This is great to see. I knew they were working on it (since they’re transparent about what features they’re working on) but I figured they would end up in iOS 12 and Safari 12 in MacOS Tuscaloosa.
The importance of this cannot be overstated. ~25 years after the web was first popularized, we have an open payments layer API that is supported by the most popular mobile wallet.
I know Apple Pay's killer app when it was first announced was the ability to pay easily in-store, but I feel like this is actually a bigger deal. I never had much annoyance with whipping out a card at a grocery store, but paying for things online in a way that's ridiculously fast as well as secure has always been a dicey proposition. This is a huge leap forward.
Last time I checked the Payment API it was pretty low level, for example you'd get CC numbers. Processing that would then require PCI-DSS compliance so you'd likely still need a payment processor like Stripe. Payment API just provided a nicer UI for your cards and maybe virtual numbers in case of Google Wallet.
Second that.. That's a huge improvement and massively under-appreciated aspect of real-world Apple Pay as well.
Basically you don't have to worry anymore about merchants getting hacked and getting card numbers stolen, because the tokens they use in place of card numbers are tied to iPhone-based authentication (device possession + PIN/biometrics).
Seems like all the marketing around Apple Pay is about convenience, but security is a big part of the story.
Let me guess...as a merchant you are pretty much doomed if Apple doesn't like you. I find the blockchain payments way better for both merchant and buyer. No more 3 digits secret codes.
You guessed wrong! Apple's deal is with the card issuers, so the only people doomed by Apple's disfavor are customers with cards from banks that haven't adopted Apple Pay. Apple has no say over which merchant can use it.
Also I think you missed the part where Apple Pay doesn't involve 3 digit CVVs.
I added basic bitcoin functionality to our store a few years back. About 1% of customers chose it, and nobody really paid attention to it.
Then, payments would just stop getting through unless customers were willing to spend $40 (on a $60 purchase). That ended our little experiment. I couldn't care less about credit card companies' unwillingness to deal in child porn and Nazi propaganda. For us, they simply work.
The decentralised nature of Bitcoin has also been proven to be mythological anyway. You can't use it (or any other cryptocurrency) without access to centralised services for exchange and other services. And those companies will adopt the same policies as CC companies and banks as they grow larger, professionalize, and draw scrutiny.
The only positive was the small fortune that had accrued in the meantime. The earliest orders had exchange rates of around $100:1BC. We didn't care about it December or so, and got lucky again in that the problems with transaction costs both coincided with BC's peak and were the reason for us to cash out.
Your statement regarding the "real world" being equated to "mobile payments" is confusing. FWIW, PayPal cleared $155B in pure mobile payments volume in 2017. Apple Pay on the other hand hasn't published any numbers (apart from a 450% "growth" which every analyst knows is a cop out because the raw numbers themselves are likely not impressive.)
Between Apple Pay, Samsung Pay, and Android Pay (which I believe recently got rebranded as just Google Pay), Apple Pay is ahead in userbase numbers by a considerable margin — perhaps not as much now as a year ago, but I doubt it was overtaken.
Because there's no market. For physical transactioms EMV does everything they do, and in a more convenient package. For online transactions, they're not more convenient than the incumbents.
“We’re pleased to announce that Safari 11.1 on macOS and Safari on iOS 11.3 now support the W3C Payment Request API for conducting Apple Pay transactions on the web.”
> Wasn’t this API basically invented to provide a standard complaint way of doing something like Apple Pay? Here you go.
No, the API invented so that the browser could act as an intermediary between many payment-requesting services and payment services, such as PayPal, PayTM, Apple Pay, etc.
They chose to limit support exclusively to Apple Pay, so that users won't have a choice.
Yes it was invented to act as an intermediary so people didn’t have to fill out 30 form fields correctly. But that didn’t happen UNTIL Apple made their own and everyone else decided they wanted one too. As far as I’m aware it was never proposed before Apple Pay existed.
This is not a case of “embrace and extend“ where Apple took something open and locked it down. This is a case of where existing functionality is now available any standards compliant way instead of having to use Apple’s custom JavaScript calls.
User still have the choice of entering their credit cards the same way they have for the last 20+ years. It’s not like you’re forcing ALL payment on the web through this.
I notice you didn’t propose a suggestion to the security/UI delima I mentioned. I am 100% willing to bet that’s why they didn’t add basic-card support. And it seems like a good decision to me.
This is a brand new API that basically no one uses. If websites start using it because they want to support Apple Pay and see it will be easier to support other payment methods on other browsers… isn’t that a benefit?
I don’t see how this is anything but a very positive move compared to the official way to support Apple Pay last month.
You do notice that this has been implemented on Chrome already, supporting multiple payment apps or methods? But Apple decided to exclusively support Apple Pay on Safari, both on mobile and desktop?
> But that didn’t happen UNTIL Apple made their own and everyone else decided they wanted one too.
Please, PayPal has had it for over a decade...
Or, as someone from Apple wrote:
> The ability for apps like PayPal to handle payments in the browser requires the Payment Handler API [1]. We aren't announcing support for Payment Handler here, just Payment Request.
> It's not like we're actively restricting or blocking these apps, we just haven't written the code to do this.
This API was written by Microsoft, Google, and Facebook. Apple merely implemented it worst and (nearly) last, as usual.
https ://www.w3.org/TR/payment-request/
To add some context to the other reply: Apple doesn't take ANY cut of Apple Pay payments, even on native mobile apps. Apple does, however, require that app store apps ONLY allow the purchase of physical or similar goods with Apple Pay. For instance, they'll reject an app that uses Apple Pay to allow the purchase of eBooks, instead of the in-app-purchase API (which does take a 30% cut). This is why Kindle forces you to the web to buy eBooks, but allows you to buy physical amazon goods in the native app.
Similarly how you can use Apple Pay to call an Uber/Lyft in-app.
That said, Apple Pay is just a layer between you and the user's credit card - there's no functional difference at the transaction layer between accepting Apple Pay and having a credit card form in your App. This is why Stripe/Paypal et al. all 'support' Apple Pay. You still need a payment processor who can take the Apple Pay token and turn it into a transaction that puts money into your account.
The in-app-purchase API, however, directly charge's the user's credit card on file with Apple and is credited to your developer account as a payment.
TL;DR Apple Pay is a layer between customer and payment processor, IAPs are a layer between customer and merchant. Apple takes 30% of IAP. Payment processors of Apple Pay take a cut before passing payment on to merchant (Stripe is 2.9% + 30c/transaction, for instance).
You sure about those TOS requirements? Last I checked all you needed was a separate website providing equivalent service. If you charged for a subscription on the website, and you have an app too, then the user should be able to use your app since they've already paid the subscription.
Sorry, I may have been unclear. If you've already paid outside of the native app Apple won't prevent users from accessing the content (Netflix is an example of this). The rule only applies to purchasing within the app itself. Apple requires that if your app allows a user to purchase digital goods it must be via an IAP. There's no restriction on users accessing content they've already payed for elsewhere.
Somewhat related: It doesn't seem to be the case anymore but I have the distinct recollection of paying for Hulu through the iPad app as an IAP at a subscription price of $13.99/month only to discover Hulu was charging $11.99/month if purchased through their site. I think Apple cracked down on folks with different IAP pricing vs. direct subscription pricing, but for a while it was a very frustrating effect of the 30% cut that you're forced to give to Apple if you want to allow any in-app subscription on an Apple device.
Edit: I was right, they just recently dropped it when they rolled out their redesign
I know they don't take 30%, but I can't figure out what the cost is. According to Apple, it's free, but does the seller generally have to pay more in CC fees to get Apple Pay support?
The merchant pays anywhere from 1.6% to 3% of the transaction amount in fees to the payment processors/gateways. Part of this goes to Visa/MC and the issuing banks. Apple gets a cut from them and that's how they make money/break even. The Seller pays their card issuer directly or indirectly. You're not interacting with Apple pay support as Apple pay is not the one processing your payment - its simply storing your card securely and generating a payment token for the merchant when invoked.
That's up to the processor you (the merchant) sign up with, just like anything else. Apple takes 0.15% and that comes out of the card issuing bank's end.[1]
Quick 101 on how card fees work generally:
Card issuer banks (Citibank, Chase, Bank of America, etc.) contract with a card network (VISA, MC, etc.) and earn a standard fee schedule called Interchange (it's public, you can look it up, typically 1.x-2.x% depending on the card type). This is the bulk of where the card fees go, and often funds card rewards and benefits.
Meanwhile merchants contract with processors (e.g. Chase Paymentech, Heartland, First Data, Square, etc. etc.) who interface with all the card networks, marking up those interchange fees with their own margins. The processors may set up merchants with equipment, or maybe a third party POS vendor does that. But most fundamentally processors are responsible for any merchant-related fraud on the network.
That is why processor markups and merchant vetting procedures can vary -- and why Apple would never take the place of the processor. It's merchant-specific work and involves financially vouching for them. The less vetting the processor does (Square, Stripe), the higher the markup. The more vetting, the close to interchange the fee is going to be.
Nice! I just tried out the demo and it seemed to work (hopefully I don't have a charge on my credit card tomorrow, though!). One thing that I saw was that it took a while to do processing, though; something like 30 seconds. I'm not sure if this could be improved.
I’ve used Apple Pay on the web before and it’s quite fast. My guess is that some sort of side effect of the sandbox that I assume that little demo is running in.
“We’re pleased to announce that Safari 11.1 on macOS and Safari on iOS 11.3 now support the W3C Payment Request API for conducting Apple Pay transactions on the web.”
I’m not sure I understand the question - what other payment service are you thinking of? With this change developers can use the same code to initiate a payment no matter which browser they are in, instead of having to write custom code for triggering Apple Pay, that’s the win here. This doesn’t change how Apple Pay for the web works. You can use Stripe or any other merchant processor to process your Apple Pay payments, iirc.
The original specification and the Chrome implementation aren't restricted to a single payments app, such as Apple Pay:
> The browser then presents the payments UI to the user, who selects a payment method and authorizes the transaction. A payment method can be as straightforward as a credit card that is already stored by the browser, or as esoteric as third-party application written specifically to deliver payments to the site.
So if you have the PayPal app installed, you should be able to choose it as the payment method and so on.
My question is if the Apple implementation on Safari restricts the payment methods only to Apple Pay, bocking any other payment services or apps.
The ability for apps like PayPal to handle payments in the browser requires the Payment Handler API [1]. We aren't announcing support for Payment Handler here, just Payment Request.
It's not like we're actively restricting or blocking these apps, we just haven't written the code to do this.
The Payment Request spec is agnostic to payment methods. It doesn’t require implementors to support any particular method(s).
WebKit implements Payment Request, and Safari supports Apple Pay as a payment method. Other browsers that implement Payment Request might support other methods.
> WebKit implements Payment Request, and Safari supports Apple Pay as a payment method. Other browsers that implement Payment Request might support other methods.
Very nice. The web shops that’ve implemented Apple Pay already are much nicer to use than your average shop between elimination of the need to fill (or even auto fill!) addresses and the security of single use tokens.
Once web payments is implemented widely I’ll likely start avoiding shops that don’t implement them.
53 comments
[ 35.5 ms ] story [ 1865 ms ] threadGreat job guys!
I know Apple Pay's killer app when it was first announced was the ability to pay easily in-store, but I feel like this is actually a bigger deal. I never had much annoyance with whipping out a card at a grocery store, but paying for things online in a way that's ridiculously fast as well as secure has always been a dicey proposition. This is a huge leap forward.
You’d only get a card number when using the “basic-card” payment method, which Safari does not support.
Apple Pay provides a payment token instead, which does not reveal your physical card number.
Basically you don't have to worry anymore about merchants getting hacked and getting card numbers stolen, because the tokens they use in place of card numbers are tied to iPhone-based authentication (device possession + PIN/biometrics).
Seems like all the marketing around Apple Pay is about convenience, but security is a big part of the story.
Also I think you missed the part where Apple Pay doesn't involve 3 digit CVVs.
Then, payments would just stop getting through unless customers were willing to spend $40 (on a $60 purchase). That ended our little experiment. I couldn't care less about credit card companies' unwillingness to deal in child porn and Nazi propaganda. For us, they simply work.
The decentralised nature of Bitcoin has also been proven to be mythological anyway. You can't use it (or any other cryptocurrency) without access to centralised services for exchange and other services. And those companies will adopt the same policies as CC companies and banks as they grow larger, professionalize, and draw scrutiny.
The only positive was the small fortune that had accrued in the meantime. The earliest orders had exchange rates of around $100:1BC. We didn't care about it December or so, and got lucky again in that the problems with transaction costs both coincided with BC's peak and were the reason for us to cash out.
Maybe you were trying to be flippant, but it came off as somewhere between ignorance and slander.
Citation? PayPal/Venmo seem far, far ahead.
PayPal is widely supported online but I doubt they are far, far ahead in the real world, which I think is what people mean by "mobile" wallet.
Between Apple Pay, Samsung Pay, and Android Pay (which I believe recently got rebranded as just Google Pay), Apple Pay is ahead in userbase numbers by a considerable margin — perhaps not as much now as a year ago, but I doubt it was overtaken.
Does it only support Apple Pay? Kinda of a downgrade from Chrome and the W3 specification:
https://developers.google.com/web/fundamentals/payments/
https://www.w3.org/TR/payment-request/
Oh, and WeChat Pay has 600 million active users, far more than Apple Pay:
https://www.statista.com/statistics/744944/mobile-payment-pl...
How would they present that and make it clear to users that that’s far less secure than Apple Pay? Why would they do that?
Wasn’t this API basically invented to provide a standard complaint way of doing something like Apple Pay? Here you go.
No, the API invented so that the browser could act as an intermediary between many payment-requesting services and payment services, such as PayPal, PayTM, Apple Pay, etc.
They chose to limit support exclusively to Apple Pay, so that users won't have a choice.
This is not a case of “embrace and extend“ where Apple took something open and locked it down. This is a case of where existing functionality is now available any standards compliant way instead of having to use Apple’s custom JavaScript calls.
User still have the choice of entering their credit cards the same way they have for the last 20+ years. It’s not like you’re forcing ALL payment on the web through this.
I notice you didn’t propose a suggestion to the security/UI delima I mentioned. I am 100% willing to bet that’s why they didn’t add basic-card support. And it seems like a good decision to me.
This is a brand new API that basically no one uses. If websites start using it because they want to support Apple Pay and see it will be easier to support other payment methods on other browsers… isn’t that a benefit?
I don’t see how this is anything but a very positive move compared to the official way to support Apple Pay last month.
> But that didn’t happen UNTIL Apple made their own and everyone else decided they wanted one too.
Please, PayPal has had it for over a decade...
Or, as someone from Apple wrote:
> The ability for apps like PayPal to handle payments in the browser requires the Payment Handler API [1]. We aren't announcing support for Payment Handler here, just Payment Request.
> It's not like we're actively restricting or blocking these apps, we just haven't written the code to do this.
Edge's implentation: https://docs.microsoft.com/en-us/microsoft-edge/dev-guide/wi... Chrome's implementation: https://developers.google.com/web/fundamentals/payments/
Similarly how you can use Apple Pay to call an Uber/Lyft in-app.
That said, Apple Pay is just a layer between you and the user's credit card - there's no functional difference at the transaction layer between accepting Apple Pay and having a credit card form in your App. This is why Stripe/Paypal et al. all 'support' Apple Pay. You still need a payment processor who can take the Apple Pay token and turn it into a transaction that puts money into your account.
The in-app-purchase API, however, directly charge's the user's credit card on file with Apple and is credited to your developer account as a payment.
TL;DR Apple Pay is a layer between customer and payment processor, IAPs are a layer between customer and merchant. Apple takes 30% of IAP. Payment processors of Apple Pay take a cut before passing payment on to merchant (Stripe is 2.9% + 30c/transaction, for instance).
Somewhat related: It doesn't seem to be the case anymore but I have the distinct recollection of paying for Hulu through the iPad app as an IAP at a subscription price of $13.99/month only to discover Hulu was charging $11.99/month if purchased through their site. I think Apple cracked down on folks with different IAP pricing vs. direct subscription pricing, but for a while it was a very frustrating effect of the 30% cut that you're forced to give to Apple if you want to allow any in-app subscription on an Apple device.
Edit: I was right, they just recently dropped it when they rolled out their redesign
https://www.macrumors.com/2017/12/21/hulu-apple-itunes-billi...
Quick 101 on how card fees work generally:
Card issuer banks (Citibank, Chase, Bank of America, etc.) contract with a card network (VISA, MC, etc.) and earn a standard fee schedule called Interchange (it's public, you can look it up, typically 1.x-2.x% depending on the card type). This is the bulk of where the card fees go, and often funds card rewards and benefits.
Meanwhile merchants contract with processors (e.g. Chase Paymentech, Heartland, First Data, Square, etc. etc.) who interface with all the card networks, marking up those interchange fees with their own margins. The processors may set up merchants with equipment, or maybe a third party POS vendor does that. But most fundamentally processors are responsible for any merchant-related fraud on the network.
That is why processor markups and merchant vetting procedures can vary -- and why Apple would never take the place of the processor. It's merchant-specific work and involves financially vouching for them. The less vetting the processor does (Square, Stripe), the higher the markup. The more vetting, the close to interchange the fee is going to be.
[1] https://www.digitaltransactions.net/apple-pay-no-charge-for-...
https://developers.google.com/web/fundamentals/payments/
https://www.w3.org/TR/payment-request/
“We’re pleased to announce that Safari 11.1 on macOS and Safari on iOS 11.3 now support the W3C Payment Request API for conducting Apple Pay transactions on the web.”
"W3C Payment Request API for conducting Apple Pay transactions"
My question is: is this only for Apple Pay? Safari won't support any other payment method/service?
> The browser then presents the payments UI to the user, who selects a payment method and authorizes the transaction. A payment method can be as straightforward as a credit card that is already stored by the browser, or as esoteric as third-party application written specifically to deliver payments to the site.
So if you have the PayPal app installed, you should be able to choose it as the payment method and so on.
My question is if the Apple implementation on Safari restricts the payment methods only to Apple Pay, bocking any other payment services or apps.
It's not like we're actively restricting or blocking these apps, we just haven't written the code to do this.
[1] https://w3c.github.io/payment-handler/
Is my guess right that such code will never be written?
WebKit implements Payment Request, and Safari supports Apple Pay as a payment method. Other browsers that implement Payment Request might support other methods.
Edit: spelling
So Safari ONLY supports Apple Pay?
Also, Chrome on iOS has to use the Safari rendering engine, since Apple blocks third party rendering engines, so not sure if that would actually work.
Essentially, that's Apple making sure that if you have an iPhone, you can use any payment method, as long as it is Apple Pay.
Once web payments is implemented widely I’ll likely start avoiding shops that don’t implement them.