By Sam Shawki and Nancy Zayed

A lot has been said about the newly launched Apple Pay, a new category of service that promises to transform the mobile payments industry with an easy, secure and private way to pay. This sector has had several starts and stops within the last few years and so far has failed to reach consumer and merchant adoption at the success rate that meets such hyped expectations.

Apple Pay has kicked off with a few things going for it, and unlike most would think, it is more about monetizing security and privacy than it is about payments. We think this is the formula for success and that it redefines mobile payments as a new category we will call: Device Security for Commerce.

However, before defining the formula we need to clear a few things up:

  1. Apple is not creating a payments network nor is it competing with an existing one. Unlike many tech giants who monetize consumer data, Apple earns its revenue the harder way: It designs and sells products and services that are simple, elegant, utilitarian, and seamlessly usable. Apple is much attuned to the fact that by paying a high premium for their products, consumers trust that their personal info is not part of the deal.
  2. Since the inception of mobile payments, the whole ecosystem has struggled to extend what the industry calls the four-party model (1- Me 2- My Bank 3- The Merchant 4- The Merchant’s Bank) to include new players in the market, including carriers, device manufacturers and other technology providers like Google, Facebook, and Amazon, among others. Keep in mind that extending the four party model without compromising it is a great concern for banks and the regulators alike and it’s not as easy as it sounds.

Carriers did not get it

For a good decade, the payment industry has tried to adjust the four-party model to bring in the carriers into the financial system. Solutions turned out to be costly for the banks and clunky for consumers. As that was not enough to put a halt into these plans, regulators raised concerns because they know very well that dealing with people’s money is fundamentally different from managing airtime minutes, an issue carriers continue to underestimate.

Google did not get it right

After the solutions with the carriers did not take off, technology companies like Google also tried to get on mobile payments. Although some interesting innovation came out of these efforts, Google’s efforts where too focused on solving the technology piece of the puzzle, mining as much data as possible and underestimating the regulatory issues and concerns.

Apple gets it

The launch of Apple Pay is the first commercial application in the market utilizing new tokenization standards from the payment networks. This is important because it’s an integral part of Apple Pay, making it a security solution that replaces your credit card information with tokens that are not useful to a hacker if stolen or compromised. By adopting an innovation of Visa and its partners Apple proves that it understands the value of working with payment networks by leveraging their 50 years of experience in security, reliability and convenience. Another part of the Apple solution is its own touch ID technology; an additional security feature. More importantly, Apple made it clear that it has no interest in customer data, thus making Apple Pay not only a very secure solution but one that respects the privacy of its customers’ financial data adding a killer feature to the formula: trust.

If Apple Pay successfully scales – and we are betting it will – the payments industry might have found a business model that benefits the entire ecosystem: issuing banks can continue to securely move money around, while innovators can focus on extending digital commerce to new form factors and to more places.

List of brands and services

Why should we care?

A good example is the launch of MCX (Merchant Customer Exchange). It is known that merchants endure most of the cost of making payments easy and that has been a point of friction between large merchants and the payment networks for many years. This past Saturday it was clear that this sore spot was rubbed the wrong way when CVS and Rite Aid announced that their stores will not be supporting Apple Pay. This raises the question – At the expense of customer satisfaction, is this business decision really worth it? While it’s still unclear on how MCX will add value to merchants and customers alike, the lesson Apple Pay teaches us is that in payments you really don’t get extra value by fragmenting the system or competing with it. Instead, you should make it better and put it to work in your favor. The formula is pretty clear:

  1. Work with the payment networks: They already have established powerful, secure and well-regulated networks.
  2. Charge for security and privacy not just convenience: putting more security in place will always create value.
  3. Stop milking more customer data: While this tactic may work for search engines and advertising, it is too complicated to work in payments. If you need the data, banks have ways of cleaning up and securing privacy for their consumer data before you can use it, so ask nicely.
  4. Find your own solution: Apple relies on the strength of its hardware, but secure payments are possible using recent breakthroughs in software security, innovations that can be on par with hardware security yet much faster and cheaper to deploy. As Marc Andreessen suggests, there is a reason why software is eating the world.
  5. Find a real use case instead of making one up: Swiping a card is easy enough and carrying three cards in your wallet is not really a problem. There are more complex issues to solve, you just need to work harder.

Finally you don’t need to control the device hardware nor wait patiently for a certain chip to hit the market to do that. More importantly, you don’t need to spend millions to deploy a new hardware in order to succeed in the newly defined category of Device Security for Commerce.

Sam Shawki, CEO, and Nancy Zayed, CTO, are founders of MagicCube, a digital commerce security start-up based in Sunnyvale, CA. Nancy is an expert in mobile devices, having spent the last decade working on the OS group at Apple. Sam has led several payment companies throughout his career, and most recently he led the Global Remote Payments Business Unit at Visa Inc. You can find both on Twitter @sshawki and @zayena.