Home / Mobile / Mobile wallet wars: Apple Pay vs Samsung Pay vs Android Pay

Mobile wallet wars: Apple Pay vs Samsung Pay vs Android Pay

I know I write about Apple Pay quite often, but was surprised to hear that one of my colleagues recently purchased an iMac in the Apple Store using his Apple Watch and Apple Pay.  Yes, he’s an Apple guy, but really?  A £1,000 purchase with a fingerprint?  I thought, as do most, that you could only make small transactions using contactless payments. In the UK under £20 (£30 from September 1) and in the USA under $25. 

Pugh Apple Pay

Cartoon by Pugh

But it is not the case at all. 

Good friend of the Financial Services Club David Birch has written a whole blog update on the subject, and notes that it’s the Point-of-Sale (POS) software that is key, not the device or payment instrument you are using.  The POS makes the difference between whether you are limited to low value or high value payments.

The low value limit is when there’s no verification involved or, rather, no Cardholder Verification Mechanism (CVM).  That is not the case with Apple Pay however, as Apple Pay is based upon a biometric Touch ID.  In this case there is an additional layer of consumer identification based upon the device and an additional recognition layer, in this case your fingerprint.  This method is therefore based upon a Consumer Device Cardholder Verification Method (CDCVM) rather than no verification.  This is the reason you can have high value payments with CDCVM but are limited to low value when you lack this device authentication.

All of this comes into the open just as Samsung ramps up its entry into the wallet war market, and Samsung have one big advantage over Apple, according to Time Magazine:

“In addition to near-field communication (NFC) connectivity, Samsung’s new devices employ a technology called ‘Magnetic Secure Transmission’, which allows its mobile payment system to be used on standard credit card machines. Apple Pay only uses NFC connectivity, which is far from ubiquitous in the checkout lane … All you have to do is swipe up on the screen, select a card, and input your PIN or fingerprint to authenticate. Then wave the phone over the credit-card reader and be on your way.”

That’s not only incredibly friendly, but also capable of being used as a CDCVM checkout.

Then there’s Android Pay, the Google upgrade to Google Wallet to compete with Apple and Samsung.  Some claim Android Pay has advantages over Apple and Samsung by being integrated with loyalty programs, such as MyCokeRewards; it’s contactless payment system doesn’t require a fingerprint or other authentication (although that defeats the high value payment option); and Android phones are far more plentiful in choice from the Samsung  Galaxy S4 to the HTC One M7 to the LG G2 to the original Moto X and Nexus 5.

All in all, it’s getting really interesting so thanks to CNN for this infographic, which also includes PayPal and Bitcoin to see the range of options now available (doubleclick image to enlarge).

Mobile Wallets Compared

It really is a mobile wallet world (at last).

 

This post adds to previous updates including:

About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

Context

Using intuitive interfaces for contextual commerce

As we start to reimagine the bank, it is obvious that focus on the platform …

One comment

  1. Well… . Let me explain: it’s not just a matter of only the POI having the “right” software. Actually the payment instrument is most important. When using the CDCVM you enter your personal authenticator “what you know” or “who you are” using a User Interface which is “not” secure (using your mobile input interface which is not PCI-PTS). Then, the authenticator you entered is compared in the mobile device with the reference (eg your fingerprint) issued to you when you enrolled for the service. For the issuer to apply the liability policy it’s essential the protection of both your enrolled reference and the authenticator you enter when you pay.
    So the mobile device must offer two security properties: The reference must be stored in a tamper resistent device ( eg, a secure element for ApplePay). Second the authenticator you entered must be protected from the mobile input interface ( Touch ID fingerprint capture device or PinPad) all the way down before it’s comparison with the reference stored in the secure element, so that any malware installed in your mobile can’t capture it . There are standard mobile technologies (TEE in Trusted User Interface mode) to implement this. If your mobile device does not have a secure element ( UICC, embedded SE) you cannot use the mobile device to enter a CDCVM and the 20£ limit applies.
    So it’s true that the POI software must be upgraded to support an CDCVM verification performed out of the POI ( it’s like your mobile device “was dissociated”: your mobile PinPad acting “as” an extension of the POI PinPad , and the mobile secure element acting “as” if the PIN had actually been entered in the POI) but the security (and therefore liability shift policy) that enables to accept contactless payments beyond 20£ depends “exclusively” in the way the payment instrument (card payment application) is protected in your mobile

Click on a tab to select how you'd like to leave your comment

Leave a Reply

Your email address will not be published. Required fields are marked *