Apple's new Sign In is like Apple Pay — but less

Register now

After criticizing the prevalence of social sign-in buttons on the internet, Craig Federighi, Apple's senior vice president of software engineering, unveiled one of his company's own. It's essentially Apple Pay without the payments.

Apple is following a trend in the payments and mainstream technology industries to push back against the amount of data collected from consumers and shared with merchants. In payments, this is manifesting in Secure Remote Commerce (SRC), a.k.a. the universal “buy button” — essentially a "guest checkout" feature that relies on bank apps for authentication.

Apple Pay already serves the same purpose. When a consumer uses Apple Pay to pay a merchant, the merchant sees only a token. This means the merchant has to rely on Apple and its bank partners to vet the payment, but this process also shields sensitive payment information from merchants that consumers don't want to share. In a mobile payment authentication is handled on the device.
Sign In with Apple is the same process boiled down to the bare minimum. Apple shields most identifying information from the merchant — and even anonymizes the email address, if the consumer requests it — as a way to limit the merchant's access to the customer.

The downside is the consumer may feel locked into the Apple ecosystem. Federighi didn't explain how to handle sign-ins from a non-Apple device. And he didn't explain at what point consumers will have to create a full profile with merchants if they want to do more than just get past a login prompt. Will "Sign In with Apple" merchants need to accept Apple Pay?

Whatever the outcome, this is a good thing for the payments industry since it lays the groundwork for projects like SRC, which is due to launch this summer. The same consumers who are inclined to use Sign In with Apple are likely to want a similarly bare-bones way to pay online — and they won't want to type a card number if they can keep it with a trusted entity such as a bank.

“Bad things happen when cards are manually entered,” said Elliott Goldenberg, vice president and product specialist for digital payments and labs, products and innovation at Mastercard, at SourceMedia's Card Forum last month in New Orleans. “It’s rare that the card-on-file vault breaches. It’s malware at the point of entry, so if we can remove that, it’s a pretty big step,”

SRC’s enrollment process, which takes place in a bank-controlled environment, combines with other security methods like 3-D Secure to provide a “far richer set of data” for combating fraud, Goldenberg said.

SRC, like Apple's new sign-in, is meant to take the place of a guest login. It can be used as the first step in the process of creating an account with a merchant, but it doesn't have to be. Ultimately, both SRC and Apple are trying to improve trust by removing friction.

For reprint and licensing requests for this article, click here.
Mobile payments Authentication Security risk Apple ISO and agent