ApplePay will launch in the UK this July with over 250,000 merchant locations (incl. M&S, Boots, Waitrose & TFL) and partnering with an initial 8 banks (such as HSBC, Santander & RBS).
More banks are slated to join during the Autumn months, which Apple anticipates will allow the service to work with approximately 70% of UK debit and credit cards (an impressive and ambitious launch campaign for any payments business).
The expansion of ApplePay in the UK comes relatively quickly since its launch in the US in 2014. At that time, a high level review of what EU payment law issues may apply to the service was considered. Given that we now know more about the service’s features, this post revisits some of those issues.
One important disclaimer is that this note reflects only some of the matters that would need to be explored in further detail – only a full transparent review of the ApplePay service would lead to any firm conclusions on its legal and regulatory position. Accordingly, the below is a high level review of certain potential issues – as considered in light of publicly available materials. It is not to be relied upon in any definitive manner nor as legal and/or regulatory advice.
How will ApplePay work in the UK?
Before looking at some of the key EU regulatory matters, it is important to understand a little more about how ApplePay works. As featured on its website, the ApplePay UK service is compatible with the following devices, for purchases made via the following sales channels:
iPhone 6 / iPhone 6 plus: for both in-store and ‘in-apps’ purchases.
Apple Watch (paired with iPhones 5, 5c, 5s, 6 or 6+): in-store purchases.
iPad Air 2 / iPad mini 3: ‘in-apps’ purchases.
For many, its use may be made via the iPhone 6. To make a payment with an iPhone it is understood that the following process is carried out:
1. Set-up: add/register your eligible payment card to Apple Passbook
You can do this in a couple of ways, the easiest way is to register the payment card that you already use for iTunes by entering its card security code. Alternatively, register your debit or credit card via the passbook app and follow the screen instructions.
2. Make an in-store payment
To pay at a shop, just hold the iPhone near the contactless reader with your finger on the Touch ID. The payment information is transmitted via near field communication (NFC) technology.
3. Make an ‘in-app’ payment
To make a payment within a merchant’s app, you select ApplePay as your payment method and place your fingerprint on the Touch ID.
4. Security features
No storing of card numbers
When a card is added to the iPhone 6 Passbook, the card number is never stored on the device, nor on Apple servers. Apple allocates a special “Device Account Number“, which is encrypted and stored on a chip inside the iPhone (known as the “Secure Element”). This means that if your device is ever lost or stolen or, if there is a security breach at Apple itself, your card details are never exposed.
Easy suspension of payments if your iPhone is lost / stolen
If your iPhone is lost or stolen, you can use the ‘Find iPhone’ feature to facilitate the suspension of payments from that device. You can also stop payments via the settings feature in iCloud.
No saving of customer transactions
Apple does not save details of a customer’s transactions, although details can be found via the Passbook feature.
Payment amount limits
At least initially, there will be limits on the amount (in value) of payments that can be made via ApplePay (expected to be approx £20).
5. Payment execution
Once the payment has been initiated, the assigned Device Account Number, as well as a dynamic transaction specific security code is sent via the payment card processing networks. This security code process uses ‘tokenisation’ and it is a form of transmitting financial details securely – each of Visa and MasterCard have reportedly allowed ApplePay to use its tokenisation processes to allow the payment data to be transmitted in this way.
ApplePay via the Apple Watch
There is also a handy YouTube video on how ApplePay is envisaged to work via an Apple Watch
ApplePay and EU Payment Regulations
As a starting point, the key EU payment laws to consider are the regulations stemming from the E-Money Directive (EMD) and the Payment Services Directive (PSD). Moreover, within the context of a ‘soon to be published’ PSD2, it is also prudent to consider its upcoming requirements.
Looking at these in turn.
Is ApplePay caught by the EU E-Money Regulations?
To determine whether ApplePay is within the scope, the first question to ask is whether ApplePay involves the issue of ‘e-money’.
“Electronic money” is defined under Article 2(2) of the EMD as meaning:
‘electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions as defined in point 5 of Article 4 of Directive 2007/64/EC, and which is accepted by a natural or legal person other than the electronic money issuer’.
It appears that ApplePay does not involve the issue of e-money – there doesn’t appear to be any electronic stored value issued by Apple to its customers on receipt of funds. It looks like Apple only facilitates the processing of payments by sending secure payment information.
What about ApplePay carrying out regulated payment services under the PSD?
It is indeed arguable that ApplePay involves certain regulated payment services – as provided for under the PSD. However, and this is key here, there is an exclusion available to operators of potentially regulated payment service providers if they don’t come into possession of the payment transaction funds and provide technical services that support payment processing. In particular, Article 3(j) stipulates that the PSD does not apply to:
“services provided by technical service providers, which support the provision of payment services, without them entering at any time into possession of the funds to be transferred, including processing and storage of data, trust and privacy protection services, data and entity authentication, information technology (IT) and communication network provision, provision and maintenance of terminals and devices used for payment services;”
The above does appear to have application to ApplePay (as the service is understood), which may be very helpful on removing ApplePay from the requirement to become authorised as a payment institution for the time being.
Are there any regulations coming down the pipeline which may more clearly capture ApplePay?
The short answer is yes. The PSD is being revised by PSD2 which expands the scope of regulated payment services. (PSD2 is now awaiting final publication following extensive review via the Brussels legislative machinery).
PSD2 is looking to introduce new regulated payment services – collectively referred to as third party payment service providers, which if no exclusion is available, will potentially require operators of such services to become authorised. More details on these new regulated payment services can be found here.
Of particular interest to ApplePay is the proposed new regulated payment service known as a “Payment Initiation Service”. The expected definition of a Payment Initiation Service is set out in draft Article 4(32) of PSD2 as follows:
‘payment initiation service’ means a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider;
What is also relevant to the introduction of the above is that the exclusion set out above for technical service providers (as mentioned above) will not necessarily apply to payment initiation services, so even if ApplePay were to continue to not come into ‘possession’ of the funds, it may subsequently fall within scope of the PSD2.