Exploring Apple Pay: A Guide to Its Secure Payment System

Rite Aid Discontinues Support for Apple Pay Payments

As Apple Pay prepares to launch later this month, there may be a surge of skepticism from critics and competitors like PayPal about the prudence of entrusting Apple with sensitive credit card details. However, Apple Pay stands out as an exceptionally secure method for handling credit card transactions. Here’s a simplified explanation of how Apple Pay maintains its security, though some intricate technical specifics are kept confidential for security reasons.

During the development of Apple Pay, I had the opportunity to discuss with several developers who provided some insights into Apple’s venture into mobile payments. Moreover, the technical and financial frameworks that Apple Pay adheres to are outlined in the EMV Payment Tokenisation Specification Technical Framework, available for download here.

Rite Aid Discontinues Support for Apple Pay Payments

Credit Card information isn’t part of the equation

Apple Pay does not store any credit card information on the iPhone or Apple’s servers, nor is it shared with merchants. When setting up Apple Pay, the credit card details are encrypted and sent to the credit card network, which verifies the information and returns a token to the iPhone.

This token is stored in the iPhone’s Secure Element and replaces the actual credit card number in transactions.

What the heck is a token?

A token in Apple Pay is a unique 16-digit number generated randomly that acts as a stand-in for your real credit card number. The only commonality it shares with your credit card is the last four digits. A white paper from First Data explains that while tokens can be used for transactions within the merchant’s environment, they are useless for transactions elsewhere.

Tokens by themselves are worthless and cannot be decrypted

Tokens are designed to be non-decryptable and hold no value by themselves. They are not created through mathematical algorithms but are instead a random string of numbers that only the token issuer can link back to the original credit card details. Even if someone could access these tokens, they would be unable to misuse them without the corresponding cryptogram.

The mechanics of an Apple Pay transaction

During a transaction, the iPhone sends the token to the merchant, who forwards it to the credit card network.

The network then verifies the token with the issuing bank. If the transaction is approved, the bank confirms back to the merchant to proceed with the transaction. This method ensures that the merchant never sees the actual credit card number, only the token.

Additional layers of security – Touch ID and cryptograms

Transactions via Apple Pay require authentication, typically through Touch ID. Each transaction also generates a new CVV and a cryptogram, which uniquely identifies the device that initiated the transaction. These elements ensure that the token used is valid and secure for that specific transaction only.

Experts in the field, like Steve Mott from BetterBuyDesign and Tom Noyes, have praised Apple Pay’s security standards, highlighting its role in advancing mobile payment security.

Share This Article

Matthew is a dedicated writer for TUAW, bringing insightful and engaging content to Apple enthusiasts around the world. With a deep love for all things Apple, Matthew covers everything from the latest iPhone and iPad releases to MacBook innovations and Apple Watch updates. His articles are known for their clarity and depth, making complex tech topics accessible to everyone. When he’s not writing, Matthew enjoys exploring new apps and testing out the latest Apple gadgets.