U.S. third-party developers soon will have new capabilities to access the secure element piece of Apple Inc.’s iPhone when iOS 18.1 eventually is released, a move that could herald further app development and cement Apple’s position among mobile-wallet providers.
Apple, without fanfare, revealed this long-desired access Thursday in a simple press release declaring developers will be able to use application programming interface coding to tap into the NFC chip and its secure element, where sensitive data is held within iPhones with NFC chips. Since its 2014 launch, Apple Pay, and associated Apple applications, have been able to access the secure element. The next version of the iPhone operating system, iOS 18, is expected in coming months, though Apple disclosed no timeframe for the 18.1 version. Developers in Australia, Brazil, Canada, Japan, New Zealand, and the United Kingdom also can use the APIs with additional locations to follow, Apple says.
Opening the secure element—doing so was recently mandated in Europe—will only improve the greater adoption of tap-to-pay on Apple devices, says Cliff Gray, senior associate at Omaha, Neb.-based TSG, an advisory firm.
“Many commercial use-cases warrant direct access to the NFC chip, keeping the user in-app. Payment app development on Android platforms has proved this model, even against the greater popularity of Apple devices in merchant environments,” Gray says.
Apple points to in-app contactless transactions for in-store payments as a possibility, along with car keys, student IDs, closed-loop transit, home keys, hotel keys, and merchant loyalty and rewards cards as benefiting from this move. Government ID will be supported in the future, Apple says.
Android devices have long had this capability for third-party developers, but, unlike Apple, they rely on cloud technology called host card emulation, which allows banks and other issuers to create NFC wallets without a chip, called the secure element, controlled by the device manufacturers or mobile-network operators. Instead, payment credentials are managed in a cloud configuration controlled by the issuer.
That path has seen mixed performance. “That’s been available for a long time,” says Steve Klebe, a retired independent payments expert who built and managed Google’s payment service provider partnership program. “Banks all over the world have tried to launch, and to the man, have all been shut down because they didn’t get any traction,” Klebe tells Digital Transactions.
Access to Apple’s secure element could work for third parties, but there could also be many significant challenges. “It’s the online and app piece where individual payment service providers and merchants will have to do a bunch of work to integrate the buttons,” Klebe says. Whether opening the secure element will be successful or not comes down to the use cases, he says.
The true value in this move lies in the secure element’s role in verifying and authenticating an iPhone user’s identity, says Richard Crone, founder of Crone Consulting LLC.
“NFC and secure element are nothing more than a dumb pipe, the payload and the value is in accessing Apple’s proprietary federated identity services,” Crone tells Digital Transactions. “The secure element is nothing more than ‘a path that beats only to Apple’s federated identity’s door’ even if they open it up to others. It works in the same way as opening up the iOS App Store to outside developers.”
PayPal Holdings Inc., with long-time ambitions to find an in-store payment acceptance foothold, could be a candidate for the new access, Crone says. In a well-known instance The Home Depot Inc., in 2012, rolled out PayPal in-store acceptance at almost 2,000 stores. Retail e-commerce sales make up 15.9% of all U.S. retail sales of $1.8 trillion in the first quarter, the Census Bureau says.
“PayPal was definitely the big winner here, but not for the obvious reasons,” Crone says. “The big upside is it brings social commerce, social payments, to the in-store platform. The reason that’s so important is nearly [85%] all purchase value is in-store.” Social payments and commerce use promotions to reach individual shoppers often while they are in-store and in the aisle.
“PayPal already has Honey, which gives them access to consumer and packaged goods advertising inventory,” Crone says. “All they need to do is to be able to prove their platform generates sales.”
For PayPal, in-store, or offline transactions, are still desired. “Finally, consumers who love PayPal for online purchases are also telling merchants they want to use PayPal for their offline purchases,” Alex Chriss, PayPal president and chief executive, said during a recent earnings conference call. “We continue to drive the adoption of our card products and we’re making it easier to add PayPal and Venmo branded cards to Apple and Google Wallets on mobile devices.”
“We are also looking forward to launching even more ways for consumers to use PayPal any time, any place with NFC technology starting in Europe,” Chriss said. “Expect to see more from us in the coming quarters to enable and incentivize our customers to use PayPal online and in person.” PayPal would not comment directly on the Apple news.
When asked earlier this year during an April earnings call about European regulations forcing access to the iPhone’s NFC hardware, Chriss said PayPal “must play in an omnichannel world… We want to be able to deliver a PayPal service for customers everywhere, any time, every purchase.”
Chriss said where NFC is open to PayPal, “that obviously becomes a very easy opportunity for us to provide a wallet in an Android or iPhone operating system and we will be ready. If there are environments where it’s not available, we will still operate in an omni-channel [environment].”
Apple will monetize access to the secure element, Crone says. Developers must sign a commercial agreement with Apple and pay applicable fees for use of the NFC and secure element platform.
What these fees may be is unknown. Apple currently assesses 15 basis points per Apple Pay transaction to card issuers, while it takes a 30% cut for apps and in-app purchases in its App store. Crone suggests secure-element access will be priced somewhere in that range.
“That’s where Apple will make its money,” he says. “They start with 550 million active users of Apple Pay. The real upside is from the identity and all the new applications that will require biometric access and multifactor authentication identity. NFC is simply a rail, a pipeline for carrying a more valuable payload. And that payload is identity, authentication, and biometric validation.”