement this on their gas pumps.

          1. Mark 65

            Re: Additional steps...

            The Chevon oil company is working with Apple to implement this on their gas pumps.

            So much for not using your phone near the pumps.

    2. ecarlseen

      Additional steps.

      Yes, you have to go through a separate approval process with your bank. Some banks use SMS, some require you to call in, others use email. And since the transactions can be traced back to a specific mobile device, it should discourage fraud. I suppose you could use an iPhone as a burner, but it would be an expensive burner.

  6. msknight

    Royal Mint - Pah

    A good friend of mine has been a coin collector for decades.

    The quality of coins from the Royal Mint has, he said, depreciated and if you send a proof coin back to them as being below par, (BU standard) and they disagree with you, then they shove the onus of proof on to you. I believe they've reduced the number of strikes on proof coins, or something. He did tell me all about it.

    He also saw loads of commemorative coins being released to try and encourage people to collect coins, but the shear number and value of them would cost an average new collector a small fortune. In his opinion, they've flooded the market and, from what I've seen, I think he's got a very valid point.

    So, well, I guess I'll stick with the paper ... ahem... plastic stuff then.

    This is a blog post I wrote a while ago, based on what he told me ... http://msknight.com/loas/?p=282

  7. Zog_but_not_the_first
    Unhappy

    So my choices will be...

    Apple or the banks. Jeez.

    1. Richard Jones 1
      Flame

      Re: So my choices will be...

      Mattress? for storage

      Cash? Chicken bones? Nose rings? for payments

      It will not be apple, for either, ever.

      Others are welcome to their own position; for the moment it is still a free - ish world and would do nothing to limit those with the desire using apple if they so wish

  8. Slx

    As an added security feature you have to hold the phone just the right way to get a signal.

    1. Mike Bell

      Yep, the right way being anywhere in the vicinity of the card reader. It doesn't need a phone signal to conduct the transaction.

  9. John Brown (no body) Silver badge

    Catch 22

    It might be fun if, in an attempt to force ApplePay into the market, they decided to only accept ApplePay in the AppleStore.

    "Anyone who's not already an Apple customer isn't rich enough to be worth having as a customer."

    (Anonymous quote from an anonymous Apple leaker)

    1. gnasher729 Silver badge

      Re: Catch 22

      That would be a bad idea, because nobody could upgrade from an iPhone 5s to a newer phone.

      The quote seems very strange, because Apple always presents proudly the percentage of new customers.

      1. John Brown (no body) Silver badge

        Re: Catch 22

        Every now and then I forget that a joke icon is obligatory when posting humour.

        1. gnasher729 Silver badge

          Re: Catch 22

          Maybe you should try posting humour, then it doesn't need a joke icon. You just posted "wouldn't it be funny if Apple did something that showed huge contempt for every potential customer and drive them away, and which would at the same time be immensely stupid because it would drive away more than 90% of their existing customers away as well". What's funny about that?

          And "posted by an anonymous Apple leaker" - how would you know this was an Apple employee if the person was anonymous? Or was that a "joke" as well?

  10. ecarlseen

    Privacy and Security

    I would suspect that the banks' real objection is that somebody actually wants to offer these things to their customers. I don't know about the UK, but in the US they all sell data on their customers and make nice piles of overdraft, late payment, and credit limit exceeded fees if your accounts are breached.

    I know that people here love to bitch and moan about Apple's expensive offerings, but at the end of the day they understand that what they sell is the product - not their customers' data. As opposed to the banks, Google, etc.

  11. Anonymous Coward
    Anonymous Coward

    so now people are going to trust Apple with their finances and health...

    there's going to be a flood of BANKRUPT and DEAD out there /s

  12. JaitcH
    Unhappy

    I wouldn't trust Apple with my CC number ...

    apart from the fact they could do evil with it, next they will set up an Apple credit bureau. Along with health, Apple has a lot of data to sell.

    Coming soon ... walk by CC data theft. Or even by 'bumping' someone whilst making a call and getting credit approval info.

    1. gnasher729 Silver badge

      Re: I wouldn't trust Apple with my CC number ...

      Well, Apple has claimed very loudly in public that they don't have access to your credit card details. It's hidden a way in some chip that nobody has access to. (The exception is if you use the credit card that you use for the App Store, then Apple as a retailer has your credit card information).

      Since they made this claim very loudly in public, if Apple _could_ "do evil" with your data (normally that term is associated with Google), that would be the mother of all lawsuits hitting Apple. I don't know if you read anything about Apple Pay, but the whole point is that your credit card information is _never_ accessible to anyone, and Apple Pay can only be used by someone who has your phone and your fingers.

    2. Anonymous Coward
      Anonymous Coward

      Re: I wouldn't trust Apple with my CC number ...

      Not a lot of point in having a card then surely? There's a shedload of well publicised breaches from large and supposedly respected retailers, and plenty of smaller websites and retailers handle data in ways that are distinctly iffy. And almost all (or those processing data on their behalf) will sell it on, whereas Apple specifically state they don't - granted they might be talking bollocks.

      Using a card anywhere carries a risk, but as I understand it applepay transactions only exchange a meaningless transaction token, so you're haemorrhaging less data than you would in a conventional CC transaction, and the retailer doesn't get sight of personal details unless they're given in a way unconnected to the payment, presumably voluntarily.

      The transactions require authentication by either passcode or fingerprint reader, so the 'walk by' scenario would seem unlikely too, at least in my understanding; conventional NFC payments is a far more likely target.

      By all means slag apple because you just don't like them, but I wouldn't harbour any illusions about other uses for a CC being less scammable, and the banks approach to online security (my own bank certainly) and some aspects of payment authentication is completely mickey mouse, far more intent on pushing liability back to the customer than providing any meaningful security.

  13. got handle?

    And....Apple isnt the only player to mess with banks, google and others want to grab on to the business of payments.

  14. robin thakur 1

    Why not now?

    So why are we still waiting to be able to use Apple Pay in the UK ?? I've been looking forward to be able to use it for ages now! It's a more secure system than anything else available, and is massively more convenient for me than using a card or Barclays rubbish "gloves" or whatever they've developed this week. I would also like to replace or enroll all my cards like TFL Oyster etc on my iPhone and have done with it. At least then if I lose it, it's more secure than my cards being stolen, it's fully encrypted and I can remotely wipe it. Why are the banks even allowed to drag their feet on this to try and derail it when it is massively in the consumer's interest?!?

    1. gnasher729 Silver badge

      Re: Why not now?

      The banks have to do some work for that. It actually works already if you have a US credit card, as some Americans visiting the UK have tried. When you use your credit card, it sends a message "this is robin's credit card" to the terminal. Which is then sent to your bank, they check it, and payment is made. With Apple Pay, the phone sends something like "this is Apple Pay magical card 39fj9212^51238*" to the terminal. Which sends it to the bank, and the bank has to check it, figure out that it's _your_ bank account behind it, and make the payment. Several US banks have done this, UK banks haven't.

      I also hear that the usual limit of £20 is built into the terminals, so they might want to change that in the terminals to allow higher purchases with Apple Pay than with a credit card.

  15. Anonymous Coward
    Meh

    Pay by bonk? Already got it...

    ...it's called NFC cards. Look at your card. If there's something that looks like half a WiFi symbol on it, you've got NFC payments enabled for small purchases. It's a system that's accepted for use by most banks in the UK, at least.

    That is all.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like