Vestager snubs Apple’s security claims for iPhone payments – POLITICO | #ios | #apple | #iossecurity


Apple may have a hard time convincing EU antitrust regulators that keeping iPhones secure is enough to warrant Apple Pay’s exclusive access to tap-and-go functionality.

“Evidence on our file indicates that Apple’s conduct cannot be justified by security concerns,” Margrethe Vestager, the EU’s competition chief, told reporters at a press conference yesterday. “Our investigation to date did not reveal any evidence that would point to such a higher security risk.”

Security has been a constant theme for Apple. The company tried hard — and failed — to sway negotiations on the Digital Markets Act (DMA) and throw out new ‘sideloading’ obligations that will prohibit Apple’s App Store from blocking certain third-party apps. The company argues that such apps could expose the phone to software vulnerabilities. Apple Chief Executive Officer Tim Cook even said that the DMA would “destroy the security of the iPhone.” 

Apple’s digital wallet holds virtual versions of credit and debit cards as well as tickets for concerts and flights. People can pay with these virtual cards through the iPhone’s near field communication (NFC) technology antenna, which transmits payment information from the back of the smartphone to a shop’s terminal or cash register.

Access to the NFC antenna is closely guarded. Apple only grants its use under certain terms and conditions, and a fee, that some 2,500 banks and 250 fintech firms have agreed to. If a company falls short of these standards, the antenna is blocked.

These strict standards are central to ensuring that the payment data iPhone holders accumulate is protected from hackers, according to Apple. Representatives from the company point to research from 2016 by Europol, which flags how some hackers had been able to steal card data from smartphones with less stringent safeguards.

Security concerns were also flagged by some in the U.S. government, who circulated a series of letters to EU negotiators at the heart of the DMA talks, claiming that the law imperiled online security. 

Vestager’s latest Apple probe

But for Vestager, the security argument simply won’t wash for her latest antitrust probe, which adds to an earlier case targeting Apple’s restrictions on in-app purchases for music-streaming services such as Spotify Technology. It also comes after a bruising EU battle over Apple’s tax arrangements with Ireland that Cook once slammed as “political crap.” Apple won its first appeal against the EU case in 2020 and Vestager is now challenging that at the bloc’s top court.

“Apple claims that for security reasons it cannot provide access to NFC for payments,” Vestager said on Monday. “According to Apple, security risks would increase if access were to be granted to third parties.”

She seemed to be readying herself for Apple’s response to a 200-plus page statement of objections sent on Monday, likely to focus on the benefits of a closed payment system that may offer higher levels of security and increase customer confidence in new forms of payments. Apple can respond in writing or seek an oral hearing to defend itself before the Commission decides on fines that can be as high as 10 percent of global revenue.

Apple also insists that its payment solution is only one in an open field.

“Apple Pay is only one of many options available to European consumers for making payments, and has ensured equal access to NFC while setting industry-leading standards for privacy and security,” a company spokesperson said.

The security argument didn’t stop the German parliament in 2019 passed an amendment to an anti-money laundering law to open NFC technology up to rivals.

“Apple’s traditional justification that it does not hold market power or its restrictions are needed for security reasons have failed to convince any regulators,” said lawyer Damien Geradin, who advises several app developers in other cases against Apple.

The Digital Markets Act connection

Apple’s conduct in the payment space would have been outlawed under the EU’s recently adopted DMA if the rules were in force during the period that investigators are looking at, dating back to 2015, Vestager said.

“When it enters into the force, the Digital Markets Act will have a direct effect on digital payments. It will require companies designated as gatekeepers to ensure effective interoperability with hardware and software features they use themselves in their ecosystems. This includes access to NFC for mobile payments,” she told reporters. 

Monday’s escalation of the Apple Pay case shows that the Commission is in no mood to rein in antitrust enforcement in the digital economy, despite the recent adoption of the new rules which broadly lay out new dos and don’ts for Big Tech giants. 

For industry stakeholders, ensuring a sense of continuity in competition enforcement until the Big Tech giants are brought in line with the DMA’s new obligations and prohibitions is vital. 

“Given its widespread use and acceptance, having access to NFC technology is crucial in today’s payments market,” said Madalena Cascais Tomé, CEO of Portugese payments fintech SIBS. “Today’s decision, together with the political agreement reached in the Digital Markets Act, has the potential to foster innovation in the mobile payment market to the benefit of European consumers.”

On the other side of the debate, there are voices calling for the Commission to be taking a closer look at the security risks that greater interoperability protocols may entail.

“I wish the European Commission would address tradeoffs between security and interoperability in this new case against Apple,” said Thibault Schrepel, Associate Professor of Law at VU Amsterdam. 

“This would require the European Commission to tell us which security risk the agency is willing to impose on companies in exchange for more interoperability.” 

Apple is also fighting antitrust battles in other parts of Europe. The Netherlands’ competition authority separately said Monday that Apple’s offer to create fair payment conditions for dating apps fell short and that enforcers are now seeking a new order, which would allow them levy more fines. Apple has already had to pay €50 million for failing to comply with an earlier order to permit dating apps such as Tinder to use alternatives to Apple’s own payment system for in-app purchases in the Netherlands.

This article is part of POLITICO Pro

The one-stop-shop solution for policy professionals fusing the depth of POLITICO journalism with the power of technology


Exclusive, breaking scoops and insights


Customized policy intelligence platform


A high-level public affairs network





Original Source link

Leave a Reply

Your email address will not be published.

42 − = thirty seven