As part of the Apple keynote, Apple announced Apple Pay. It allows iOS users (iPhone 6+ or an Apple Watch is required) to pay for their goods at the store using their devices. At check out, instead of digging out your credit / debit card, you tap your phone (or watch) and authenticate. A short lived, unique token is transferred using NFC (Near Field Communication) to the point of sale device.
This concept is now new. Most Android users have had this ability for sometime now using, Google Wallet and NFC. I have tapped to pay for purchases at Walgreens and Sheetz over the last few years (and the cashier always looks at me as if I am hacking their register). Google Wallet leverages MasterCard’s PayPass technology for contact-less payments. When you pay using Google Wallet (via tap and pay), Google sends the merchant the credentials for a virtual MasterCard. Google then deducts the funds from the credit / debit card you chose to pay with. This is great because it offers a level of abstraction between your actual credit / debit cards and the merchant’s payment processing system (assuming Google Wallet isn’t compromised). I assume that your virtual MasterCard never changes. Looking at my previous Tap and Pay transactions, the last digits of the virtual MasterCard used has remained the same. Technically, this virtual MasterCard can be compromised (ie. Target style payment system hack). This is essentially a workaround for Google Wallet. Instead of partnering with all major credit card companies for contact-less payments, they only needed to partner with one, MasterCard.
There is an important and key difference between Google Wallet and Apple Pay. Apple Pay works natively with your credit / debit cards (supports Visa – Visa Token Service, MasterCard – MasterCard PayPass, and American Express). First, when you add your credit / debit cards to Apple Pay, the credentials are encrypted and stored in the security enclave of your iPhone 6 and never leave the device (Google Wallet, the secure element is moved to the cloud, so this is where your credit / debit card information live). Secondly, when you tap and pay your iPhone 6 (or Apple Watch) on a supported point of sale system, a short lived, unique token is transmitted to the merchant via NFC. A few moments later, your purchase is completed. As far as I know, this does not involve a virtual card middle man, further increasing the security. If the merchant has their payment systems compromised, your are protected because your permanent credit / debit card credentials remain encrypted on your iPhone.
There were other, recent innovations in the payments space. Specifically, as a backer of Coin, I feel the window to do what they are specifically doing is rapidly closing. Coin essentially allows you to access your credit / debit cards using a bluetooth connected device (paired with your phone). Instead of carrying a wallet containing multiple cards, you carry one with access to your cards (stored in the Coin App on your device). Google Wallet and Apple Pay are rapidly obsoleting the need to even carry a wallet at all (and Coin).
The road to modernizing our payment systems has been a long one. Modernization is starting to turn into a necessity as more and more merchants have their payment systems compromised (Target, PF Chang’s/Pei Wei, Home Depot to name a few). I’ve been pretty eager to move to an electronic wallet system so I can carry (and lose) one less thing (a wallet). It’s uptake has been pretty glacial so far, however, Apple’s entry into this space will build momentum for mobile payments because Apple (iOS) users are some of the most enthusiastic users and merchants would do well to support Apple Pay (and by association, Google Wallet).