Xero Now Offers Tap To Pay On IPhone For NZ Small Businesses With A Stripe Account To Accept Contactless Payments

An easy, secure and private way to accept contactless payments with an iPhone and the Xero Accounting iOS app, no additional hardware needed
Wellington — 29 May 2025 Xero, the global small business platform, has launched Tap To Pay on iPhone, enabling Xero customers in New Zealand with a Stripe account to seamlessly and securely accept in-person contactless payments with their iPhone and the Xero Accounting app — no additional hardware or payment terminal needed. Tap to Pay on iPhone enables businesses to accept all forms of contactless payments, including contactless credit and debit cards, Apple Pay, and other digital wallets.
Using Tap to Pay on iPhone is easy, secure and private. With Tap to Pay on iPhone, at checkout, the merchant can simply prompt the customer to hold their iPhone or Apple Watch with their contactless credit or debit card, Apple Pay or other digital wallet to pay with their contactless credit or debit card near the merchant's iPhone. The payment will be securely completed using Near Field Communication (NFC) technology. Tap to Pay on iPhone also supports PIN entry, which includes accessibility options.
Apple's Tap to Pay on iPhone technology uses the built-in features of iPhone to keep the business' and customers' data private and secure. When a payment is processed, Apple doesn't store card numbers or transaction information on Apple servers, so merchants and customers can rest assured that their data stays theirs*.
Empowering businesses with more ways to pay
Managing cash flow is more important than ever for small businesses, and receiving timely payments from customers is a fundamental piece of the puzzle.
Xero research shows over a third (38%) of Kiwi consumers say they are frustrated when their preferred payment option isn't available and one in five (22%) would shop elsewhere if a business didn't offer one of their preferred ways to pay**.
Bharathi Ramavarjula, SVP, Payments & Ecosystem at Xero said, 'Managing payments plays a vital part of the cash flow equation, but small businesses continue to face challenges, including chasing late payments. With so much on their plate already, keeping pace with shifting consumer expectations and market trends can feel overwhelming.
That's why payments is such a core part of Xero's business strategy. With the launch of Tap to Pay on iPhone, we're excited to support small businesses to streamline payment processes, enabling them to accept payments on the spot, and maintain a healthy cash flow.'
Tap to Pay on iPhone enables Xero customers in New Zealand with a Stripe account to use a contactless payment acceptance solution that is easy to set up and use. Businesses will be able to unlock contactless payment acceptance through the Xero Accounting app on an iPhone XS or later running the latest version of iOS, and can simply download the Xero Accounting app from the Apple App Store to start accepting contactless payments within minutes.
For more information on Xero, please visit xero.com
Note
*Encrypted card numbers are temporarily stored on iPhone only for transactions made in Store and Forward mode.
**Additional findings from Xero's 'I want to pay that way' research in May 2024 of 1005 New Zealand adults and 508 small business leaders.
About Xero
Xero is a global small business platform that helps customers supercharge their business by bringing together the most important small business tools, including accounting, payroll and payments — on one platform. Xero's powerful platform helps customers automate routine tasks, get timely insights, and connects them with their data, their apps, and their accountant or bookkeeper so they can focus on what really matters. Trusted by millions of small businesses and accountants and bookkeepers globally, Xero makes life better for people in small business, their advisors, and communities around the world. For further information, please visit xero.com.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Techday NZ

2 days ago

• Techday NZ

World's largest data breach exposes 16 billion credentials

The scale of the latest data breach, involving a staggering 16 billion new credentials and passwords, is forcing both experts and organisations to reckon with the ongoing weaknesses in global digital security. Described as the world's largest data breach, the incident has reportedly swept up data from a vast array of online platforms, including not only commercial giants like Apple and Google but also government services and numerous SaaS (Software as a Service) applications. Brian Soby, co-founder and CTO at AppOmni, whose company specialises in securing digital records, believes the breach was inevitable given the industry's reliance on outmoded security frameworks. Soby warns that the gravity of the situation goes beyond the raw numbers: "This isn't just a collection of old, previously leaked passwords; it appears to be a new, massive, and highly organised library of credentials." According to Soby, cybercriminals now hold a "roadmap for widespread account takeovers" that threatens the backbone of modern digital life — cloud services and SaaS applications — potentially outpacing many current security defences. Soby highlights a critical vulnerability at the heart of today's enterprises. While many organisations invest in identity management and access security projects, basic misconfigurations and failure to disable outdated forms of credential use leave them exposed. "Large credential dumps such as these are likely to highlight just how many organisations indeed remain vulnerable to credential attacks due to these insufficient protections," he adds. Spencer Young, Senior Vice President EMEA at cybersecurity firm Delinea, echoes the concern, underlining that static credentials, especially passwords which are seldom changed, represent an Achilles' heel. "Passwords alone – especially unrotated ones – leave consumers and organisations vulnerable to phishing, credential stuffing, and Pass-the-Hash attacks," he notes. Young stresses that the traditional advice of strong password hygiene is no longer sufficient. Instead, initiatives like automated password rotation and credential vaulting, which reduce the window of opportunity for attackers, should be the new standard. In terms of longer-term solutions, Young observes that passwordless authentication approaches are gaining traction. "Technologies such as biometrics, where biometric data remains encrypted and safely stored in the device and does not travel across the network, improves the authentication process," he explains. However, he warns that passwords themselves are far from obsolete; they are increasingly being relegated to the background as part of a layered, multifactor authorisation system that may include one-time passwords or magic links to enhance security. With cybercriminals orchestrating campaigns using vast troves of login data, the scale of weaponisation is unprecedented. Tim Eades, CEO and co-founder at Anetac, illustrates the dilemma facing organisations across the world, as these troves become "a commodity that are bought, sold, and weaponised in countless attacks." Eades notes that the unrelenting circulation of stolen records magnifies the risk over time, especially as new AI agents — sometimes deployed without adequate safeguards — can introduce further vulnerabilities and thousands of new access points for attackers. "The part that keeps CISOs up at night? These records circulate for years, the risk doesn't go away, it only grows over time." Raising further alarm, Eades points out that until affected organisations are identified, compromised individuals may have no warning or recourse. This opacity not only endangers users but also perpetuates a cycle in which threat actors vie to surpass one another, pushing the boundaries of data breaches ever further. He urges organisations to reinforce security measures: "Leaders should protect all credentials like they are the keys to the castle." Encouraging the use of unique passwords, two-factor authentication, and embedding a culture of security awareness are presented as essential starting points. Another concern arising from the breach is the "snowball effect" it might have on cyber-attacks, especially through the proliferation of sleeper accounts. Xavier Sheikrojan, Senior Risk Intelligence Manager at Signifyd, warns that fraudsters may use stolen credentials not just for immediate exploitation but to create dormant accounts for later and larger-scale attacks. He advocates for proactive action, urging businesses to monitor user behaviour, force password resets, and continually refine machine learning systems aimed at picking up fraudulent activity. As experts across the sector agree, the exposure of billions of records simultaneously marks a pivotal moment in the digital security landscape. While technology continues to advance, so too does the capacity and sophistication of cybercrime, prompting renewed calls for organisations and individuals alike to treat identity and access security with unwavering seriousness and vigilance.

Techday NZ

3 days ago

• Techday NZ

Acron Aviation launches Astra app to boost airline efficiency

Acron Aviation has announced the launch of its new iOS application, Astra, which is designed to provide pilots and management teams with personalised performance data and insights before and after each flight. The app is described as a tool for transforming how flight performance data is accessed and used by pilots and airline operators. Astra incorporates modules that focus on safety and efficiency, making use of advanced data analytics and machine learning algorithms to deliver tailored intelligence to end-users. Designed to be customisable, Astra integrates with both Acron Aviation's own Flight Data Monitoring platform and third-party systems, enabling seamless adoption across fleets. Data-driven flight operations Astra's safety module offers pre- and post-flight insights, prioritising safety and fostering continuous improvement for pilots and operations teams. Key features include the monitoring of fuel consumption, aircraft wear-and-tear, and performance metrics, all available through an intuitive dashboard that provides management teams with comprehensive oversight at fleet level. Mitesh Patel, Vice President and General Manager Flight Data Intelligence at Acron Aviation, commented on the launch: "With Astra, we're closing the gap between Standard Operating Procedures (SOPs) and actual flight performance." Patel continued, "by leveraging Machine Learning algorithms and our database of 45 million flights, we're delivering personalised, timely, and engaging feedback directly to pilots. Astra represents a significant advancement in how airlines can monitor and optimise fuel consumption and reduce wear-and-tear. This approach not only enhances safety it also improves operational effectiveness and reduces costs." The comprehensive information provided by Astra empowers both pilots and management. For pilots, critical data is consolidated in one application, aiming to reduce the burden of switching between tools while in the cockpit or during pre-flight preparation. Efficiency partnership Astra was developed through a strategic partnership between Acron Aviation and FuelVision, a company with a focus on flight efficiency and data-driven performance. Elena Escrivá de Romaní Pérez, Chief Executive Officer of FuelVision, explained: "Astra increases awareness and engagement with efficiency programs by providing pilots with individual feedback and coaching, as well as providing detailed analytics on fuel consumption patterns, identifies potential savings opportunities, and offers actionable recommendations to optimise flight operations." She continued, "FuelVision was founded by pilots, which means we do things in a fundamentally different way and our starting point is always through the lens of a pilot." The Efficiency module in Astra enables airlines to benchmark performance, track adherence to Standard Operating Procedures, and tailor training programmes based on observed areas for improvement. Customisable parameters also make it possible to inform and adapt fleet-wide pilot training aligned to the latest performance data and trends. Key features Astra processes over 25,000 flights daily, ensuring that debriefs and feedback are delivered to pilots within 15 minutes of landing. Its features include a dashboard for monitoring fuel usage and wear indicators, machine learning-driven analysis of operational effectiveness, unified performance views covering safety and efficiency metrics, and the development of individualised training plans targeted at specific needs. The app can provide pre-flight briefings to pilots with route-specific operational data, enhancing preparation and situational awareness. Following each flight, pilots receive a debrief based on rapid analysis of flight data. Comparative benchmarking allows crew members to measure performance relative to peers within their fleet, reflecting a commitment to continuous improvement and team-based oversight. For management, Astra adds value by highlighting both strong performance and areas that require additional support or intervention. The ability to monitor adherence to company procedures and assess return on investment is designed to support both efficiency and risk management objectives. Industry integration Astra is compatible with Acron Aviation's Flight Data Connect platform, which processes large volumes of flight information in a matter of minutes. This integration supports broader safety and operational initiatives, including contributions to IATA's Flight Data eXchange programme. The application is available for further demonstrations at key industry events, with Acron Aviation continuing to showcase Astra's capabilities to prospective users from the global aviation community.

Techday NZ

5 days ago

• Techday NZ

Jamf report finds phishing & infostealers surge on Apple devices

Jamf has released its Security 360 Report, highlighting significant security trends and risks for mobile and Mac devices within organisational environments worldwide. The report, which examines both mobile and macOS platforms, identifies phishing, infostealers, and operating system vulnerabilities as major concerns and areas where enterprises need to focus their cybersecurity efforts. According to Josh Stein, Vice President of Product Strategy at Jamf, the aim of the research is to help security professionals understand and manage the challenges posed by both longstanding and emerging threats. "Our goal with this research is to inform security leaders about the risks impacting their organizations – whether those risks impact Mac or mobile – and provide tangible recommendations for safeguarding their organizations against increasingly sophisticated attacks," said Josh Stein, VP of Product Strategy at Jamf. "Age-old threats like phishing remain extremely prevalent and cannot be overlooked…nor can threats skyrocketing in popularity like infostealers. Jamf remains deeply committed to continuous threat research to not only protect our customers but also contribute valuable insights to the broader security community." Mobile threats The report notes that mobile devices are frequently the sole tools used by employees to access work resources, emphasising the need for robust defences across a variety of threat vectors. Jamf segmented its analysis of mobile device threats into four key areas: phishing, vulnerability management, application risk and malware, and spyware. Phishing attacks remain especially prevalent, with Jamf identifying approximately 10 million such attacks in the past year. The company reported that 25% of organisations experienced a social engineering incident and that one in ten users clicked on a malicious phishing link. The report suggests security training programmes and the adoption of layered, zero-trust security models can help mitigate these risks. In terms of vulnerability management, Jamf found that 32% of organisations had at least one device with critical vulnerabilities, and that 55.1% of mobile devices in use within workplaces were running on a vulnerable operating system. The company highlighted the importance of timely updates to patch known vulnerabilities, as provided by both Apple and Google. The research further discussed application risk, referencing Jamf's previous identification of a Transparency, Consent and Control (TCC) bypass flaw on iOS. The company demonstrated how side-loaded apps can compromise user privacy and emphasised the need for security controls that extend beyond just keeping operating systems up to date. Spyware and advanced malware were identified as threats that, though less frequent than on some platforms, are extremely sophisticated when they do emerge. High-profile individuals, including journalists, politicians, and diplomats, are at particular risk, with Apple sending compromise notifications to users in around 100 countries last year. The report recommends treating mobile devices with the same level of security as other endpoints in the enterprise environment. Threats to macOS Mac devices, which were once principally used by executives and creatives, have become common fixtures in enterprises across a range of sectors. According to the report, this proliferation has broadened the attack surface and increased the diversity of threats targeting the platform. Jamf outlined three principal areas of concern for macOS: application risk and malware, vulnerability management, and social engineering. Infostealers have become the dominant form of malware on Macs, accounting for 28.36% of all Mac malware analysed by Jamf, compared to just 0.25% in the previous year's findings. The report singles out employees in industries such as cryptocurrency as needing to be particularly alert, advocating for both ongoing training and adequate technological defences. The report also addresses myths about macOS security, noting that vulnerabilities persist despite perceptions of invulnerability. Jamf highlighted a recently discovered flaw in Gatekeeper, a mechanism intended to stop unverified apps from being run. The report notes the requirement for both effective technical controls and regular employee training to counter risks posed by software vulnerabilities. Social engineering threats, including phishing, exploit the widespread adoption of Macs in the workplace. Jamf cited campaigns that use professional social media platforms such as LinkedIn as initial attack vectors, rather than the email channels typically associated with phishing. The company recommends comprehensive employee training on all forms of phishing relevant to Mac users. Methodology The findings in the Security 360 Report are based on the analysis of 1.4 million devices protected by Jamf, conducted in the first quarter of 2025. The scope of analysis covered the previous year, included users in 90 countries, and spanned multiple mobile and desktop platforms, including iOS, iPadOS, Android, and macOS devices. The report draws on Jamf's proprietary Threat Intelligence, incorporating data from original research, device usage metrics, and analysis of news and external data feeds.