As expected, Apple has announced that merchants (US-based only at first) will be able to accept Apple Pay and other contactless payments using only an iPhone and appropriate app. Apple has clearly made good progress integrating the technology it acquired with the $100m purchase of Mobeewave in 2020.
This will be a significant disruption for point of sale transactions, removing the need for separate card readers and the costs and inconvenience that goes with them. But I hope it also shows where identity will head next: towards the anonymous “proof of something” (such as age) without releasing personal data (such as date of birth) that I’ve long been waiting for.
Apple already provides various layers of anonymity in payments and other areas, such as its iCloud Private Relay service . And importantly:
All transactions made using Tap to Pay on iPhone are encrypted and processed using the Secure Element, and as with Apple Pay, Apple doesn’t know what is being purchased or who is buying it.
Surely it can’t be long before it does the same with identity, enabling us to “tap to prove” rather than “tap to pay”? That would give us the ability to have secure, private identity both face-to-face and online (as with Apple Pay at the moment). And where necessary it could create an automatic alias for us when we prove who we are or something about ourselves — just like I already do using Apple’s infrastructure when I’m on websites that require my email address (and which now only get a random alias email address).
This is the sort of disruption I was discussing with DCMS when they were drafting their Digital Identity and Attributes Trust Framework. It brings alive the prospect of the user-centric, private and secure approach to identity that I discussed in International standards and digital identity and in various previous pieces, including in this one in, er, 2006 when data-leaking and insecure “ID cards” were being debated!
If Apple adds identity as a service, as I assume it will (and the sooner the better), it means trusted digital identity can finally happen — only a decade or two on from when we originally needed it!
It’s not just the incumbent point of sale and other financial service providers who need to take notice of Apple’s announcement, but governments too — otherwise they may find their slow-moving efforts to create old-fashioned monolithic single sign-on, centralised identity services and bespoke frameworks rapidly obsoleted by consumers putting their money (and identity) where their smartphone is.
This article first appeared as an update appended to my November 2020 post, ‘International standards and digital identity‘.