How Does Apple Pay Protect Credit Card Information? Here's How The Service Keeps It Secure
Whether you use Apple Pay to avoid carrying a wallet or to feel more futuristic, you might want to know how Apple Pay actually works. After all, it does involve your credit or debit card information being hooked up to your phone and paying for things just by moving the phone toward another small machine. You see, it really is futuristic.
But if you ask Apple, carrying less things or feeling like you're living 3019 when everyone else is in 2019 isn't the (entire) point. Apple calls Apple Pay "a simpler and more secure way to pay." Why does the company consider it more secure? It has to do with a lot of encryption and codes and who has access to your information.
With Apple Pay, Apple does not have access to your debit, credit, or prepaid card number and does not store purchase information. Instead, when your card information is originally inputted, it is encrypted (made into a code that is indecipherable without the key for the intended party). Apple then "decrypts the data, determines your card’s payment network, and re-encrypts the data with a key that only your payment network (or any providers authorized by your card issuer for provisioning and token services) can unlock."
Once you are signed up for Apple Pay, your bank (or an entity authorized by your bank) issues a Device Account Number, which is also encrypted. This number cannot be decrypted by Apple and is stored in the Secure Element on your phone, which Apple describes as "an industry-standard, certified chip designed to store your payment information safely."
The Device Account Number basically replaces the card in that it's used when making the purchases, but it is inaccessible, including by Apple servers, and isn't backed up to iCloud. Apple notes, "Unlike with usual credit or debit card numbers, the card issuer can prevent its use on a magnetic stripe card, over the phone, or on websites."
As for how actually making a payment at a store works, the technology is called Near Field Communication and it allows an iPhone to make a transaction with the payment device without touching, but only across a short distance. To send a payment, the user must approve the transaction with their passcode, Touch ID, or Face ID.
Paying on websites or apps, obviously, works differently. If you have Apple Pay on the device on which you want to make a purchase, you can set the device to let the website know — or not — that you have Apple Pay. The website that you're buying something from does not receive your card number, but rather encrypted payment information.
As for what Apple does have access to, according to the company, "Apple Pay stores only a portion of your actual card numbers and a portion of your Device Account Numbers, along with a card description." Also, in its section about purchases made online and via apps, the company explains, "Apple retains anonymous transaction information, including the approximate purchase amount, app developer and app name, approximate date and time, and whether the transaction completed successfully. Apple uses this data to improve Apple Pay and other products and services." Information — including how many calls someone makes per week — may also be known by Apple to determine eligibility to use Apple Pay. More about all of this can be read on the Apple site.
During an event on Monday, March 25, Apple announced a big new service related to Apple Pay: Apple Card. The credit card will be released this summer in the U.S., and Apple has boasted that the card will have no fees, low interest rates, and a rewards program called Daily Cash.
Since this card can be used with Apple Pay or as a physical card, if you're interested in signing up, then it's a good idea to get informed about Apple Pay as a whole, too. Hopefully, some of the information here helped, but for everything Apple has available on the topic, be sure to check out the full Apple Pay security and privacy information here.