Thales Blog

Apple Pay: A Continuous Balancing Act

August 7, 2016

Ian Hermon Ian Hermon | Product Marketing Manager More About This Author >

On 14th July, Apple caused much excitement in the UK as it launched its mobile payments service, Apple Pay. From London Underground stations to coffee shops, nearly a quarter of a million outlets now offer Apple Pay, making it more widely available in the UK than when it first launched in the US in October last year. Its debut was exciting news for consumers, offering access to a slick and quick payment option with a brand they love, and carry around with them 24/7.

The UK market has many ingredients that will help Apple Pay succeed – most notably an already ‘contactless-friendly’ environment, with about 250,000 merchant locations already accepting contactless transactions in the UK. In fact, Britons made 52.6 million contactless transactions worth more than €330million in March alone this year. The launch of Apple Pay will undoubtedly cause further momentum in this already extensive contactless NFC terminal infrastructure in the UK. Furthermore, its introduction will likely lead to an uptick in adoption of mobile payment technology. However, we must approach with caution. Once Apple Pay takes off, the mobile payments arena becomes an even juicier target for attackers.

Therefore, Apple is going to find itself in a constant battle to balance user convenience with ensuring security is factored in from the start. Security needs be to a number one priority - this is especially true when you consider that four in ten UK consumers said they would rather wait for others to confirm that mobile contactless payments are safe before using it themselves.

Evidently, the widespread adoption of mobile payments rests on reassuring consumers their valuable data is safe, and with that in mind, it is encouraging to see tokenisation at the heart of Apple Pay’s security agenda.

Apple has worked with Visa, Mastercard and American Express and others to ensure that only temporary ‘tokens’ are stored on the phone. These tokens are used in transactions to represent a user’s account, but are useless to hackers and easily deleted if and when required, without impacting a user’s bank account or credit card. Not only does this tokenisation process reduce the risk at the phone it also protects the back-end infrastructure that communicates with the phone to set up payment accounts and approve transactions. This will help issuers with payment channel separation and also protect the merchant in the event of a data breach, as well as Apple itself.

Security always has the potential to detract from the user experience, causing friction, but by striking a balance between the two, Apple can lead the way for others to follow. Addressing the security concerns of consumers is one step to removing the roadblock to widespread adoption of mobile payments and it’s only a matter of time before we see more people leaving their wallets at home and reaching for their phones to pay for goods. Watch this space.