https://www.apple.com/newsroom/2024/01/apple-announces-changes-to-ios-safari-and-the-app-store-in-the-european-union/

My summary analysis

1. Terrible idea that will lead to significant new fraud vectors
2. Consumers won’t migrate away from Apple’s Wallet with tap and pay AND inApp payment AND browser eCommerce. At least not for a single bank. 
3. No impact to V/MA. While there are potential changes to network tokenization and provisioning, the NFC payment app must still be a network app issuing app because the payment acceptance terminal has a corresponding acceptance app. For example, A SEPA DD could be NFC enabled only if the bank issues it, and creates both an issuing app, and the acceptance app, with the merchant (and processor) allowing it. 
4. Very Minor impact to Apple’s marketplace revenue (1-2%), and potential reduction in ApplePay transaction fees estimated to be 3-5bps in EEA (less than 10 bps of overall Apple services revenue)
5. Other wallets have had access to Android’s NFC since 2012 (see HCE), with no impact. Banks could have built tap-to-pay wallets there. As Australia’s competition regulator found.. the real quest for banks gaining access to NFC was to PREVENT their cards from competing at every transaction. 
6. Technically, Apple has pursued a route almost identical to Google in Host Card Emulation (HCE). This is a 100% software solution see  https://developer.apple.com/support/hce-payment-transactions-in-payment-apps/

Key Points

1. Only in EEA (NOT UK)
2. Only approved Banking and Wallet providers can gain access to API in iOS 17.4
3. Consumers can select the default “tap to pay” app triggered by NFC
4. Apps will be “notarized” regardless of distribution channel. 
5. No mention of opening secure enclave or changes to APIs. 
6. Bank payment apps would not work with app store or  eCom “Pay with Apple”. Thus a new bank payment app would need to integrate to any new app store. This is a 20 yr project against a well established consumer champion
7. Consumer privacy degradation. While Apple will make best effort to retain the security of the platform, payment app data will need to sit outside of the secure enclave. 
8. ALl of this has been available on Google for 10 yrs. Nothing has happened. EEA wants to force open everything.. banking, payments, platforms. A world where no one builds competitive advantage is a world without a margin for infrastructure investment. Free is a great technical model.. but a really crappy business one. 

US Impact?

The US CPFB is following the EU’s efforts in this space, and has created a proposal to oversee Apple’s wallet role in November. 

There is still a possibility that Apple can delay a US expansion of the EU’s MFA efforts in the near term. The most interesting impact, should Apple expand the NFC API will be to PAZE in the US. 

The PAZE wallet will be eCom first, with a potential to expand to Tap and Pay.  There are numerous challenges however. PAZE banks would still need to convince merchants to add a PAZE acceptance app on their contactless terminals, or convince Visa/Mastercard to allow Paze to run on their networks. Mastercard would be the leading candidate here as they already allow for back to back transactions in US and EU. 

This could also re-invigorate PayPal’s quest to penetrate the POS and potentially give new value to DFS as an alternate merchant acceptance approach.