How ApplePay was created - a revolutionary system of mobile payments

At the presentation on September 9, 2014, in addition to the iPhone 6 and AppleWatch, Apple introduced the new ApplePay mobile payment system. Why is she good? And how will the future of payment systems change? Few have thought about this yet. In the article by Brian Roemmele under the cut, which we translated for Habr, is the entire history of Apple's path to this innovative technology.

Long Way ApplePay

A lot of things will be written and said about ApplePay. Even many astute experts will suggest that it took Apple a year or so to create this new payment system. To tell you the truth, it was actually a real Odyssey that spanned almost a decade. On the part of Apple, it was truly a negotiation skill not to try to get into the competitive environment of representatives of payment systems, not to fight with them, but to cooperate.

Yes, for Apple and payments it was a very long way, which began only a few months after the announcement of the release of the first iPhone. Apple chose to slowly but surely move towards what would later become a feature that would allow iOS devices to go much further than all competitors. The first patent applications that were directly related to the payment system began to appear in 2008, and at the same time, they were not obvious to anyone until the last few weeks. Even a few days before Apple launched the iPhone, one could see the basis for future fingerprint scanners and other security systems.

Apple realized very early that if you want to use a mobile wallet, it should be as secure as possible. The result of this idea was TouchID technology, the foundation for which was laid at the AuthenTec purchase stage. Security has also been enhanced with the ARM processor of iOS devices. This was achieved through the use of TrustZone / SecurCore ARM, designed specifically to protect financial data. Apple developed the Secure Enclave based on it.

Violations in the operation of payment systems have changed everything

The leak of data from cardholders from the Target retail chain has become a turning point in the payment card industry. Up to this point, members of the payment ecosystem had very little motivation to change the way they process payment cards. Since the 1970s, the era of magnetic strips has been the main system used in the United States - dozens of startups have spent billions of dollars over the past two decades trying to “destroy” this system, but to no avail. But the data leak from Target changed everything: a huge number of card numbers were stolen from 5 top retailers, and this attracted the attention of state regulatory authorities. I argued back on January 10, 2014 that payment card companies will start supporting new technologies to provide a higher level of security. I said the following:

“Apple’s Secure Enclave and Touch ID appear like in a movie.
As if at the beginning of a spectacular movie, Apple introduced a fully encrypted wallet called the iPhone. The new iPhones use Secure Enclave, iCloud Keychain and Touch ID to make the iPhone and iWallet, which is already on the way, a fairly reliable solution to many of the above problems. By the end of 2014, we will see the result of almost a decade of work by Apple - the first real, useful and secure mobile wallet, ” - January, 2014

EMV conquers America, but is it the best way to pay?

This set the stage for the largest change in history regarding card payment terminals. Visa and MasterCard have proposed an EMV standard used in other parts of the world to become a replacement for the magnetic strip on a payment card. The difference is that in the States you won’t need to enter a PIN. Hidden in most recent EMV standards, the system is called Wireless EMV. Wireless EMV is NFC (Wireless High Frequency Technology) under any other name and with some extensions. I think that both NFC and Wireless EMV have used this method. The first shift affected large-scale retailers in the United States in 2013, and this is happening again today. For the vast majority of sellers in the United States, these updates will be either free or very cheap. In almost every terminal for a new payment card located in the USA, of course, EMV is a key part of the device, although most include NFC. The reasons are simple, but there are a lot of them. Using EMV will almost always take longer than passing a card through a terminal. But even worse, in the safest mode, EMV requires a PIN code - this can add more than 45 seconds to the transaction time, which previously took several seconds.

There are other problems associated with EMV, for example, nothing was done to detect the cause of data leakage from Target. EMV does not encrypt data when it is sent from the card to the merchant payment system. The only way to change this is to use one-time passwords and encrypt all data from beginning to end. This means that the payment card data is encrypted during transmission through all payment systems, so trying to crack it in any way is useless. Thus, EMV did not provide a sufficiently satisfying solution to what was the real problem with the massive leakage of payment card data.

Apple has developed a beautiful solution. By maintaining the security of the payment card in the iOS device inside Secure Element and reading the data from the card exclusively in an encrypted form, three global problems of retail payments are completely solved:

• Payment cards are always completely safe
• Card expiration date
• Transaction in a new way is faster, how to draw a card through the terminal

ApplePay: patents poured one after another

The system was based on more than 50 patents and patent applications, and it was obvious that Apple would use NFC technology as the basis for its own retail payment system. However, first it was necessary to agree on the method by which Secure Element, controlled by mobile operators, will be replaced by the ApplePay system.

This allowed Apple, and not the operators, to control the fate of ApplePay. This method has been approved, including in writing, by Visa and MasterCard and is called Host Card Emulation and Tokenization. These systems are the foundation of how ApplePay works. Initially, this system was only related to NFC, but Apple has expanded its use cases for purchasing applications.







ApplePay features: account numbers designed exclusively for devices are stored in the Secure Element system, the payment code is one-time, the security code is dynamic.

Apple has proven to be negotiating masters, communicating with the developers of each element of the existing payment system. Apple also successfully negotiated with record companies, film and television industry, the book industry (not so successful), mobile operators, representatives of the automotive industry and home automation companies. Apple had to work with:

• MasterCard, American Express, Discover, UnionPay
• Leading banks
• Top processor development companies
• Top payment card companies
• Top companies making payment terminals
• Top retailers
• Top application developers





What Apple drew the listeners' attention to:








- Security
- Anonymity
- Apple does not know what you bought
- Apple does not know where you bought it
- Apple does not know how much you paid for it
- The cashier does not see your name

How does ApplePay read a payment card?

Downloading a payment card is a simple process. You can register a payment card in iTunes or just take a photo of the card and it will be encrypted into a security element. Apple verifies that your card is valid and that you are the authorized user. Currently, 85% of US payment cards are compatible with the Host Card Emulation / Secure Element that Apple uses. The rest will be able to do this soon too.

How ApplePay Works in Stores

From the point of view of the user: you go to a store that uses the updated ApplePay NFC-system (this is a minor update for any seller - the cost will be either very small or zero). In order to make a purchase using the iPhone 6, you need to:

1. Go to the store to buy and select the goods
2. Go to the cash register
3. Take the iPhone and pass it over the NFC reader
4. Confirm the default primary card, on the Passbook-screen, or select another card
5. Press with your finger on TouchID
6. Payment is completed

The operation takes place instantly, Passbook gives you a receipt. This will be much faster than passing a card through a terminal or in the future using a client EMV terminal that recognizes faces. The Apple Watch will have the Passbook app and the ability to select multiple payment cards, although TouhId will not be there, unique biometric data will be used to verify the user. ApplePay offers customers:

• Security: One-time cards cannot be stolen.
• Speed: you need to make very little effort to hold an Apple Watch or iPhone in front of the terminal.
• Efficiency: all your cards are stored on one device, and your wallet will be thinner.



From the point of view of the seller: the operation goes through traditional payment systems and does not require any new contracts or agreements - everything just works. It is believed that "the card is presented at the time of purchase." This is important because all other operations using a mobile wallet would cost the seller more money after startups involved in electronic payments ceased to generate income. So all the seller needs to do is install the NFC update. ApplePay offers sellers:

• Security: they are no longer responsible for stealing data from any payment card
• Speed: the process will go faster, because there will be less delays
• Efficiency: sellers will no longer need to ask for an ID, since this will not be allowed

From the point of view of Apple: Apple provides a useful service for storing payment cards in the most secure system integrated into a mobile wallet. This will make Apple the center of the universe in terms of innovations in the payment system and will make full use of this service in the future.

How ApplePay Works Inside Applications

Another aspect of ApplePay is working in applications. Apple has created an API that allows retailers to receive a one-time card number in a very safe way, and also with the ability to transfer demographic information with the permission of the user, including the address. Thus, with one touch, Apple will complete the transaction and allow you to move on. Stripe was a valuable partner for Apple and gained early access to the ApplePay system. As a result, Stripe created a convenient and beautiful API that allows application developers to quickly and easily access ApplePay.



Apple did not stop there: they open this API to all developers and payment methods, and I predict that it will turn into the main payment method within applications.



- One touch login
- No need to enter a card number
- No need to drive in an address
- No card information is transmitted to the seller

In the case of Target, taken as an example, the buyer simply makes purchases as usual. When they are ready to pay, the cardholder just needs to press TouchID to complete the operation.



In the case of OpenTable, Apple Pay allows you to pay for ordered food by simply clicking on the TouchID. There is no need to provide any payment cards after meals.

Apple: Payment Intermediary

The beauty is that Apple does not require a retailer to change the provider that provides the transit account for the seller, and existing systems work as before. This is in stark contrast to the abort model, which is used by almost every payment startup. Apple's strategy is to work together with other participants in the payment infrastructure, and not compete with them - this is the only reason for Apple's success in this matter, and not at all its size. If Apple approached this problem with the intention of mastering “both sides of the transaction”, as most payment companies do, they would face serious resistance.

Apple does not process payments, Apple does not issue payment cards, Apple will only be an intermediary in the existing system, which will noticeably improve during its operation. Apple will securely store payment card information and will encrypt it using various technologies to safely transfer it during the transaction.

It all started with the announcement of the iPhone 5s, when Apple first held meetings with banks, as well as representatives of Visa and Mastercard. They wanted to introduce a new way to make mobile payments, which would be much safer than any other method in history. In addition, they also wanted to request a reduction in the total cost of the transaction. Finally, they asked for benefits, as well as for the share in future profits of the issuing bank of the payment card for creating the method.

In sum, all this was a daunting task, because Apple needed to get the approval of many participants. They had to convince the payment card issuing banks that it was in their interest to support Apple’s new methods for many reasons. Most do not understand that about 85% of the funds that the cardholder pays for the operation will go directly back to the bank that issued the payment card. Apple needed to get the top ten banks to make less money to offer Apple something for the technology the company would provide. In addition, Apple needed to convince Visa and MasterCard, but that was the easiest part. For all this work, Apple will receive a share of the fees received by payment systems. At the same time, both parties to the transaction will not pay anything else for using the ApplePay system.



Apple earns revenue as a share of the transaction fees of the payment card issuing bank. Neither the seller nor the consumer does not notice any increase in value. The seller can choose any provider.

This is just the beginning, ApplePay will still show itself

The ApplePay system that we saw on September 9, 2014 is not the ApplePay system that we will see in a year or more. ApplePay is similar to the iPhone 1 - and this is just the first step in Apple’s much longer journey and payments in general. I am sure that the desire not to try to force traders to change their trading account, as well as retailers not to change their systems or processes that they have already built, will become the basis for success. We will see presentations of new additions from Apple that will interact with users even better, because Apple is starting to integrate ApplePay into retailers' POS systems. This process will also include the transfer of data to the ApplePay user, which will be based on a transaction within a real and efficient receipt system.

We will also witness the introduction of iBeacon, which will be shared with ApplePay. This will be a huge next step for ApplePay, which will also be a huge step towards ApplePay 2.

To succeed, ApplePay needed recognition from a wide range of sellers, and I am 100% sure that this part of the path to ApplePay was the best. Soon we will find out what to expect next!

It just works: ApplePay Magic

Typical iPhone or Apple Watch users will be able to experience what many call Apple magic. This will all work, and you will be required to do less than simply pass a payment card through the terminal.

When Apple finishes adding new features to this system, most people will no longer want to use any other form of payment. I think ApplePay will be an exclusive addition to new iOS devices, such as the white Apple headphones for iPod and iPhone 1. This will be a clear sign that you have become the new Apple iWallet user. Of course, this will lead to the fact that Apple iWallet will become an indicator of prestige and high status, and this is no coincidence. Soon we will see that this interesting method of payment will become practically iconic in the next few months.

I have always said that in the case of mobile wallets, we will all vote in rubles in the literal sense of the word. We needed a reason for us to want to use a new payment method. I think ApplePay is the first system that can begin a real evolution of payments. With ApplePay, Apple will be able to permanently change the way they pay for goods and services. There will be fewer reasons to show your payment card. Your iOS device will take care of everything and it will work.

Amazing trip

I think history will remember that ApplePay has been the largest payment system improvement since the invention of the magnetic stripe of a payment card. We've come a long way since Dotea Perry accidentally invented a modern payment card in the early 1960s when ironing white IBM shirts for her husband. How far we have gone since that evening in the 60s.