Apple Locks iPhone 6/6+ NFC To Apple Pay Only

Ronin Developer writes From the Cnet article: "At last week's Apple event, the company announced Apple Pay — a new mobile payments service that utilizes NFC technology in conjunction with its Touch ID fingerprint scanner for secure payments that can be made from the iPhone 6, iPhone 6 Plus or Apple Watch. Apple also announced a number of retailers that would accept Apple Pay for mobile payments at launch. However, Cult of Mac reports that NFC will be locked to the Apple Pay platform, meaning the technology will not be available for other uses. An Apple spokesperson confirmed the lock down of the technology, saying developers would be restricted from utilizing its NFC chip functionality for at least a year. Apple declined to comment on whether NFC capability would remain off limits beyond that period." So, it would appear, for at least a year, that Apple doesn't want competing mobile payment options to be available on the newly released iPhone 6 and 6+. While it's understandable that they want to promote their payment scheme and achieve a critical mass for Apple Pay, it's a strategy that may very well backfire as other other mobile payment vendors gain strength on competing platforms.

So much for mobile payments in Japan

NFC technologies are already very well established here (you can wave your phone in front of a vending machine to purchase a drink!), and it's disappointing to see that iPhone users have at least a year to catch up with everybody else.

Re:So much for mobile payments in Japan

[theNetImp]

iPhone is extremely popular here. Apple has been popular in general in Japan for a long time, so the brand carries it's weight pretty well here. Most iPhone users just put a cover on their iPhone that they can put their NFC card into and use it that way. The NFC card company then has an iPhone app to manage how much ÃfÃÂ¥ is on the card, etc...

Re:So much for mobile payments in Japan

[AmiMoJo]

The iPhone is popular here but I wouldn't say as popular as it used to be, or is in other countries. I remember them putting out rope barriers for the 5s launch and hardly anyone turned up at Yodobashi in Akiba. Right now interest in the iPhone 6 doesn't seem that high either. There are too many good rival phones.

Re:So much for mobile payments in Japan

[phayes]

Good job in exposing your ignorance. Apple Pay uses the contactless specification of the EMV standard to provide "industry-standard EMV-level security” -- essentially the existing SoftCard EMV standard. There will be no wait, Apple Pay can be used wherever Softcard is deployed.

Here. Read this and the associated documents.

Apple Pay's adds onto the SoftCard a level of security in using the secure fingerprint reader & in not being able to see user transactions (whereas Google Wallet leaves itself in the loop so that they CAN see each transaction).

Re:So much for mobile payments in Japan

[swillden]

put a cover on their iPhone that they can put their NFC card into and use it that way

Terminology clarification: If it's in a card, it's not NFC, it's a "contactless smart card". NFC is, specifically, a variant of the contactless smart card protocols embedded in a larger, battery-powered device. It does emulate a contactless smart card, which is how it enables payments, but it does a lot more as well. NFC devices can also act as smart card readers (note that "reader" is something of a misnomer; it's just two computers talking to one another) and they can also act as RFID tags or readers (or writers, for tags that are writable).

This broad array of capabilities, BTW, just highlights how unfortunate it is that Apple is limiting it. In Android-land, not only can you use NFC to make payments (Google Wallet, whatever the ISIS Wallet has been renamed to), but there are a lot more uses:

1. You can download one of many smart card reader apps (or write your own) and use them to read any contactless smart card you have around, including many payment cards. What you can see depends on the security protocols implemented by the card, obviously, and also depends on whether your app knows the right commands to send. If you like you can buy your own Javacards, program them, and write your own app to talk to them, to do whatever it is that you'd like to do.

2. Most of said smart card reader apps also support reading and writing RFID tags, which you can buy inexpensively. Many people have come up with uses for these, such as automatically changing phone configuration (volume, etc.) when a particular tag is scanned. My Moto X offers the ability to register an RFID tag as an unlocking device; whenever I scan one of the registered tags, my phone unlocks.

3. Ever since Jelly Bean (IIRC), Android has used NFC as a method to initiate device-to-device data transfer. On several occasions when my wife and I have been driving separate vehicles to the same location, I pull it up on Google Maps, tap my phone to hers and touch the screen, and then it's on her phone. You can transfer pictures, files, and anything else apps care to support. NFC isn't actually used for the data transfer to avoid having to hold the phones together for a long period of time, but it identifies the pair of phones that wish to do the transfer, which is then carried out through Wifi or mobile data.

... and more. Here are some more concrete examples of clever uses to which people have put Android's NFC capabilities: http://trendblog.net/creative-...

Re:So much for mobile payments in Japan

[swillden]

essentially the existing SoftCard EMV standard

SoftCard EMV standard? Wow, that's like calling HTTP the Google networking standard. EMV existed long before SoftCard (formerly called ISIS), and in fact long before Google Wallet (which predated SoftCard/ISIS by quite some time)... before NFC existed, even.

Re:Jailbreak

[cbhacking]

That NFC will be made available via jailbreak, I do not doubt.

That it will happen quite that *fast*, I do doubt. Apple has gotten really good at lockdown.

Note that Lockdown != Security. Security means preventing unauthorized access. If you can't even authorize *yourself* to get access, it's either not "security" or it's not your device (or both).

If you want NFC, go with Samsung, or HTC, or Nokia, or one of the many other phone OEMs who have been including NFC hardware and software that lets you use it for years now.

Nope they are clever

[thegarbz]

The mobile payment market is completely fragmented. Apple is by far not the first company to announce a payment scheme, however it is the first that has managed to make some concrete deals with several companies and it's the first that actually has a chance at taking off.

Apple has locked it down? So what? How is that any different from the last several years where competitors have had NFC and payment support? Why is the upcoming year suddenly going to backfire them right at a time where service providers will likely be questioning whether it's a good idea to promote a system which can't be used on Apple's much advertised phone?

I'm no fan of Apple, but you can't argue that they aren't strategically clever bastards.

Re:Nope they are clever

[nblender]

You regularly use NFC for payments? You must be some kind of wizard.

The US isn't the world.

I live in Canada and I also regularly use NFC for payments. Last night I bought groceries with NFC after I bought some diesel with NFC. At the beer store I bought beer with NFC. I bought some irrigation supplies with NFC.

Some restaurants have NFC on the little pay terminals they bring to your table.

Re:Nope they are clever

[swillden]

Oh google? You mean mean the Google Wallet that isn't available in large parts of the world? They need to deploy terminals? That's a fail right there.

Apple Pay will be able to use Google Wallet / ISIS (SoftCard) terminals, and vice versa. They all use the same protocols and base technology.

Apple Pay will be successful, and Apple will garner much praise for that success from people like you who don't know the industry, but what's really going to make it successful isn't anything Apple is doing or has done, but what Visa and MasterCard did two years ago, when they announced that the liability shift will be imposed in the US in October 2015. That policy change by the card networks will give merchants huge financial incentive to get all of the necessary terminals deployed, which is why many of them are now (and have been for some time) gearing up to integrate and deploy chip-capable point-of-sale terminals.

And, if you want to look at the causes for Visa and MasterCard's decision... the biggest single factor was almost certainly the deployment of Google Wallet, which moved NFC payment in the US from a "someday" possibility to "people are using it now". At the end of the day, Apple Pay will owe most of it's success to Google.

I don't want to disparage Apple too much here, though, because they have been able to do one thing of huge significance, and it is their market position and clout with the mobile network operators (MNOs) that made it possible: They helped push through the deployment of network-level tokenization. This is a somewhat abstruse technical detail, but it's pretty important.

Right now Apple Pay, SoftPay and Google Wallet all use different approaches to how they push the transaction through the networks. Google Wallet uses a "proxy card". When you pay with Google Wallet you're actually paying with a Google-issues MasterCard debit card. That's what the merchant sees. Then Google turns around and charges whatever backing instrument you've specified (Wallet balance, bank account, debit card or credit card). This approach offers maximum flexibilty; if someone dreams up some payment mechanism and Google integrates it, you can get your payments directed to it. The downsides are that (1) it's the same credit card number every time, which means that if it gets stolen and used fraudulently (which is far harder than for a magstripe card) then Google has to take on the fraud liability; (2) the point-of-sale transaction is "card present" while Google's transaction with your payment instrument on the back end is "card not present", which means if the backing instrument is a credit card Google has to eat the difference between the front and back-end transaction fees; and (3) all transactions pass through Google, which means Google sees how much you spend through Wallet and where (which has some upsides as well; I like the payment notifications it enables and the ability to look up my payment history on any device as well as the level of control it offers me). Note that Google can't see what you bought, but obviously a lot can be inferred from location.

SoftPay (nee ISIS) uses "issuer tokenization". You can only pay with credit cards from a certain (and still fairly small -- AMEX, Chase and Wells Fargo) set of issuing banks. The banks issue "tokens" which look like credit card numbers but are only good for a single use. These are stored in the secure element on your phone and transmitted to the merchant when you pay. Security is arguably better than with Google Wallet, and there are some corner cases that are less problematic. SoftPay doesn't get involved in your transactions, although there are some indications that the app may deliver information about them to SoftPay and to your carrier, though they don't provide that information back to you as a convenient transaction log like Google does. The reason the list of cards you can use is small is because each individual issuer has to get their systems set up to support token issuance. That'

Re:Nope they are clever

[tlhIngan]

And Google isn't? I thought Android won? Face it, they don't bother with talking to anyone, they just expect them to come to them to beg working with them because they are so fucking awesome. And if they do, they abandon them after a couple of years because Google refocuses.

The problem with Google's implementation is that Google wants to be the payment provider. This is "better" in some ways because it means more flexible funding schemes (Apple requires Visa, MasterCard or American Expess). However, it has a major downside - Google is now a major participant in your transactiona because the retailer charges Google, and Google charges your payment provider, so now Google gets the details of your transaction, which depending on the retailer can include what item you actually bought.

The other downside is it means Google has to work with every payment system out there to get them to accept Google Wallet as a valid payment mechanism.

Apple's method means it works anywhere that accepts contactless Visa, MasterCard or American Express cards. Because Apple Pay appears to the retailer as a regular credit card so retailers have to do zero effort. Google Wallet makes it so they have to sign up with new payment providers and all that to specially take Google Wallet.

Use Apple Pay and Apple doesn't know about the transaction as it's a more standard credit card transaction that's handled between banks.

As for NFC restricted to Apple Pay? That's iOS 8. It most likely means the APIs for it are far from stable and/or Apple doesn't have a good way of handling events in NFC under the current security architecture. iOS9 can easily change it.

it's just like TouchID - last year it was only for bypassing the PIN and for iTunes purchases. In iOS8 it's allowed to be used for third party authentication in apps. You can bet iOS9 will have NFC APIs for app use.

Re:Considering Republicans...

[R3d+M3rcury]

Considering Republicans are so against NFC and haven't allowed any bank to invest in this technology

Really?

Re:Jailbreak

That NFC will be made available via jailbreak, I do not doubt.

That it will happen quite that *fast*, I do doubt. Apple has gotten really good at lockdown.

Note that Lockdown != Security. Security means preventing unauthorized access. If you can't even authorize *yourself* to get access, it's either not "security" or it's not your device (or both).

If you want NFC, go with Samsung, or HTC, or Nokia, or one of the many other phone OEMs who have been including NFC hardware and software that lets you use it for years now.

And I'm sure we'll all be very eager to make use of the third party mobile payment options made available for your jailbroken iPhone on Cydia, courtesy of a bunch of hackers you've never heard of before.

Re:Jailbreak

[cbhacking]

Also a valid point. I do a fair bit of phone hacking, but am very cautious about what I install from whom (it helps that I can decompile apps pretty well by now). Most people aren't, and somebody is going to want to take advantage of that.

iOS NFC Only Being Used for Apple Pay

[glennrrr]

The same basic information came out on Ars Technica the other day. But the slant on that was not that Apple was locking out 3rd party credit card processors, but rather that the NFC hardware was not being used for anything else because Apple was not ready to say the whole stack was perfect yet, from a security standpoint. This is all new code and new hardware, for Apple, and they would rather not have stories about massive credit card theft come out next week. So, this is an example of slant driving angry diatribes in the comments; if it'd been presented in a more neutral tone people would have judged Apple's actions in a more balance way.

No just payment!

[ramriot]

If Apple proceeds with locking away the NFC API from developers they will be making a Huge mistake. NFC is not just for payments, it is a use agnostic technology, and as such can be used anywhere you need short (1-2") data communications i.e.
# Door locks / home security
# Wifi tap to secure.
# Bluetooth Pairing
# End to end encrypted messaging tap to exchange / sign public keys
# Second factor online authentication
etc etc.
On Android all these uses are available because the API is open.