What the Apple Card means for consumer privacy

Updated March 25, 2020: We’ve updated this article (in italics) to reflect new changes Apple has announced to their Apple Card.

What’s the Apple Card?

In late March 2019, Apple announced a set of services including the Apple Card, a credit card for consumers. In the presentation (and on the Apple Card web page), Apple highlights the privacy-focused nature of the card. On August 20th, Apple released the card to the public, making it available to anyone with an Apple device (more on that later).

We believe this new card marks a significant improvement in how the credit card industry manages consumer data. Before delving into the privacy issues, here’s what we know about the card.

  • The Apple Card is a Mastercard issued by Goldman Sachs (Apple’s banking partner in this endeavor).
  • There’s an associated app that allows you to check balances, transactions, and more and this app is required to pay off the credit card.
  • The card can be used alongside Apple Pay.
  • Rewards come in the form of Daily Cash back, available for use via an Apple Cash card.
  • Apple markets a no-fee structure (annual, cash-advance, over-the-limit, or late fees).

Now for the privacy and security details.

  • The physical card only gives away the name of the cardholder – there are no account numbers, expiration dates, or security codes found on the card.
  • When an Apple Card is activated, a unique device number is generated on the iPhone and used as a form of authentication (alongside a one-time dynamic code generated by the iPhone) to authorize the purchase.
  • You can initiate the one-time dynamic code generation using Face or Touch ID.
  • Theoretically, this means that someone who’s stolen your phone can’t make purchases on your card.
  • The app allows users to lock a card in the case of theft or loss.

One thing to note is that an Apple device must be paired with the card or else purchases can’t be authorized (and its bills can’t be paid).

Here’s what we think is the most important part of this credit card rollout. We’ll quote Apple directly (emphasis ours).

“Even Apple doesn’t know what you bought. Or where. Or how much you paid.

At Apple, we firmly believe in your right to privacy. That’s why we created a unique architecture for Apple Card that generates things like your transaction history and spending summaries right in the Wallet app on your iPhone.

Of course, Goldman Sachs will use your data to operate Apple Card. But they will never share or sell your data to third parties for marketing or advertising.

It remains to be seen if there is any devil in the details — Apple marketing could be slightly ahead of the Goldman Sachs reality – but clearly this is many steps in the right direction.

Update: Apple recently changed their privacy policy regarding what they share and how they share. They are sharing more data with Goldman Sachs in an anonymized and aggregated way – the reasoning is too allow more individuals access to credit (and thus access to the Apple Card). They’re also providing an option to share more data but only as an opt-in feature. While anonymous data can be de-anonymized, we still think the Apple Card is by far the best credit card when it comes to privacy, despite these updates.

Credit cards and privacy haven’t mixed well

Credit cards have never been good for privacy and they aren’t getting any better (the Apple Card being one exception). Credit card companies have always shared and sold your data with other organizations, marketing companies, and financial partners (they tell you as much in the little packet that comes with your card). 

As this article shows, the spend to acquire data being sold by credit card companies (marked as ‘alternative data’) is expected to reach $400M by 2021. Also note that the article names Mastercard as one of the involved parties. There may be a chance that while Apple won’t see your purchase and transaction data, Mastercard might and they’re likely using and selling that data.\

This article from the Washington Post also details how any given credit card purchase siphons your data to any number of companies. This includes the retailer, the credit card issuers (Visa, Mastercard, etc), any co-branded partner (for example, an Amazon credit card, a hotel credit card), the point of sale system, and if you’re using Samsung or Android Pay, them too. Post-purchase, many financial apps that track your transaction data might be selling that information as well.

Up until the mandatory EMV chip upgrade, credit cards were also very susceptible to hackers and the risk is compounded whenever you use your card online. This problem continues to increase given how online spending has soared throughout the next few years.

Is the Apple Card better for privacy?

It appears to be.

If your purchase and transaction data are not being sold, that’s already a significant improvement. It keeps your decisions private and limits the reach of companies building profiles on you and making suppositions because of what you buy or where you shop. That’s a big deal.

The card also seems significantly better for your security, limiting who can obtain access to your account numbers and having innovative new ways to verify and initiate purchases. The use of Touch and Face ID and the simplicity of locking the card via an app on your phone is also a good way of making privacy and security easy via good UX and UI.

Of course, we can’t make a definitive judgment on the card itself until its used and we know more information but you can take steps now to ensure your financial information isn’t at risk, such as using disposable virtual credit and debit cards .

Changing the Credit Card Game

Perhaps most importantly, Apple is making privacy a feature credit card companies need to compete on. It’s unlikely that the banks and other issuers won’t notice and respond.

By making a loud proclamation that the Apple Card won’t track your spending behaviors and data (in a way visible to Apple) and that Goldman Sachs won’t share or sell your data, Apple is promoting that as a major competitive differentiator for its customers.

Before the Apple Card, no major credit card was promising data privacy as part of their feature set. Credit cards considered it a given and we were essentially giving away our data for free given that credit card companies make money off of a variety of ways such as interest and fees (annual, transactional, etc).

Now, with Apple leading the charge, credit card companies may take example and improve their privacy offerings or limit their data collection and market that to consumers, ultimately improving privacy as a whole.

Consumers can also “vote with their wallet” and adopt Apple Card en masse, rewarding Apple’s commitment to consumer privacy. If that’s the case, credit card companies will have a forced hand and find themselves having to make similar concessions in order to stay competitive. 

Ultimately, this bodes well for consumer privacy.

What’s Next?

As the Apple Card is used and adopted, we’ll learn the details behind the claims they’ve made, and more about how the card works in terms of both privacy and security. We’ll also keep an eye on the level of adoption the card will experience and how much of that adoption is driven by Apple’s commitment to privacy.

It’s great to see Apple continuing to compete on privacy and to leverage their power to extend privacy into new market segments as they enter them.

Show More
Back to top button