Apple Pay

Published in

HLTechnologyBlog

4 min readMay 6, 2020

Apple Pay is a payment system by Apple that enables users to make payments on websites, iOS apps and in person. It’s designed to remove the dependency on physical credit or debit cards, and their contactless payment ability.

The technology is based on Near Field Communications (“NFC”) with an embed Security Element (“SE”), which is a tamper-proof chip to store sensitive data and perform cryptographic functions (algorithms that validates authenticity).

This feature was first launched in late 2014, but is now in all new devices since 2016 including Apple Watches.

Adding a card to the service

Users can add their cards to the service by:

Using card details from iTunes account
Take photo of card
Being provisioned by card issuer’s app
By entering card details manually

When a user adds card details to the service, Apple sends these details to the card issuer (Visa, MasterCard, AmericanExpress, etc) which, if approved, returns an algorithmically generated device-specific token called the Device Account Number (“DAN”) that is then sent back to Apple and subsequently saved on the user’s device in the SE.

This DAN token is used to process payments without any of the user’s bank card details being exposed. This process of substituting the card details for a token is called “tokenisation” and is a fundamental part of how mobile payments work. The process of generating the token from the original card details is irreversible, so even if an attacker was to steal the user’s token, they won’t be able to reverse engineer the card details from the token.

If the user has multiple devices, they will need to add their card details to each device.

Making a payment

When making a payment in person, there are 2 ways Apple Pay can communicate with the point of sale terminal:

EMV contactless method:

The way it works is after the user has authenticated themselves the SE generates a transaction token, which is then sent along with the previously saved DAN token, transaction amount and some other information to the merchant’s payment gateway for verification.

Apple describes this method as “standard for debit and credit card transactions. It provides transaction security features, reduces the risk of card-present fraud, and provides other application capabilities that aren’t available with magnetic stripe cards.” and hence, it’s the preferred method for doing the contactless payments.

Magnetic stripe data (“MSD”) contactless method:

It uses the DAN token along with the card expiry date, a service code and something called a dynamic CVV number. These are then sent to the merchant’s payment gateway for verification.

Apple had to add this ability to make sure Apple Pay was compatible with all existing point of sale terminals that supported contactless payments. This is how normal contactless cards do their payments and in terms of the data they share with the point of sale terminal.

This method is known as the old way of doing contactless payments and was first introduced in 2005, but only really became popular in 2014.

When the payment is done online or in an app:

Once the user has authenticated the transaction, the DAN token is sent along with a transaction specific code generated by the SE to Apple. Apple then re-encrypts it with a merchant specific key and then sent to the merchant’s payment gateway for verification.

Although the notifications of a payment is almost instant, the actual processing time and movement of funds between banks can take up to 3 days, similar to normal card transactions. Generally, payment verifications can take just a few seconds, as opposed to chip and PIN payments which take longer.

Adoption

The Apple Pay adoption estimates are roughly just below 50% of iPhone users. It’s currently the 6th most popular way to make a payment in the US behind credit cards, cash, debit card and PayPal. 65% of Gen Z (16–20 year-olds) say they use mobile payments more than traditional card payments. Mobile payments have increased 328% year-on-year in the UK since 2017, which really gives an idea of the popularity of this technology and the way the payment industry is moving.

How does Apple make money from this

At this point, you might be asking yourself why Apple are implementing this amazing service at no extra cost for the consumer? It’s not like Apple to do anything for free, well it’s actually rather clever because on each transaction they charge 0.15%. They don’t actually charge users, merchants or developers anything to use the service, but there is a small exception with a charge 3% fee for of use credit card.

The exact profit from Apple Pay is unknown, but per quarter in 2019 they were doing about 3 billion transactions globally so its definitely not a small number.

Benefits (TL;DR)

More secure because card details aren’t exposed and there is no need to carry around a wallet that can potentially be lost or stolen.
More convenient and quicker than traditional chip and PIN payments.
Can potentially have a limitless transaction limit depending on the merchant.
There are no fees involved unless you use a credit card.