This Week's Sponsor:

Kolide

Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.


Apple Pay Arrives on Safari

Apple Pay started with point of sale terminals and iOS apps. With iOS 10 and macOS Sierra, Apple has extended Apple Pay to include web-based purchases made with its Safari browser. Despite being limited to Safari, Apple Pay’s combination of simplicity and security has the potential to make it a de facto requirement for online retailers.

On iOS, Apple Pay works in Safari and the Safari View Controller that can be displayed inside other apps. Apple Pay also works in Safari on Macs running macOS Sierra, which was released earlier today. If you already have Apple Pay set up on an iPhone or Apple Watch, there is nothing new you need to do to use Apple Pay on the web. The only difference is in the way you authorize a transaction on the Mac.

On iOS and Mac, Apple Pay buttons can appear during the checkout process, but can also be placed on product pages as a way to bypass traditional checkout processes entirely. One nice touch is that the Apple Pay API can query whether there is an Apple Pay account set up for the device being used. If not, Apple Pay buttons can be hidden.

Apple Pay transactions can be authorized on iOS inside Safari using Touch ID.

Apple Pay transactions can be authorized on iOS inside Safari using Touch ID.

On iOS after you tap on an Apple Pay button, a sheet slides up with the billing and shipping information stored in your Apple Pay account, which can be edited before completing your purchase. The only other step is to place your finger on the Touch ID sensor to authenticate and complete the transaction.

On the Mac, the process is a little different. Because Macs don’t have Touch ID sensors,1 payment authorization can’t take place using Mac hardware. Instead, using the Apple Pay API, the merchant can check if there is an iPhone or Apple Watch that can be used to authenticate the sale. This all happens quickly and seamlessly for users who see a momentary spinner and are then asked to complete the sale using an iPhone or Apple Watch if a device is available.

Apple Pay transactions on macOS Sierra can be authorized with the Apple Watch.

Apple Pay transactions on macOS Sierra can be authorized with the Apple Watch.

In addition to being convenient, Apple Pay is more secure than a credit or debit card because it uses a single-use token for each transaction instead of transmitting credit card information as part of the sale. The Apple Pay API also requires that the merchant site use https. Here are the security details as described by Apple:

To securely transmit your payment information when you pay in apps and websites, Apple Pay receives your encrypted transaction and re-encrypts it with a developer-specific key before the transaction information is sent to the developer or payment processor. This key helps ensure that only the app or website you’re purchasing from can access your encrypted payment information. Every website offering Apple Pay must also verify their domain every time Apple Pay is offered as a payment option. As with in-store payments, Apple sends your Device Account Number to the app or website along with the dynamic security code. So neither Apple nor your device sends your actual credit or debit card numbers to the app.

When you use Apple Pay to make a purchase on your Mac in Safari, Apple Pay transfers purchase information in an encrypted format between your Mac and your iOS device or Apple Watch to complete your transaction.

Apple Pay transactions on macOS Sierra can also be authorized with an iPhone that has a Touch ID sensor.

Apple Pay transactions on macOS Sierra can also be authorized with an iPhone that has a Touch ID sensor.

Merchants that want to deploy Apple Pay on their sites can do so by signing up for an Apple Developer account and getting the necessary encryption certificates. The process is relatively simple, but there is an even simpler path. Online commerce companies like Shopify have announced support for Apple Pay on the web and can handle the certificates and developer accounts for merchants who don’t want to deal with that.

The number of sites that currently accept Apple Pay is limited, but the promise of a single, secure process for purchasing things in person, in apps, and online should be attractive to consumers and retailers. For consumers, simplicity and convenience are paramount. For them, Apple Pay on the web is a little like Amazon’s 1-Click purchase button, but instead of being limited to one site, it works across all sites that supports Apple Pay. For merchants, the convenience to customers, security, and the support of companies like Shopify and Stripe, should help turn more people into paying customers, encouraging retailers to add Apple Pay to their websites in what may be a virtuous cycle.


  1. Yet. ↩︎

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.