Apple is already starting to see issues managing authorization in their payment systems as in my last post. In this case, it wasn’t malware related, but it was still a function of trying to find the right balance between user convenience and payment authorization. When you make a purchase through iTunes, your password is cached for fifteen minutes. In this case, parents were buying on iTunes then handing their phones over to kids who would go on to make huge purchases of Smurfberries in Smurf Village. It does sound irresistible.
What’s happening is that Apple is changing the model for online payments. Most everyone – and certainly everyone with an iPhone – is familiar with online payments. Payments are tied to specific sites, accounts or services. I log into Barnes and Noble and buy a book. I log into New Egg and buy a hard drive. I use the same credit card for all of those purchases, but they’re tied to different accounts and different sessions. New Egg doesn’t know anything about my BN cart or my BN purchase. PayPal is marginally closer, as it’s an online account usable across multiple sites rather than just a credit card number stored in multiple profiles, but PayPal still authenticates you at each payment event.
Apple has made a fortune off of easy payments. Removing barriers to the impulse of buying a song or an app is a huge part of their billions in music and app revenue. But as an abundance of Smurfberries shows, a little user inconvenience can be a user benefit. Inadequate authorization is poisonous to user trust. By prioritizing convenience over rigor, Apple has damaged the trust of active buyers, not only leading to a reduction in errant Smurfberries, but probably reducing the prior purchases which led to the Smurfberries. Getting burned by unwanted charges kills the appetite for impuse buys.
Amazon’s one-click purchase is the closest comparison, as it allows for a strict impulse purchase. No extra checks, passwords or confirmations. But Amazon purchases are confined to the Amazon website. Apple has extended its impulse buy across the entire app ecosystem. In that fifteen minute window, any app was eligible.
To its credit, Apple has changed all that. iOS 4.3 now has separate timers for App Store and in-app purchases. That’s the right position to take, and it’s good for users. But minimal barriers to impulse purchase has been incredibly lucrative for Apple. Doing anything to increase the barrier to a sale will reduce their revenue.
It’s a tacit admission that they had a serious problem. I don’t know if it’s one they saw coming or not, but they should be prepared for more. Apple is great at optimizing for user experience. Optimizing for security is a very different matter. They need to do more of that to succeed in the payment business.