Apple Pay started with point of sale terminals and iOS apps. With iOS 10 and macOS Sierra, Apple has extended Apple Pay to include web-based purchases made with its Safari browser. Despite being limited to Safari, Apple Pay's combination of simplicity and security has the potential to make it a de facto requirement for online retailers.
On iOS, Apple Pay works in Safari and the Safari View Controller that can be displayed inside other apps. Apple Pay also works in Safari on Macs running macOS Sierra, which was released earlier today. If you already have Apple Pay set up on an iPhone or Apple Watch, there is nothing new you need to do to use Apple Pay on the web. The only difference is in the way you authorize a transaction on the Mac.
On iOS and Mac, Apple Pay buttons can appear during the checkout process, but can also be placed on product pages as a way to bypass traditional checkout processes entirely. One nice touch is that the Apple Pay API can query whether there is an Apple Pay account set up for the device being used. If not, Apple Pay buttons can be hidden.
On iOS after you tap on an Apple Pay button, a sheet slides up with the billing and shipping information stored in your Apple Pay account, which can be edited before completing your purchase. The only other step is to place your finger on the Touch ID sensor to authenticate and complete the transaction.
On the Mac, the process is a little different. Because Macs don’t have Touch ID sensors,1 payment authorization can't take place using Mac hardware. Instead, using the Apple Pay API, the merchant can check if there is an iPhone or Apple Watch that can be used to authenticate the sale. This all happens quickly and seamlessly for users who see a momentary spinner and are then asked to complete the sale using an iPhone or Apple Watch if a device is available.
In addition to being convenient, Apple Pay is more secure than a credit or debit card because it uses a single-use token for each transaction instead of transmitting credit card information as part of the sale. The Apple Pay API also requires that the merchant site use https. Here are the security details as described by Apple:
To securely transmit your payment information when you pay in apps and websites, Apple Pay receives your encrypted transaction and re-encrypts it with a developer-specific key before the transaction information is sent to the developer or payment processor. This key helps ensure that only the app or website you’re purchasing from can access your encrypted payment information. Every website offering Apple Pay must also verify their domain every time Apple Pay is offered as a payment option. As with in-store payments, Apple sends your Device Account Number to the app or website along with the dynamic security code. So neither Apple nor your device sends your actual credit or debit card numbers to the app.
When you use Apple Pay to make a purchase on your Mac in Safari, Apple Pay transfers purchase information in an encrypted format between your Mac and your iOS device or Apple Watch to complete your transaction.
Merchants that want to deploy Apple Pay on their sites can do so by signing up for an Apple Developer account and getting the necessary encryption certificates. The process is relatively simple, but there is an even simpler path. Online commerce companies like Shopify have announced support for Apple Pay on the web and can handle the certificates and developer accounts for merchants who don't want to deal with that.
The number of sites that currently accept Apple Pay is limited, but the promise of a single, secure process for purchasing things in person, in apps, and online should be attractive to consumers and retailers. For consumers, simplicity and convenience are paramount. For them, Apple Pay on the web is a little like Amazon's 1-Click purchase button, but instead of being limited to one site, it works across all sites that supports Apple Pay. For merchants, the convenience to customers, security, and the support of companies like Shopify and Stripe, should help turn more people into paying customers, encouraging retailers to add Apple Pay to their websites in what may be a virtuous cycle.
- Yet. ↩︎