Apple says it limits use of the NFC chip for payment purposes to Apple Pay for security reasons, but Google disagrees, stating its own use of an open banking standard for Google Pay is no less secure …
Australia’s Parliamentary Joint Committee on Corporations and Financial Services asked Apple to explain its reason for denying banking apps direct access to the NFC chip in the iPhone.
Apple opened by suggesting this was a matter of semantics.
Contrary to some claims in some of the submissions, Apple provides banks with access to NFC functionality on Apple devices. Apple has developed a technical architecture that comprises hardware and software components and application programming interfaces (APIs) that banks can use to facilitate contactless payments with their cards and mobile banking applications. Apple chose to call this architecture Apple Pay because: (a) merchants need a simple way to communicate their acceptance of the service to consumers both in store and online, (b) Apple wished to facilitate consumer choice of payment method / bank by providing a consistent and simple experience, and (c) it allowed Apple to market the service to consumers without having to preference one bank over another.
It then says its hardware-based approach to storing payment credentials is more secure than storing them inside an app.
Apple devices offer a hardware-based architecture where credentials are stored on a secure chip (Secure Element) on the device. The Secure Element provides a hardware layer to protect credentials from malware attacks and exploitation. This architecture has proven to be highly effective (for example at significantly reducing fraud in the payments market as well as reducing fraud costs for payment providers and merchants) and provides unparalleled security to consumers.
Host Card Emulation (HCE) is a less secure implementation, which was adopted by Android, Apple’s largest competitor in mobile operating systems. Apple did not implement HCE because doing so would lead to less security on Apple devices.
Apple also said that the use of Apple Pay provided a simpler customer experience than dealing with multiple bank or card apps.
However, ZDNet reports that Google takes issue with Apple’s security claim.
“Our payments apps are immensely secure … our HCE system, which is used by a very large number of banks all around the world, is audited directly by the banks … we would refute the suggestion our HCE environment is in any way insecure,” Google president of partnerships in the EMEA region Diana Layfield told the committee on Monday afternoon.
Australian banks complained that they were forced to pay fees to Apple in order to use Apple Pay, and would prefer to avoid this by their own apps having access to the NFC chip. However, attempts to negotiate were, ironically, blocked by antitrust concerns that banks acting together to negotiate with Apple would be doing so as a cartel.
That dispute resulted in Australian banks dragging their heels over adoption of Apple Pay, but the last of the big four did finally do so at the end of 2019. However, Apple is now being called on to justify the NFC chip restrictions it puts in place.
FTC: We use income earning auto affiliate links. More.