One player that everyone is watching with anticipation is Apple. Will it adopt NFC like the other mobile platforms, or will it walk its own path? Whichever direction or payment method Apple takes, the majority of consumers will be sure to walk with it.

Apple has placed itself in a unique position, whether it intended to or not, to fundamentally change how and where we shop. The first step was linking users’ credit or debit cards to iTunes: Apple now has around 600 million cards on file with this service (and that number’s growing every day). This allowed for a funding source for one-tap purchases for apps, music, movies, and books. Next was a way to bridge the gap into tangible retail items.

Apple is known for experimenting with retail technologies within its own brick-and-mortar stores. This is evident in concepts like the Genius Bar appointment system and card acceptance on the sales floor with iPhones (thanks to VeriFone jackets that can process credit card swipes). In 2011, Apple introduced EasyPay (Figure 7-4), which allowed customers to skip the checkout line, to its Apple Store app. A consumer could walk over to the accessories wall, pick up a small item like a set of earbuds, open the app and scan the barcode on the box, touch Pay on his phone, then walk out, receiving a receipt later by email. Frictionless and fun! Then, Apple launched Passbook in 2012 to create a wallet of mobile-friendly coupons, boarding passes, and gift cards. The app uses geolocation to bring up the Passbook item that is most relevant to the user at a given time, like a Target coupon when she drives past a Target store, or a boarding pass for her United Flight as she approaches the airport.

In 2013, Apple took two more steps toward making the iPhone a multiuse wallet. First was the use of Bluetooth Low Energy (BLE)–powered iBeacons (Figure 7-5) placed around its stores. BLE allows for small packets of data to be passed between devices, which is great for concise communications like payments and push notifications (as opposed to the file and music sharing you would do with regular Bluetooth). This allowed for the possibility of setting up multiple fields around the store, each with a different purpose: one welcoming users at the front door, and one in the center aisle informing them of the day’s sales or bringing up the EasyPay feature of the Apple Store app to the foreground.

Figure 7-4. Checking out with Apple’s EasyPay

Figure 7-5. How iBeacons could be placed throughout a store to augment a shopping experience (courtesy of Estimote [http://estimote.com/])

Beacons were also tested at the Union Square Macy’s in San Francisco with Shopkick points, and at Citi Stadium in New York City. The beacons could ping users’ phones with helpful content and special offers relevant to their exact location, like step-by-step directions to their seats or a coupon for hot dogs if they happened to be near a concession stand (Figure 7-6).

Figure 7-6. iBeacons powered the MLB app with accurate seat finders and coupons that could appear as the user walked past the concession stand (images courtesy of MLB and Mashable)^[84]

The second step Apple took was implementing a security and authentication mechanism, unique to each user, which could be used to lock the phone and authorize purchases. That came in the form of TouchID (Figure 7-7), a fingerprint scanner and sensor built into the home button of the iPhone 5S. In 2014, Apple opened the API for TouchID, so that apps on the OS could call it to verify the user. This is an obvious authentication factor for banking and payments applications, and Apple made a point to demonstrate it in such a capacity with the Mint app.

Figure 7-7. Touch ID brought fingerprint scanning to the iPhone, where users could use a finger to lock their phones, to approve purchases in the App Store, or to log in to apps

Hopefully merchants won’t overuse channels like BLE to spam visitors to their stores with a bunch of content and offers the customers don’t want, as was common practice when SMS alert campaigns and push notifications first entered the mobile scene. But collectively, these features could work within either a merchant’s app or an open “iWallet” to deliver an elegant way to shop that is free of all the things that make it not fun—like collecting (and forgetting to bring) paper coupons or loyalty cards, searching for an item in vain, and waiting in long checkout lines. With an Apple-powered wallet, a grocery store trip could look more like Figure 7-8.

Figure 7-8. When it’s time to check out, a user needs only to press his finger on the scanner

Of course, the combination of these features is not unique to Apple. BLE is available in Android phones as of Android OS 4.3, and there are fingerprint scanners being introduced in phones by Samsung, HTC, and Motorola. Still, no one can predict what Apple will do in the space—but whichever transaction method it chooses will surely become the standard, such is its influence on consumer electronics. If Apple adopted NFC in its iPhones or adopted host-card emulation, for example, it would cause a sea change in the payments ecosystem. In the end, between Apple and Google, it comes down to which brand users are more likely to trust with their financial information.

In 2012, 30 of the largest retailers in the United States—including Gap, Walmart, Best Buy, and Target—banded together to form a mobile wallet consortium called MCX, or Merchant Customer Exchange.^[85] Their goal was to lower their transaction costs and capture consumer shopping data with their own mobile wallet solution, as a reaction to NFC wallets such as network operator–led Isis and Google Wallet. Ostensibly, their wallet would be founded on an ethos of good customer service and low barriers to entry.

Not much is known in terms of how the MCX wallet will evolve, but early press releases have revealed that MCX’s approach will be based on QR codes and barcodes, which the user would either scan or present at the register to be scanned. Though at first glance this approach does not seem as secure as NFC or cloud wallets, MCX intends to use dynamically generated codes that will change with each new transaction, lowering the risk of unauthorized use should someone steal the user’s phone. Each QR code or barcode would “self-destruct” after each payment, requiring a PIN or passcode to generate a new one for the next transaction.

The other possible feature of the MCX wallet is that each merchant may have its own version, so unlike Square or Isis or Google Wallet—which are ubiquitous and can be used at any merchant that accepts them—merchants within the MCX group may have unique wallets, likely containing their coupons and offers, tied to the dynamic QR code/barcode payment mechanism.^[86] You could imagine a folder on the user’s home screen that looks something like Figure 7-9, if MCX lets merchants dictate their own experiences. However, it is more likely that MCX will be a unified wallet that could work across a selected group of merchants (say, all grocery stores).

Figure 7-9. What a collection of MCX wallets might look like, if each merchant has its own payment apps

Collectively, these 30 merchants bring in $1 trillion in annual sales, and have a long-established base of loyal customers in their pocket. Though this wallet has yet to launch as of this writing, the sheer volume of mindshare that these merchants have with US mobile users makes it a formidable proposition. Again, it comes down to gaining user trust, and incidents like the Target POS breach of 2013 will run long in consumers’ memories.

Another “silent giant” in the world of payments is Facebook. Like MCX, Facebook has an immense built-in audience, numbering up to 128 million users in the US alone as of August 2013, 101 million of which are mobile users.^[87] The company has always fostered some form of commerce within its network, whether it’s buying in-game credits or linked credit cards for Groups to advertise their pages and events. In 2012, Facebook rolled out its Gift feature. Users could browse a catalog of digital and plastic gift cards, which they could then send to friends for birthdays, weddings, or just because. Recipients would get a Facebook message with a redemption code they could use online, or as of 2013, a plastic Facebook Card sent to their home address (Figure 7-10).

Figure 7-10. The Facebook card can hold multiple balances from gift cards

The Facebook Card is reusable, and can hold balances from multiple gift cards. For instance, the card could hold “$100 at Sephora, $75 at Target, $50 at Olive Garden, and $8.25 at Jamba Juice.”^[88] As you receive other gift cards from friends or if you buy them for yourself, the balances are automatically added to your master Facebook Card (Figure 7-11).

This “proxy” model takes the concept of paying for your purchases with reloadable plastic gift cards a bit further than the Starbucks and Dunkin Donuts closed loop cards, where you can use the cards only in the company’s store, with its app. Facebook cardholders would be able to reload and manage their cards on the site or in their mobile app.

Figure 7-11. Viewing a transaction history for a gift card linked to your Facebook card

Right now, Facebook Cards employ a magnetic stripe on the back of the card, which is provided by Discover. If they went one step further and pulled a Facebook Card barcode or QR code, or linked the multiple balances on the user’s Facebook Card to an NFC or cloud checkout, then the user could take the Facebook app and buy things at any of her favorite stores with these prepaid accounts. If Facebook linked the “pseudocards” to a bank account or credit card, the balances could be refreshed whenever the user felt like it.

An alternative form of payment via Facebook is purely speculative at this point, but is indicative of how Facebook has come to be our digital representative in the online world, tied to our very real self-identities, and is much more personal than any government-issued ID card. Facebook knows our full names and addresses, where we live, who we talk to, and where we work (that is, if we choose provide those details). That digital identity could be used as currency. If the user has linked a debit or credit card to his Facebook account, and was “checked in” to a nearby shop, then the merchant would need only to confirm who the user is by looking at his Facebook profile picture and name. Once, say, the barista chooses his name from the list of nearby customers, the money for the latte he just ordered can be charged to the debit card he has linked to Facebook, and later the merchant can send him a receipt via email or Facebook message. Facebook’s messaging service itself could be a medium for sending payments back and forth between friends, as seen in apps like Venmo.

Of course, in order for such scenarios to take place, users would have to feel comfortable providing their card details to a social networking site, which historically has not been a popular sentiment. A Facebook Card could mitigate this, being a stored-value card that minimizes the risk of users losing a lot of money if their phones were misplaced or stolen. The concept of paying with your “digital-social identity” would take us back to the days when the local shopkeepers were our neighbors and knew our names, families, and where we went on vacation. If we didn’t happen to have cash on hand, we could ask the shopkeeper to put it on our tab for payment later, and the shopkeeper was comfortable with that arrangement, knowing our faces and where we lived and trusting us as members of the community.

A new wave of everyday items like watches, eyewear, and jewelry has been infused with wireless connectivity, transforming them into wearable smart devices that can feed us information about the world around us, or just enable us to answer phone calls without having to reach into our pocket and pull out a smartphone. If these wearables can be made capable of peer-to-peer communications and linked to the wearer’s money, they could easily be used for shopping, to find product reviews, or to do online price comparisons.

One of these fascinating inventions is Google Glass, which frames a small screen in the wearer’s peripheral view, and lets him take pictures, get directions, answer calls, or look up things on the Web, primarily with voice controls or gestures. Its use in public has been controversial due to concerns of privacy: some people are concerned that Google Glass owners could surreptitiously record videos of them without their knowledge in restrooms or other private spaces. However, Glass has obvious benefits in several applications where users need a hands-free interface to aid them in finding information quickly (think pilots, mechanics, or surgeons).

Developers have already begun to experiment with how Google Glass could be used for shopping and payments. When Google first announced that Glass would be released to members of the developer community, it had a contest where developers could submit proposals for what they would do with the new device (the prize was a pair of free Glasses). Playground Labs’ submission to this contest was a concept video (Figure 7-12) that illustrates how Glass could be a useful tool for shopping, in addition to other use cases like playing video games or learning to play the guitar. The built-in camera could scan the barcode of an item the wearer might want in the store, and perhaps display a table of prices from the store’s competitors. At the register, the wearer could use the Glass camera to scan the merchant’s QR code to check out, or say “Pay with Credit” to enable Glass to send her card details to the merchant via a nearby BLE beacon. Checking out using Bitcoins is another possibility, as demonstrated by the EAZE app for Glass (Figure 7-13), which lets the user pay with just a nod.

Figure 7-12. User’s perspective while shopping with Google Glass (courtesy of a concept video by Playground Inc. [http://bit.ly/1qVzHKL])

Figure 7-13. EAZE for Glass, which links to the user’s Bitcoin wallet for payments with just a nod of the head

Another new device that could be used for banking and payments is a web-connected watch, like the Pebble, or any of the watches using Android Wear. Resembling something Dick Tracy or James Bond might have used, smartwatches could be used to get bank balances or show a miniature transaction history. In the fall of 2013, Westpac Bank in New Zealand released an app for the Sony SmartWatch (Figure 7-14), which brought the functionality of its CashTank mobile app utilizing one basic function: a visualization of the user’s bank balance that was easy to digest at a glance.

Figure 7-14. Westpac’s CashTank quick balance smartwatch app

Smartwatches are another handy gadget that is much less conspicuous (and controversial) to wear around, and watches like the Pebble already have a handful of payments apps built into them, such as Pebblebucks (Figure 7-15), which fetches the wearer’s last known Starbucks card balance and can show his barcode at checkout. Users can even make payments when the watch is not tethered to their phone, just in case they leave both their wallet and their phone at home. The horror!

Wearable device experiences typically require minimal physical interaction from the user, often relying on the user’s voice or location. In order for payments to be successful with these devices, the act of paying would have to feel natural and seamless. There are unique security problems to tackle with these devices. For example, if your app relies on users entering a passcode before a payment, how would they enter it when there is no keypad to touch? In this case, speaking the passcode to the device would not be ideal.

Figure 7-15. Pebblebucks, a Starbucks payment app for the Pebble smartwatch (courtesy of CNET)

It’s important to note that demos of new payment technologies tend to gloss over one inconvenient factor: how users will authenticate themselves to the bank in order to do things like get an account balance or authorize a payment. That is where the second cluster of payment-conducting tech innovations comes in: biometrics.

The problem with current authentication methods is that they are vulnerable to fraud, in various degrees. Signatures are easily replicated, and PINs can be hacked by brute force—that is, attempting all the possible number combinations or known factors (common PINs like 1234 or 2580, or the cardholder’s birthdate or address). ID cards can be forged or stolen. Biometrics would greatly reduce the cognitive load that consumers must carry, as their brains are already inundated with PINs, passwords, phone numbers, and addresses. Surveys have shown that 67% of consumers have to remember an average of 11 username and password combinations.^[89] When faced with remembering so many disparate security credentials, our human nature tends to lead us to use the same username/password or PIN combinations for different purposes—banking, paying bills, or sending email—elevating the risk of them being compromised. Biometrics would also eliminate the need to carry forms of identification like driver’s licenses and passports, as our fingerprints, faces, and voices are unique to each of us. Signing a credit card slip is a thing of the past—not that it’s doing us much good now. An anecdote by UK financial technologist Dave Birch illustrates the ineptness of using analog signatures to verify someone’s identity: ^[90]

Examples like this are why security researchers experiment with the use of identity hallmarks that are impossible to replicate: parts of the human body.

In the past, true biometrics have been limited to building access and border crossing, or secure laptops and external hard drives that users can unlock with a fingerprint. The hardware needed to scan and read biometric sources like voice inflection, fingerprints, and facial patterns has typically been too expensive and unwieldy to put into the hands of the average consumer or corner store. Mobile devices have, of course, changed this, employing built-in fingerprint sensors, rudimentary facial recognition, and voice passphrases to lock or unlock a device (Figure 7-16).^[91]

Figure 7-16. Examples of unlocking a device with voice commands, facial recognition, and fingerprint scans

There have been a few commercial attempts to make biometric scanning at the register a reality, such as pilot programs from Fujistu-backed Pulse Wallet in 2013,^[92] which reads vein patterns in shoppers’ hands (Figure 7-17), and even a few brief commercial rollouts—like the PayByTouch back in 2002, which let consumers link a bank account with their fingerprint.^[93] Most notably, PayPal partnered with Samsung to introduce payment authorization by fingerprint, thanks to the Galaxy S5’s scanner (Figure 7-18).

Finnish startup UNIQUL (Figure 7-19) is working on retail kiosks that would allow merchants to use facial recognition to verify customers, scanning them as they approach the register, and claims to reduce checkout times from 30 seconds to 5 seconds.^[94] The concept centers on the fact that human faces all have a unique set of metrics when it comes to measuring the distances between facial anatomy. This includes the distance between the eyes, the length of the jaw, the distance from the bottom of the chin to the tip of the nose, and so on.

Figure 7-17. PulseWallet attempts to employ biometrics at the point of sale (courtesy of the Verge)

Figure 7-18. PayPal is exploring the use of fingerprint scanners on newer Android phones to authorize payments with a higher level of security than a PIN or password

Figure 7-19. UNIQUL’s proposal for a point of sale that would scan customers’ faces as they approach to check out

Systems like these are prone to false positives, like when Logan Airport in Boston tested facial recognition at its security gates in an effort to thwart terrorists from sneaking through. Scanning a stream of 40 volunteers each time they went through the security line, the system failed to recognize individuals 38% of the time, likely due to changes in ambient light and the inability to map out the faces of people in motion or at different angles from previous scans.^[95]

For designers, biometrics present new challenges in interaction design, especially around instruction and feedback. Designers must provide clear instructions to users on the best angle or direction to swipe their finger in order to get a good read on the scanner. Animations and sounds should be incorporated to let users know when their face or voice has been recognized for a payment authorization.