Paying with Fruit

Thinking differently on the Apple payment system it never should have bothered with.

September 9, 2014

Payments in 2014 work roughly how they did in 2004, 1994, 1984, 1974, and 1964. Iron a magnetic strip onto the back of some cardboard as IBM engineer Forrest Parry's wife suggested back then, and you're practically on the cutting edge. So if someone told you that they were on the verge of releasing a revolutionary payment system, you'd probably want to know more, if only to ensure that it wasn't just another take on a tired standard.

If that person was Steve Jobs, well, you would definitely want to know more.

That's what happened when in mid-February, 2011, my phone rang at my office in Palo Alto, and a person on the other end with a familiar but slightly weak voice greeted me with, "Hi, this is Steve Jobs."

Of course it is, I thought, not exactly registering the statement. My distracted response of, "Hi, how are you?" elicited an explanation that Steve had taken some time to reply to an e-mail message I'd sent him late the previous year because he had been sick—but that he was catching up on a lot of e-mail he hadn't read, and that he was doing some research on mobile payments.

In particular, Steve wanted to talk about barcodes, and how they compared with Near-Field Communication, or NFC, a technology that the banks had been pushing for years. I gave him my thoughts—that there was no real compelling use case, and that barcodes seemed to be doing perfectly fine in retail, as they had for decades. That's largely why I had decided to use barcodes for FaceCash, and why that decision had been validated by the subsequent design of the Starbucks mobile payment system, which also used barcodes, but without any kind of authentication step. Much to my surprise, Steve agreed with me.

"Do you know how many radios are in the iPhone already?" he asked.

"I think I read something like 17," I said.

"Yeah, it's about 17. The iPhone is ten pounds of shit in a five-pound box; the last thing I need is another radio. This NFC thing just seems like...like...a trick!"

The conversation turned to his explanation of the hundreds of millions of credit cards Apple had on file for iTunes, and his interest in finding some way to make use of them. I was skeptical that it could be done in a truly innovative manner, and I explained how hamstrung the card companies were by their infrastructure—something I was surprised that Steve didn't know much about. Nonetheless, Steve thought he might be able to strongarm the card companies into giving Apple a low rate to fund pre-paid accounts similar to the ones used by FaceCash. No matter what, he realized it would be a challenge.

"It's going to take fucking forever to get people to adopt," he admitted. "About ten years."

"Well why don't you start at the Apple Store?" I offered. I was also trying to stifle my laughter at the fact that the supposed God of modern-day computing swore like a sailor in casual conversation.

"We're going to use our own solution there," he said.

"So why not make FaceCash your own solution?" I pointed out.

"I'm on the phone with you, right?"

The call continued for about a half hour that day, with Steve half-extending an invitation for lunch at the end. Instead, there was a follow-up meeting at Apple in May, 2011 with Phil Schiller a few months later. Then, with little warning, the California Money Transmission Act threatened to shut down FaceCash. From my perspective, it was a ticking time bomb scheduled to explode on June 30, 2011.

On a number of occasions, PayPal had expressed some interest in what FaceCash could do, and I had met with their mergers and acquisitions chief at eBay as a result. I let Steve know, and made the impending regulatory threat clear. The night before my meeting with the California Department of Financial Institutions (DFI), he responded by e-mail with one sentence, striking a much different tone from our telephone conversation.

"Sorry, but we are not blown away with your concepts."

I was certain the discussions had met a confusing and disappointing end.

Thanks in large part to Steve's refusal to start Apple on a trajectory toward a new payment system, my meeting with the DFI the following day went poorly. In fact, it went very poorly—eventually spawning a federal constitutional lawsuit that is still pending, and has set a record for the longest delay of a non-stayed motion to dismiss in the Northern District of California's judicial history. (As of today, the motion has been pending before Magistrate Judge Howard R. Lloyd for 938 days, or 2.57 years.) In turn, the lawsuit led to a California General Assembly Banking and Finance Committee Oversight hearing, and two bills to amend the Money Transmission Act, one of which became law, and the second of which is about to—it's sitting on the California Governor's desk today. (It also turns out that the DFI official who threatened to incarcerate me for asking the wrong questions at that meeting has a track record of his own.)

Back then, I just figured it was all over.

Little did I know, the internal battle over iOS was brewing at Apple. Four days later, despite Steve's decidedly negative e-mail (contrasting a warm reception from Phil Schiller), I was invited to visit Apple once more. Though I was initially scheduled to meet Scott Forstall, Scott was too busy—he would eventually be forced out of the company—and I was instead foisted onto Adrian Perica, who ran mergers and acquisitions. Adrian had very little idea of why I was talking to him at all. He'd never seen FaceCash, and declined the opportunity to see it when I offered to show it to him.

Unsurprisingly, Adrian and the one other Apple engineer in our meeting weren't impressed with what I had to say. What I had tried to stress to them was that aside from being cheaper for merchants and more secure, FaceCash was device agnostic—it would work on an iPhone, Android, BlackBerry, or a sheet of paper—a crucial characteristic for a ubiquitous payment system. What they apparently wanted to know was how it could be deployed in the Apple Store the next day: an impossible task for any truly new financial technology due to the shifting regulations.

I was quite surprised, then, to receive an e-mail from Apple offering to buy the patent I secured on FaceCash's core technology while I was sitting in a hearing on the Money Transmission Act in Sacramento years later. When I called Apple to learn more, they claimed that the message had been sent in error. Months later, they began asking questions about licensing the same patent, but those discussions also led nowhere.

By chance, I ran into Tim Cook at a Starbucks this spring and mentioned that I had talked to Steve Jobs about payments. He encouraged me to e-mail him, and I did, but he never returned the message.

All of this suggests that within Apple, there has been some internal confusion, and perhaps debate, as to the best way to approach the enormous challenge of the payment system. Unfortunately, what has emerged is the worst possible solution for the consumer given Apple's enormous resources.

What Apple announced at its Chinese-dubbed, horribly scrambled launch event today is marginally better than forcibly inserting plastic cards into actual pieces of fruit, but not by much. Rather than develop its own technology, or even make use of another startup's, Apple has essentially capitulated to the banks, who have thus far wasted billions of dollars (according to some reports) trying to push failed NFC ventures with names like "Blink" (Chase), "payWave" (Visa), and "PayPass" (MasterCard). Very few consumers have used these technologies—even with Android devices supporting NFC since 2011—because as Steve Jobs initially recognized, there's really no point. It's no faster than swiping one's card, and it's no more secure.

The supposed appeal of this approach is a head start on merchant adoption, but the number of merchants prepared to accept Apple Pay is small and likely to remain so for some time. Today, most small merchants do not have NFC readers; even many large retailers lack them. Installing them is extremely expensive—far more expensive than buying a barcode scanner (which many retailers have already), as Starbucks figured out. Simultaneously, banks have been pushing state legislatures to mandate EMV (also known as Chip-and-PIN) terminal adoption by merchants in 2015 in the hopes that EMV will solve all of their fraud problems, but it's likely to solve none of them. Just because a card has an EMV chip does not mean that its account number cannot be stolen.

NFC can even have the opposite effect of the one banks and card sponsors intended. I once encouraged a friend to try using the contactless technology at a drug store, but he wasn't sure which of his cards supported it. Before I could explain how to tell them apart, he held his entire wallet up to the sensor, and let the radio signals duel it out until some card within, effectively selected at random by the laws of physics, won out. With that single convenient gesture, he completely nullified every bank's and card provider's attempt to win his "customer loyalty" and interchange revenue.

Apple Pay promises to make the payment process a little bit more dependable, at least, by allowing you to choose the card that you want to use from Passbook. Then, you use the fingerprint sensor built into the iPhone to verify your identity, after which the card is "tokenized," or referenced according to what really amounts to an extra account number, instead of the number printed on the card. These are all good precautions to take, but they don't really solve the problem, because at the end of the day, depending on merchant's system design, your card number will most likely still be sitting in a database somewhere. Target, Home Depot, TJX, and basically any retailer that does business today can tell you all about that. For this very reason, many retailers have teamed up as "MCX," which recently announced after many years their plans to market a mobile wallet for themselves called CurrentC, which no one will actually use because by definition it is not designed to be ubiquitous. Not to be outdone, the telephone companies, which previously called their mobile payments consortium "ISIS," are now hoping that in addition to Apple Pay and CurrentC, you will also enter your cards into their renamed-due-to-terrorist-trademark-infringement product, Softcard.

It's not clear what Apple Pay offers to consumers that Google Wallet—another failed NFC venture involving big banks and old cards—did not. Steve Jobs was acutely aware of this in 2011 when he pressured me to explain the consumer benefits of FaceCash. My response was a better grasp on spending, accounting, taxes, and extra features such as bill splitting—to say nothing of the huge merchant benefits. Yet Apple has avoided all of those benefits because the card system is fundamentally incapable of providing them, instead spinning the lack of functionality as a "privacy" benefit.

The reality is that Apple Pay is about as magical and modern as the MacBook Air shipping with a USB 5.25" floppy drive. If you have a credit or debit card, you should assume that the card number has already been stolen and is available to Russian, Ukranian and Chinese hackers for about $0.30 per number on criminal hacking forums. It's nearly insane for any company to build products on such a foundation. (If Apple Pay hurts anyone, it's Square, whose card readers might not be so appealing anymore assuming that NFC finally takes off. Then there's Clinkle, which was never really a proper company in the first place, and is more akin to a $30 million college party that lasted four years too long.) It's therefore disappointing, from a technologist's point of view, to see Apple supporting such a broken system. Even if your account number doesn't get stolen because of Apple Pay, it's still virtually guaranteed to get stolen some other way.

Apple Pay is not necessarily doomed—the fact that it is integrated with Passbook, which gets at least minimal use from iPhone users, is at least something more than Google Wallet had going for it. But Apple has done exactly what I advised it not to, and what Steve Jobs at least expressed some doubts about himself: it has backed a communication standard of questionable benefit (only now that the NFC chips are cheap enough, most likely) to bolster an obsolete payment standard (clearly becoming more obsolete every day), while causing additional fragmentation in a market that is already incredibly fragmented. After all, Apple Pay only works with iPhone 6 and higher, which makes every iPhone user today ineligible—and it's certainly not worth the device upgrade on its own. It doesn't work with Discover cards, or cards issued by many banks. It doesn't work at most of the merchants you visit, unless you happen to live at Disney World and eat exclusively at fast food restaurants (or, at the other extreme, Whole Foods). It doesn't offer you any additional protection for your financial account. And you can't even transfer funds to another Apple Pay user, even if you can share something as sensitive as your live heartbeat via your Apple Watch (another questionable feature, for different reasons).

There's a reason for that last issue, of course. Apple's Board of Directors was wary of the same regulations that Steve left me to handle on my own. So long as Apple never touches your money, it cannot be regulated as a money transmitter, which would be preferable to avoid for an enterprise with so much capital.

Lastly, it's worth noting what happened the last time Apple was up against a dominant player whose products were plagued by incurable security issues. I'm talking of course about Microsoft Windows, the product line whose 2000 and XP versions were so hopelessly ridden with performance-killing spyware thanks to the broken Windows Registry that PC consumers were willing to switch to another platform in droves for the first time ever. The card companies now are Microsoft; the card networks themselves are Windows. Yet rather than responding with a brilliant "Switch" campaign, Apple has taken the markedly unimpressive step of painting lipstick on a pig. It's as if Steve decided to release an Apple-branded as-seen-on-TV spyware removal product instead of releasing the iMac.

So here we are, in 2014, where the mobile payments landscape is littered with a few more skeletons than it was three years ago. We have a California money transmission statute that is about to exempt money transmission from the definition of "money transmission" after causing enormous headaches for three years, a deeply humbled Google Wallet, a PayPal that is just as clunky as ever, and now a fruit-based payment system that offers almost nothing new—and only to first adopters of a specific model of phone who visit Disney World, while consumers who are sick and tired of having their card numbers stolen continue to have limited options.

On the plus side, there are only four more months until FaceCash launches again in California. Until then, Apple, sorry. I am not blown away with your concepts.