The Nilson Report

THE CURRENT ISSUE: Issue 1049 | Sep 2014


Companies featured in The Current Issue include:

Headlines from The Current Issue

Top 150 Acquirers Worldwide

Apple Pay Mobile Payment Service

Visa Token Service

InComm/Seamless are Prepaid Partners

Rede Buys MaxiPago in Brazil

Global General Purpose Cards - Midyear 2014

U.S. Commercial Cards - Part 3

Investments & Acquisitions - August 2014

Citi Offers Digital Wallet in the U.S.

Kount Fraud Technology

Charts in this Issue

Top Acquirers Worldwide - Ranked by Transactions on General Purpose Cards in 2013

Investments & Acquisitions - August 2014

Purchase Volume on U.S. Cards in 2013 - Commercial vs. Consumer

Purchase Transactions on Global General Purpose Cards - Midyear 2014

Global General Purpose Cards - Midyear 2014 vs. Midyear 2013

Largest 150 Acquirers Worldwide 2013

Global General Purpose Cards - Midyear 2014 vs. Midyear 2013

The table on page 10 shows credit and debit card figures for all global brand payment cards. Listed below are purchases at merchants generated by credit cards for the four largest brands.

1. Visa Debit
$1,623.30 bil. Purchase Volume
2. MasterCard
$1,085.59 bil. Purchase Volume
3. UnionPay
$1,018.89 bil. Purchase Volume
4. American Express
$489.95 bil. Purchase Volume

Full access to the Global General Purpose Cards - Midyear 2014 vs. Midyear 2013 results is available when you subscribe to The Nilson Report.



Apple Pay, the mobile payment and digital wallet service announced this month along with the debut of new handsets from Apple, will be available only in the U.S. beginning in October 2014. The service is supported by two NFC (Near Field Communications) chips embedded in the Apple iPhone 6 and 6 Plus. One from NXP combines a 65V10 module and Secure Element. Another from AMS is an AS3923 booster IC. 

The Secure Element will hold a token that is EMVCo Payment Token Specification approved -- 16 digits long for Visa, MasterCard, and Discover (not yet announced as a participant), 15 digits long for American Express -- that substitutes for the 16- or 15-digit primary account number (PAN) when Apple Pay payments are made through the networks. The PAN is never stored on the device or at any remote Apple server. 

Apple, which owns or has applied for 50 patents related to NFC, controls the Secure Element, rather than any of the mobile network operators selling Apple devices. 

The handsets also include Touch ID biometrics, which are used to validate in-app purchases as well as payments made at checkout lanes equipped with NFC contactless chip readers. A mathematical representation of the user’s fingerprint is held in the secure enclave of the A-Series processor where it is protected by encryption.

Apple Pay works with Apple’s Passbook wallet, which can store one or more tokenized payment card accounts along with a cardholder’s shipping details. 

There are nearly 10 million merchant locations in the U.S. and currently over 220,000 of them have contactless readers that accept card payments. This number will increase rapidly with the approach of an October 15, 2015 deadline that shifts the liability for counterfeit fraud to merchants if a chip card initiates a transaction at their terminal and they have not installed a chip card reader.

By the end of the decade, there will be at least 70 million Apple Pay-enabled devices in the U.S., and NFC readers will be ubiquitous. 

All Apple Pay purchases require the cardholder to initiate a payment with their fingerprint. For in-app purchases, the fingerprint also triggers transfer of shipping details from Passbook to the merchant. 

Brick and mortar merchants will promote Apple Pay with contactless payment signage. For merchants who sell within a mobile app, Apple Pay will become an alternative payment acceptance brand just as PayPal is. In time, Apple could aggregate and acquire some Apple Pay transactions, as Pay Pal does today. 

All transactions remain Visa, MasterCard, Amex, or Discover. No new merchant acceptance agreement is required. Merchants will not pay any fees to Apple, although the networks will charge fees for their role in supporting tokenization security. 

Target, Groupon, Starbucks, and others have already committed to Apple Pay for in-app purchases. Software development kits for Touch ID APIs are now available for developers including payment gateways, as well as for acquirers who have signed to promote Apple Pay to all of their merchants. These include First Data, Vantiv, and TSYS.

Consumers wanting to use Apple Pay can designate the credit or debit card account details that are already held by Apple for purchases of music and apps. They will also need to add their CVV code.

Once Apple is contacted, it verifies the account information and CVV with the card issuer. This triggers the process of creating a token for the PAN. The token is then sent over the air to the Apple device by the issuer or their processor, or by Visa, MasterCard, American Express, or Discover (eventually). In-app purchases and those made at brick and mortar merchants use the same token. 

Any cardholder who doesn’t already have a card registered at Apple can also participate in Apple Pay by notifying issuers who have signed Apple Pay contracts. So far these include Bank of America, Barclaycard, Capital One, Chase, Citi, Navy Federal CU, PNC, USAA, U.S. Bank, and Wells Fargo. This group, which will rebate part of their interchange fee revenue to Apple, accounted for 84% of all credit card purchase volume and 55% of all debit card purchase volume at midyear 2014. 

Apple Pay security measures also include a unique device account number (device ID) for each iPhone, which is encrypted and stored in the Secure Element. Each payment authorization request ties the device ID to the token. This gives issuers and networks the ability to restrict authorization requests to specific domains so that purchases will only be authorized when the token matches the device. 

Apple holds, and therefore needs to protect, 800 million primary account numbers worldwide to support payments for purchases of apps and music. Substituting tokens for those PANs will, over time, reduce Apple’s risk from a security breach and any resulting reputational damage. Apple Pay’s infrastructure is designed to preclude damage to Apple’s reputation from participation in payments initiated by its mobile devices.

Copyright 2014 © The Nilson Report