How to: Launch Apple’s Tap to iPhone Solution
How to: Launch Apple’s Tap to iPhone Solution
The latest stage in Apple’s push into financial services is the UK launch of Tap to Pay which turns iPhones into card readers without any additional hardware. This is not the first softPOS on the market, but the Apple brand guarantees that it will generate the most interest. How can Payment Service Providers (PSPs) take advantage of all the excitement and launch a product of their own?
In order to roll-out Tap to Pay PSPs first need to request entitlement from Apple to use the Tap to Pay functionality. Once this is done the PSPs can do one or both of the following:
- The PSPs can create their own merchant app designed to accept payments directly from consumers using the PSP’s own User Interface (UI). This is the path taken by Natwest Tyl and Revolut in the UK as they launched their product last week.
- The PSPs can also provide their own “invisible” SDK interface that merchants or software companies embed in their own branded apps where they control the UI. This approach has been taken by players such as Stripe
As with the Apple Wallet, Tap to Pay leverages Apple’s control of the iPhone hardware and software to offer a secure environment for sensitive card data and customer PINs by using the phone’s “secure element” to encrypt the data. This is different from Google’s software-centric approach due to the number of different manufacturers of Android phones. Apple’s approach ensures that the PSP’s app never sees card data or PINs in the clear which minimises the compliance requirements on the app.
In terms of supporting a transaction the following occurs:
- The PSP’s app UI manages entry of the amount to be paid
- Apple then takes control of the screen to prompt the customer to tap their card.
- Apple reads the contactless card and immediately encrypts the data using hardware secure element in the phone
- Apple then hands the encrypted card data to the PSP’s app
- The PSP’s app then creates an authorisation message and sends it to their gateway. (Apple is not involved in the transfer)
- The PSP’s gateway unencrypts card data and sends the authorisation request just like any other POS transaction. The transaction details are stored on the PSP’s gateway, not on the merchant’s iPhone.
This approach allows the PSP to control the merchant payment initiation experience, while the Tap to Pay consumer payments experience is standardised and controlled by Apple so customers will always have a broadly consistent and familiar payment journey irrespective of the PSP used. The only significant wrinkle is how PINs are handled:
- If a consumer uses their mobile phone to authenticate and initiate the payment, then no PIN is required, and the transaction should work the same everywhere
- In most of the world the acquirers and issues support online PIN, and the consumer can present their cards and enter their PIN on the Apple device as they would have done on more traditional PIN devices
- In markets like the UK and France, where there are still requirements to support offline PIN, transactions over the contactless limits may be declined if the consumer uses a physical card. A normal POS device would prompt the customer to dip the card to allow PIN entry and verification, but the iPhone of course has no card reader slot so must decline the transaction. As UK acquirers and issuers implement online PIN this situation will improve, but is likely to be an issue in the short term
Apple are (as usual) keeping the commercial arrangements for Tap to Pay confidential, but we can assume that PSPs are paying Apple for the privilege of using the service. In the US, PSPs are offering Tap to Pay to merchants for $0.10 plus ad-valorem and it’s likely that $0.10 represents Apple’s charge to the PSP, plus a markup. Some UK PSPs seem to be targeting a 10p fixed fee (similar to the US) while others are offering a bundled ad-valorem fee.
Will it be a success? Most acquirers (like Tyl) are likely to roll out their softpos applications to work across both iPhone and Android devices. Until last week the 50% of merchants with iPhones were unaddressable, so this removes the last significant barrier to the roll-out of softpos in the UK. Typically, small UK merchants pay £175 per annum for their traditional terminals (20% of their cost of card acceptance). Given softpos is currently being offered for free, this would seem to be an attractive offer. It is likely that for PSPs it will rapidly become table-stakes for targeting the SME market. Apple lists ten PSPs who are already supporting (or planning to support) Tap to Pay by iPhone in the UK and we expect to see more signing up soon.