Many Apple Pay Customers Confuse Simplicity with Vulnerability

| Particle Debris

The iPhone and Apple Watch contain sophisticated security and encryption protocols for use with Apple Pay. To make it very easy for customers, Apple has brilliantly made the setup and use incredibly simple. Has that simplicity fooled customers into thinking that the Apple Pay process is risky and makes them vulnerable? A Pew study suggests that potential customers mistake the simplicity for various kinds of vulnerabilities, and they shy away.

Apple's Eddy Cue introduces Apple Pay.

Long ago, Apple correctly concluded that if the Apple Pay set up and use were too geeky, confusing and time consuming, no one would adopt it. The company was, of course, right. And so, Apple engineers created an exceptionally easy way to pair a personal credit card with the iPhone and its Apple Pay and NFC payment subsystem. For many young people, comfortable with other mobile operations, who did some casual reading and learned about Apple Pay basics and security, there hasn't been much of a problem.

However, a Pew study last month has uncovered some unsettling customer tendencies. "Who Uses Mobile Payments?" While the study found at 46 percent of American consumers have made a mobile payment, usually a purchase, it also found that....

Consumers often don’t know how mobile payments compare with other payment methods in terms of convenience, cost, privacy, and security.

The study goes on to point out that...

Millennials and Gen Xers in particular are motivated to use mobile payments in part because they like receiving rewards, discounts, alerts, and electronic receipts. Consumers are also interested in avoiding fees, such as overdraft or check cashing fees, and using their smartphones to help them budget.

However, the report also surfaced some concerns that consumers have about mobile payments. The biggest concern, shared across all age groups, is the loss of funds or identity theft. They also worry that retailers and others are collecting information about them, including "tracking their locations when they execute financial transactions."

The report concludes, in part....

Across generations, concern about the safety of mobile payments technology is the biggest obstacle to use. Specifically, consumers are concerned about the potential for identity theft or loss of funds. ....concerns and uncertainty about the safety of mobile transactions and the lack of systems for depositing cash directly onto mobile websites and smartphone apps may be holding back this technology. Addressing these deficiencies could increase adoption....

Technological Myths

Part of the problem here may well be that Apple has done too good a job hiding the technical details of the transaction which could, by their process, provide warm fuzzies to the consumer about the technical means used to protect them. It's a double-edged sword, however. If the friction in activation and use is too high, consumers won't take the time to activate Apple Pay.

Another part of the problem is that the ease of activation, use and user interface often leads Apple customers to make incorrect technical assumptions.

  • If one takes a picture of the credit card in the Wallet app, the number must be stored in the iPhone, right? (Wrong.)
  • If the Wallet app displays the last five digits of the credit card number, then the rest of the number must be in there—and transmitted when the payment is made, right? (Wrong.)
  • If one loses their iPhone, someone else could extract the credit card number from it, right? (Wrong.)
  • When one makes an Apple Pay payment, Apple is able to track exactly what was bought and where, right? (Wrong.)

Apple and merchant partners have done a really good job of making the case for how easy it is to make an Apple Pay payment. What hasn't happened is communication to the customers by the banks and Apple as to why this is a preferable form of payment, probably for political and competitive reasons. And the incredible ease of use of Apple Pay has no capacity, in itself, to make a visible affirmation to the customers as to why it's more secure. That's why almost every merchant and casual customer I've talked to says, "Apple Pay? Isn't that insecure?"

The whole experience is just too simple and easy to be judged as trustworthy by many. That unexpected consequence could well be Apple's next marketing challenge.

Page 2: The Tech News Debris for the Week of June 13th.  AI Agents are cool. AI Agents could be dangerous.

Popular TMO Stories



The Merchant - the company you are buying the goods from - obviously *does* know and can track what you bought *from them*.

I think you meant to clarify that Apple don’t know what you bought. But the card networks sometimes know, because merchants submit extra data to their payment providers (see level 3 credit card processing) in return for better (lower) fees.


My understanding is that ApplePay only provides a one time token to the merchant, so the only thing that the merchant would know is that a customer bought a pack of gum, but wouldn’t know the same customer came back later and bought a frozen pizza. They would think it is two separate customers.

Now, if the merchant provided Level 3 data to the bank, the bank would know you purchased both items, and generally you can get this information from the bank as part of your credit card statement, but my question is this.  Does the merchant statements from the bank include the Level 3 data?


@jrguk if you use Apple Pay, ask the cashier what the system states your name is. I use Apple Pay all the time to buy groceries and instead of displaying a name like when I use a plastic CC, when I use Apple Pay it displays “Valued Customer”. So the only way they will know is if you use a loyalty card or Apply Pay where loyalty card is integrated.

John Martellaro

jrguk: I meant Apple. Apple, of course, has made a big thing out the fact that it doesn’t want to know.


I would not trust anyone to entrain my brain as wants.

IMO, that is communicating with and training your subconscious—which is very powerful—without you being aware (conscious) of it.  That’s a situation ripe for misbehavior—like getting you to vote a certain way or to send money to some entity— or prompting you into criminal acts, like getting you to shoplift or attack someone, etc. And our institutions are too corrupt and lacking credibility to assure that nothing nefarious would happen. There is no way I would allow that voluntarily.


As of a few weeks ago I got an iPhone that can handle ApplePay, and we have one CC that is supported. So why Have I not started using it? Not for security reasons. I understand that it’s far better than most any other way of paying. No, it’s more a fear of embarrassment. Clerks have never heard of it. Stores don’t put up an ApplePay Accepted Here sign, IT’s like this mythological thing. Honestly I know I can whip out my debit card or MC anywhere and it will work. ApplePay may be the best thing since sliced bread but honestly I don’t want to be stared at or rejected. It would be the merchant’s fault but they would act like it was mine.

John Martellaro

geoduck. I take a different approach.  I say, “I’d like to pay with my Apple Watch” and smile.  Sure, they often don’t know what I’m talking about. But I feel like I’m doing my part to educate people and inspire them. I explain how it would work, and they’re genuinely interested.

Every once in awhile, a clerk will smile when I try Apple Pay and it happens to work. They’re amazed.

My barber, a woman, uses a Square Apple Pay gadget that connects to her Samsung Galaxy phone via Bluetooth, and it works. So there are pockets of knowledge that delight ... here and there.

We’ll get there.


@geoduck I love being the first person to use it at place that has no clue, the person is amazed and I actually enjoy letting them know how secure it is compared to the chip and strip. Although Apple has yet to give me a commission for evangelizing the tech, the more people that know the more people that will ask for it, the more stores that will support it and the more secure the whole payment process is. Can wait for my bank and credit union to roll out ATMs that support Apple Pay.


I think it’s terrific, and it’s proof that the Googles and Facebooks of the world are lying about the ‘need’ to invade privacy to support their advertising aims. Sooner or later that is going to cease being a viable business model, and if they don’t find a way to generate income honestly they will be well and truly ******.


“ uses an artificial intelligence to compose music that is designed to enhance your brain’s performance—decreasing anxiety, improving focus, and alleivaiting insomnia through neural entrainment.”

Sounds like the second coming of Muzak to me.  Oh check that, just did a search, they’re still around.


Good observation. It’s amazing to me how many modern innovations are actually just ideas from the past that faded into or obscurity or died because they were stupid. raspberry


Agree with previous post… Reason I don’t use it is because most merchants in my area that do accept it have no idea how it is supposed to be used.  It is easier to just pull out my credit card.  If I use Apple Pay they still want to see ID and ask for the card number, which isn’t the payment card.  It really is absurd.



@diverreb “All the networks allow a merchant to ask for identification. MasterCard and Visa, however, explicitly prohibit retailers from requiring an ID to accept a properly signed card. “They can ask for that ID, but you can refuse to show the ID and they still must accept the card,” says Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, a nonprofit that advocates for consumer privacy rights.”


Do this, do that,  just reminded me of the movie Compliance, interesting take on how we tend to not question what we are asked/told to do.



You’ve got a lot to choose from in this week’s PD, sadly more than I have time to do justice. Just a couple of picks.

Concerning Apple Pay simplicity vs vulnerability, the PEW survey provides a service for companies, like Apple, trying to cultivate a mobile payment market, by identifying important knowledge gaps and barriers to adoption, on the one hand, but still leaves other important information unexplored. Indeed, surveillance and the gathering of sufficient data to thoroughly address a question is not simple, and more often than not, will raise more questions than are authoritatively answered.

What is not clear from the study is whether there is a causal relationship, as your title suggests, between the simplicity of the payment system and user uncertainty regarding its security. Simplicity reduces one barrier to adoption, but it might bear no relation to the user’s understanding of its methodology or security relative to other known technologies, like credit cards. Mobile payments appeared to have been lumped together without differentiation by company or technology. It would have been instructive, had they been able to differentiate by company, technology (were all NFC-based?) and age/education, and then to correlate the above with range of mobile payment activity. Admittedly, there is always a cost for adding more questions, including respondent’s time, which will limit the number of questions. I say this only because it is plausible that there might be secular differences by either demographic, client base, or by relative literacy in tech. Particularly, I suspect that many of those using Apple Pay might differ from those using other services, if for no other reason than the lack of supportive infrastructure from those other service providers (like Samsung) compared to Apple. Nonetheless, all interested companies would do well to address these skip lesions of understanding in mobile payments systems.

Regarding AIs and music, there is a growing body of literature on the neurosciences behind therapeutic input (including music) and brain responsiveness, concentration, memory, arousal and attentiveness, and recovery from traumatic brain injury and other altered states. The data are growing and still in their early stages, but already there has been a growth in emphasis on the use of multi sensory input, including music, for therapeutic use, and it is a natural outgrowth of this field that computers, hence AI, would be used to help create such music based on empirical data from trials. Though what have on offer is intriguing, this will only get better over time.

Tim Bajarin and Rick Tetzeli’s respective pieces complement each other in pointing out that Apple are quite serious about building what Tim Cook describes as a platform. This, plus Apple’s commitment to empowering people with meaningful tools, not just the hardware, but software creation tools like Swift Playground, clearly were emphasised at this year’s WWDC, and contrasts with not only many of Apple’s tech competitors but the many pundits who doggedly insist that Apple conform to their competitors’ practices. No need to comment on the inherent contradiction of that latter advice. Suffice it to say that Apple have created a platform, buttressed by multiple devices and services, that permit, with limited but growing robustness and capability, users to interchangeably work, singly and in collaboration, on a common body of work or play from multiple devices with minimal slippage in productivity. No mean feat, nor a chance confluence but longterm strategy reflecting foresight and ingenuity to make these operating systems work so well together. Not sure the competition saw that coming, but it will be interesting to see which among them attempt to follow suit. 

Lastly, I enjoyed the piece by Katie Notopoulos, and identified more than a little of myself in her depiction, or dare I say skewering, of ‘Apple Man’. Ouch.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account