The recent security breach at Capital One serves as a stark reminder of the potent threat of cybercrime to the financial services industry. Though no sector is immune, financial services firms carry a special burden to protect their clients, considering a person’s brokerage, banking or retirement account can represent the sum of a lifetime of work. This month, Apple and Goldman Sachs establish a foothold with a mass market, ultra-secure credit card product.
Results from Corporate Insight’s proprietary 2018 Bank Survey offer a positive outlook for the Apple Card’s potential, with 57% of survey respondents using their iPhone as their primary access point for their bank accounts. Additionally, among general attributes rated in the Bank Survey, app security garnered the greatest importance rating from all respondents, with 93% considering it “very important” or “extremely important”.
Apple relies on biometrics for account authentication in place of the more traditional, and less secure, user ID and password combo. Apple’s FaceID is used to unlock all aspects of the Apple Card experience, including the lock screen transaction notifications, the Wallet app itself and the Card Information interface where customers can view their Apple Card numbers. Each Apple Card is associated with three individual and distinct card numbers associated with the physical titanium card, an Apple-Pay specific number and third card number that can be used for online purchases. Apple provides the full number, expiration date, security code and network for the third number, but as a security protocol only displays the last four digits of the Apple Pay number and physical card for reference. Additionally, the card number token is stored on the phone’s Secure Element, a chip that is separate from the phone’s operating system; Apple also does not include any standard information—outside of the card holder’s name and the Apple, Goldman Sachs and Mastercard logos—on the physical card. Capital One is the only firm in the Credit Card Monitor 11-firm coverage group to list customers’ card number online with the expiry and security code information. However, virtual card numbers are becoming more common with the goal of maintaining the security of physical cards: Bank of America, Citi and Capital One all support programs that generate virtual card numbers, expiration dates and security codes that let users complete one-time purchases or set up recurring charges online.
Apple provides straightforward and clear UPS tracking notifications—for every status change including after shipping, out for delivery and successfully delivered—that helps new card holders track the delivery of their physical card. After requesting a physical card, the Wallet app links to card tracking from a home screen notification. This level of tracking is rare among the firms we track, though Discover lets card holders enroll in New Card Tracking SMS text alerts, and automatically sends these alerts to the card holder’s primary email address on file.
The Apple Card also offers other interesting features. It stands out for providing real-time reward earnings as soon as transactions post; surprisingly, most firms in the Credit Card Monitor coverage group do not update reward balances until after a statement cycle ends and the billing period closes. Additionally, the firm facilitates categorical card payments. The visual payment wheel includes preset ticks to pay suggested amounts of the current balance: pay suggested amounts of the current balance including the option to pay a third of the balance or pay an amount that covers all shopping spending. These preset options are designed to help lower or avoid interest charges for clients who are unable to pay their balance in full. Other firms—including Chase and U.S. Bank—historically let card holders enroll in programs to pay off only certain categories of spending each month along with the minimum amount due, but never with the flexibility of choosing categories for one-time payments.
Despite positive security features and other interesting aspects of Apple Card, the notifications and overall alerting-style leaves something to be desired. In the Corporate Insight Bank Survey, 64% of respondents indicated that mobile alerts are “very important” or “extremely important” to them. With Apple Card, customers can Allow Notifications with a toggle switch within a Transactions section of the Wallet app overflow menu, but cannot customize any other alert preferences. While convenient, push notifications can become lost in a jumble of other push notifications with widely varying importance levels. Additionally, while the Wallet interface includes past notifications, they do not hold a prominent position, are easily dismissible and could be overlooked. Apple Card alerts, such as those the firm provides for Card Shipped, appear in the same display as those it provides when customers make a purchase or a payment, or when they earn rewards without any indication of importance or action required. Potential fraudulent events or more unique occurrences should be presented with a greater sense of urgency, and in a way that differs from simple transaction, payment and reward alerts.