/payments

News and resources on payments systems, innovations and initiatives worldwide.

Apple offers to open up NFC payments access to settle EU antitrust probe

Apple has moved to head off European Commission antitrust charges by offering third-party providers access to the NFC chip technology that enables iPhone users to make contactless payments.

3 comments

Apple offers to open up NFC payments access to settle EU antitrust probe

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Apple is seeking to resolve the antitrust case brought in 2022 and avoid a fine that could run into the billions of dollars.

To do this, the US giant is offering to allow third-party mobile wallet and payment service providers to access and interoperate the NFC functionality on iOS devices through a set of APIs free of charge, without having to use Apple Pay or Apple Wallet.

Apple would create the necessary APIs to allow equivalent access to the NFC components in the Host Card Emulation mode, a technology issued to securely store payment credentials and complete transactions, without relying on an in-device secure element.

The agreement, which would run for 10 years, would cover all third-party mobile wallet app developers established in the European Economic Area and all iOS users with an Apple ID registered in the EEA. In addition, Apple would not prevent the use of these app for payments in stores outside of the EEA.

Apple is also promising to allow the defaulting of preferred payment apps, access to authentication features such as FaceID, and a suppression mechanism.

The EC is now giving competitors and customers one month to comment on the commitments.

Apple Pay is the only mobile payment service that may access the NFC 'tap and go' technology embedded on iOS mobile devices for payments in stores, a process that has been damned by banks in a number of jurisdictions for preventing competition from their own proprietary apps.

In the US, a judge recently told the company that it must face an antitrust class-action lawsuit from card issuers on the issue, while the Consumer Financial Protection Bureau has also fired a shot across Apple's bows.

Learn more about payments at NextGen Nordics on the 23 April 2024.

Sponsored [On-Demand Webinar] The Future of Plastic - The Rapid Evolution of Card Payments

Comments: (3)

Stephen Wilson Managing Director at Lockstep Consulting

The article states:

"Apple would create the necessary APIs to allow equivalent access to the NFC components in the Host Card Emulation mode, a technology issued to securely store payment credentials and complete transactions, without relying on an in-device secure element."

I want to query the part about 'not relying on an in-device secure element'. 

As I understand Host Card Emulation, it does use a secure element, just not the same one as in the EMV smartcard. That is, the protocol will use Apple's iPhone enclave.

For a bank and a handset vendor to agree to use an NFC chip set to emulate an EMV card, thebank must satisfy itself that the NFC chips are more or less equivalent to EMV chips as "secure elements". 

It will bethesame logic when a handset's NFC chip set isused to hold an (emulated) eID, e-passport or mDL. 

If I am correct, then the article might be misleading for it implies that the Apple NFC offering would foresake a secure element. 

Steve Wilson, Lockstep Consulting. 

A Finextra member 

No, that's not correct, Steve. As opposed to card emulation using the secure element, HCE does not use the SE of the phone. With HCE, critical payment credentials are not stored on the device but remotely in a private cloud or data center.

Stephen Wilson Managing Director at Lockstep Consulting

Mny thnks Karl. I overlooked the "host" part. 

Geez, I am rusty on Host Card Emulation but yes, now I remember. That takes us back to the first digital wallet wars when Google was forced into HCE because the handset vendors wouldn't allow access to the NFC chips. 

Do we really want to do all this again? 

I know that granting access to the NFC chips is hard. So it should be! But the effort needs to be weighed against the reward of proper hardware security, which HCE cannot provide.

Or can it?  

NextGenAI - Intelligent Banking, Intelligent Future - Save the date! - 26 November 2024 - LondonFinextra PromotedNextGen:AI - Intelligent Banking, Intelligent Future - Save the date! - 26 November 2024 - London