The World Wide Web is a gold mine when you’re looking for a specific product or service. You can pay online, and purchases are delivered right to your front door. Is it any wonder that brick-and-mortar stores are struggling?
Buying an item or service online typically requires you to enter your personal and credit card information. However, it seems that no online merchant is safe from hacking, and the thought of having your identity and credit card information stolen every time you make a purchase is unnerving.
There is technology that can not only protect your personal and credit card information, but can also make online shopping a damn sight easier. It’s called Apple Pay.
Late to the game
In the online payment universe, however, Apple came pretty late to the game, and a number of other online payment options had head starts. I’m not talking about the typical online forms wherein you warily enter your name, address, and credit card information and hope for the best. That’s decidedly old-school.
What I’m referring to are PayPal and Amazon Payments, to name a few. Since these services already have your credit (or debit) card and bank information, supporting sites can simply establish a handshake with one of these payment vendors, and request payment in the given amount.
The payment vendor, in turn, automatically charges your credit card on file and sends payment to the online merchant.
Google Wallet, which is more like Apple Pay, also had a head start, but it hasn’t really seemed to gain any traction. I’ve never used Google Wallet, but I have used PayPal and Amazon Payments extensively.
With those services, I still have to enter my user name and password from the online merchant’s site to enable payment. If a hacker could insert himself in the middle somehow—a difficult though not impossible task—he could get my login credentials and potentially have a field day.
Or, more likely, sell those credentials to a third party. The chain of possession gets cold really fast, and, bottom line, I still don’t feel fully secure when using PayPal or Amazon Payments.
Although there have been a few hiccups with the roll-out of Apple Pay, so far there have been no reports of the service being hacked. There are strong technological reasons for this.
One, Apple Pay stores your credit or debit card in encrypted form in a specialized chip called the Secure Enclave on your iPhone (iPhone 6 and later versions only, including iPhone SE), iPad, or Apple Watch.
Second, Apple Pay requires TouchID to verify and activate payment. TouchID uses your finger print, a bio-marker that is unique and virtually impossible to spoof, to access the Secure Enclave.
With Apple Pay, Apple uses what is referred to as a tokenized backend infrastructure to support pass-through of payment information from your device to the online merchant.
Rather than providing your credit card number, the system sends a token, a one-time encrypted code that is good only for the current transaction. The online merchant never sees or stores your credit card info on its website. Even better, you don’t need to create an account or log in to the website to complete a transaction.
Simple payment steps
Let’s take a look at the anatomy of an online Apple Pay transaction. We’ll use the iPhone as an example.
First, in the Safari browser app, you navigate to an online merchant that supports Apple Pay. Apple lists a bunch of them on its website—for example, Target, Staples, Groupon, Etsy, and many others.
Second, you shop online as you normally would and begin the checkout process.
Third, you choose your payment method, Apple Pay.
Fourth and finally, you verify the purchase with your finger print. Done.
If you’re interested in more details of how Apple Pay works under the covers, and why it is so secure, Ars Technica provides a great description.
Apple recently extended Apple Pay to Macs running the latest macOS version, Sierra (version 10.12). Only the very latest MacBook Pro models have TouchID for finger print recognition. However, older Macs running Sierra can seamlessly connect to your iPhone for finger print recognition when verifying an Apple Pay purchase.
Apple is a big, powerful, rich company, but even it can’t force vendors to accept and implement Apple Pay online if they don’t see the immediate benefits and aren’t willing to devote the resources necessary to support it.
Most merchants know that Visa, MasterCard, Discover, and American Express already cover the vast majority of potential customers. And, while these merchants do implement various forms of online security, they also seem willing to take the calculated risk of exposing online shoppers to cyber-theft, should their online security not be as robust or up-to-date as it could be.
Nonetheless, Apple has made the process for online merchants to adopt Apple Pay pretty straightforward. On the Apple website, the company provides links to information for vendors to set up Apple Pay as another online payment option:
For those vendors who have their own iOS apps, Apple provides an API to enable programming Apple Pay into those apps.
Browsing to the App Store in iTunes, you’ll see a growing number of iPhone, iPad, and Watch apps that support Apple Pay. Apps like Uber, StubHub, Fandango, Airbnb, Best Buy, Zappos, Ticketmaster, Orbitz, Expedia, Gilt, and many more.
These and other online entities are seeing the value of providing Apple Pay, which combines nearly effortless payment with strong security.
That is a winning strategy, albeit not yet widespread enough.
Nonetheless, Apple plays the long game. It has the resources and staying power to ensure that Apple Pay will continue to grow and eventually become available everywhere.
Hopefully, there will come a time when we won’t have to carry our wallets with us. Unfortunately, that time is not yet here.