When Apple Pay was announced last week, I very quickly saw IT folks at retailers and elsewhere saying it was old technology. Platform partisans were quick to point out that Android phones have had the required NFC chips for several years, and Google has its own wallet technology. I also heard CIOs quickly declare that because Apple was a technology company, Apple Pay would not be secure.
Those reactions were, to be blunt, stupid. And they're emblematic of the dilemma that IT finds itself in: unloved by users, distrusted by managers, considered an incompetent, expensive, yet necessary evil to keep thing running. InfoWorld's editor in chef, Eric Knorr, was asked at a recent VC conference about IT's role in this era of cloud computing and technology-savvy users, and the question brought him short, as it did his fellow panelists. Houston, we have a problem.
Although the "think different" theme is now cliché, it does speak to a core reason why Apple is Apple and no one else comes close. If IT organizations and their management partners understood the Apple way, perhaps they could become Apples in their spheres: groups that make real money even without majority market share, loved by their customers, and able to drag much of the industry along. I've followed Apple as a user, reporter, and editor for 23 years, and what makes Apple Apple is quite clear.
Lesson 1: Work through the whole problem
There are no silver bullets. Yet so many people think adding this technology or that business relationship will magically make them succeed. When Google convinced its Android makers to add NFC to phones, the banking industry and retail industry ignored it. Many phone carriers even blocked the service from using their networks. An NFC chip may be useful as the communications mechanism, but the issue is deeper.
The payments issue is complex, but a key challenge was that the customer credit card data was being stolen both at the point of sale through magnetic skimmers and shifty employees, as well as from the data centers by insiders working with cyber criminals. Moving the credit card data from a magnetic strip to a chip-and-PIN to NFC does you no good if the sales terminal is compromised, as we saw with Target last year and with Neiman Marcus and Home Depot this year.
If you move valuable information through lots of networks and accessible devices, you have an indefensible perimeter. Apple Pay does away with that issue by sending one-time codes from the iPhone to the sales terminal, matched to a unique user ID. The reconciliation happens on the back end through presumably highly secured, low-footprint connections.
On the phone, the unique ID is stored on the Secure Elements chip, inaccessible from apps. The fingerprint in the Touch ID is likewise stored in that chip. Thus, the attack surface is smaller and hardened, and the data is abstracted from the credit card itself. (John Beatty has written a great technical description of what Apple is doing on the security front for Apple Pay.)
To develop Apple Pay, Apple had to work through several issues: the communications technology, the security issues (on the device, at the sales terminal, and at the data centers), the user experience, and the card collection method (through the Passbook app, in this case).
Note "user experience" -- this is an area where IT usually fails. Technical persona are different than business persona, but that's become a convenient "why we can't" explanation to keep IT down. People use technology, and it needs to feel and work "right." As long as IT ignores this or pays lip service to it, it won't be working through the whole problem it needs to.