Deborah Hall-Lefevre is making the biggest bet of her 23-year IT career.
On Monday, Oct. 20, Hall-Lefevre, McDonald's vice president and CIO of U.S. Information Technology, is going to flip a switch and all of the fast food chain's roughly 14,000 domestic outlets and drive-thrus will go live with Apple Pay. (Apple Pay is Apple's new contactless, NFC-based mobile payment system. For more details, read, "What You Need to Know About Apple Pay.")
If it anything goes wrong with the Apple Pay rollout, someone is going to take the hit, and it won't be Ronald McDonald. But Hall-Lefevre isn't losing sleep. "It's really not that much of a rollout. We already have NFC terminals in more than 14,000 locations. We don't have to change anything and there's nothing new to test," she said during an exclusive interview with CIO.com.
That's not entirely true. McDonald's tested Apple Pay at its Point of Sale (PoS) lab in Oak Brook, Ill., and the results earned a green light. "We've done full end-to-end testing that included folks from McDonald's and Apple," Hall-Lefevre says. "We've closed the loop and feel very confident."
Hall-Lefevre is responsible for the development and execution of the company's technology strategy in the United States and is the point person for the Apple Pay deployment. Getting corporate signoff for it was not difficult, she says. It was a coordinated effort that included IT and marketing, along with senior level executives including Atif Rafiq, McDonald's global digital officer; the company's global CIO, Jim Sappington; and CEO Don Thompson.
McDonald's has had NFC-enabled PoS terminals in its stores for more than two years, so the company is no stranger to mobile payment technology. Customers can already use the terminals to pay with Google Wallet, MasterCard's PayPass, Visa payWave and other contactless payment systems. The existing hardware and software will now support Apple Pay.
"Standardization is a big plus for us," Hall-Lefevre says. Not having to support multiple hardware and software platforms means employee training is easier, IT's job is much simpler, and there's less to go wrong when Apple Pay goes live, she says.
"Apple Pay is riding on our existing rails. When the customer decides to use [another] mobile wallet or Apple Pay, it works like any other cashless transaction," Hall-Lefevre says. The terminals sit next to cash registers at the restaurants, and employees hold them out to customers at drive-thru windows. Apple Pay users just link their credit cards to the iOS Passbook app, then hold their phones up to a terminal to pay while touching the fingerprint reader for authentication. A vibration and a beep let customers know when transactions are complete.
McDonald's is not alone in supporting Apple Pay right out of the gate. Apple says the NFC-based payments system will be available at 220,000 retail locations. Retailers that have already announced support include Walgreens, Duane Reade, Nike, Panera Bread, Staples and Whole Foods. Credit and debit card companies immediately supporting Apple Pay include Bank of America, CapitalOne, Chase, Citi, American Express and Wells Fargo.
McDonald's plans to bring Apple Pay to its offshore locations as well, but the timeframe is not yet set.
Elephant in the Room: Security
Hall-Lefevre is reluctant to discuss specific security precaution as Apple Pay goes live, for fear of giving hackers hints that could be used to steal customer data.
During her discussion with CIO.com, Hall-Lefevre emphasized two key points: McDonald's does not store customer data on its network; and the company trusts the security and privacy features Apple built into Apple Pay.
McDonald's is so confident in Apple's security that it is not using any safeguards beyond those provided by Apple and the rest of the financial payments network. "Apple Pay transactions will be handled like any other cashless transaction," Hall-Lefevre says.
One reason Hall-Lefevre is so comfortable with Apple's security precautions, says IDC Analyst James Wester, is that Apple has a lot of the line -- including a very large chunk of potential profit.
Although Apple will not confirm it, Wester believes the company will receive 5 cents for every debit card transaction and a percentage of every credit card transaction from the issuing banks. In return, Apple is willing to take some of the risk by paying for all or part of any fraudulent transactions, Wester says.
The financial services network behind Apple Pay is not new, and it's been tested from a security perspective. "There's nothing there that the players haven't done billions of times for trillions of dollars over 40 years," says Wester. "They know how to do it, and do it well." Apple's new security measures, which include tokenization and fingerprint authentication, are also strong, he says.
Sandy Shen, a Shanghai-based analyst who follows mobile payments for Gartner, agrees. "The combination of Touch ID [Apple's fingerprint reader], secure element and tokenization makes the security stronger than cloud-based mobile payments used by in-app payment today. I don't see it as necessary for retailers to take additional measures, and [they] can accept Apple Pay as they do for other payments today," Shen wrote in an email.
Given the plethora of well-publicized data breaches during the past few years, one of the most significant challenges facing any retailer using Apple Pay will be to convince customers that it is, in fact, safe.
Apple says using Apple Pay is more secure than using a traditional credit card:
"Every time you hand over your credit or debit card to pay, your card number and identity are visible. With Apple Pay, instead of using your actual credit and debit card numbers when you add your card to Passbook, a unique Device Account Number is assigned, encrypted, and securely stored in the Secure Element, a dedicated chip in iPhone. These numbers are never stored on Apple servers. And when you make a purchase, the Device Account Number, along with a transaction-specific dynamic security code, is used to process your payment. So your actual credit or debit card numbers are never shared by Apple with merchants or transmitted with payment."
Rolling With Apple Pay After the Rollout
McDonald's executives believe its customers, particularly younger ones, will quickly embrace Apple Pay. And with smartphone use practically ubiquitous in the United States, waiting on Apple Pay could be a serious competitive disadvantage, says Hall-Lefevre. "We serve 27 million customers [in the United States] every day. This is a clear and compelling business opportunity for us."
Many other retailers don't accept debit or credit cards if the transactions are too small. Some retailers charge a fee for small transactions. McDonald's accepts payment cards for all purchases, and it doesn't charge fees. The same rules will apply for Apple Pay customers. "It may be a cost to us. But in a very competitive market, it's a cost of business we're willing to accept," Hall-Lefevre says.
In general, NFC isn't widely used for payments, and the same has been true at McDonald's, according to Hall-Lefevre. The key to Apple Pay success will be to convince consumers that there's a real advantage to using it. After all, swiping a credit card isn't difficult, notes IDC's Wester.
Ultimately, that's not Hall-Lefevre's responsibility. Her job is to ensure Apple Pay runs smoothly, so just as quickly as you can answer the question, "You want fries with that?" your transaction is securely completed.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.