This Week's Sponsor:

Kolide

Ensures that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.

Demystifying Digital Wallets and Apple Pay

One of the many allegations in the Department of Justice’s antitrust complaint against Apple is that Apple stifles competition by:

effectively block[ing] third-party developers from creating digital wallets on the iPhone with tap-to-pay functionality, which is an important feature of a digital wallet for smartphones. As a result, Apple maintains complete control over how users make tap-to-pay payments with their iPhone. Apple also deprives users of the benefits and innovations third-party wallets would provide so that it can protect “Apple’s most important and successful business, iPhone.”

(DOJ Complaint at ¶ 104).

In a post a couple of days ago, John Gruber suggested that the DOJ is off-base because he doubted banks or other credit card companies would obfuscate credit card numbers the way Apple does. In fact, as Matt Birchler, who works in the payments industry, explains, many U.S. banks and other companies do (or did) the same thing, using something called a DPAN:

It’s notable that it’s called a DPAN and not “the Apple Pay number” – it’s a generic term, and that’s because this is a standard feature of digital wallets everywhere, not just Apple Pay. Google Pay and Samsung Pay are the biggest other digital wallets in the U.S. and they both do exactly the same thing. While it’s not technically using a DPAN since the payment runs through different companies, Amazon Pay and Shop Pay buttons also obscure the actual FPAN (full card number) from merchants.

And it’s not just tech companies using DPANs – U.S. banks do too:

Numerous banks from Walls Fargo to Chase to Bank of America have (or had) digital wallets, all of which used DPANs to protect your plain text account number. Paze is what a few big U.S. banks use today and it of course uses DPANs as well.

It’s not surprising that there is confusion about Apple Pay. Apple doesn’t tell customers about DPANs. Instead, the company uses its unique mix of hardware, software, and excellent marketing to make its payment system feel like magic.

In addition to DPANs, Birchler covers:

  • The differences between FPANs and DPANs
  • The extent to which you can be tracked using your Apple Pay purchase history
  • How much personal data Apple Pay transmits to merchants

The post is an excellent read that dispels common myths and confusion about Apple Pay clearly and concisely. It’s the exact kind of explanation of the industries Apple is accused of monopolizing that I hope we see more of as the DOJ’s lawsuit proceeds.