How does Apple Pay work?

Apple Pay is a payment system that is designed to change the way you shop. With over 250 million users and $1 billion transactions during Q3 2018 alone, Apple is leading the way to move users from carrying wallets full of cards to a digital wallet on your iPhone and iWatch. So how does the technology work? As a curious PM, I take a peek under the hood of the fastest growing payment method in the world.

The Magical Tap

Apple Pay uses a technology called NFC (Near-Field Communication) that gained popularity when Sony, Nokia, and Philips established the NFC forum. NFC is a set of communication protocols that enable two electronic devices to establish a communication when they are within 4 cm of each other.

NFC will open the floodgates for profound changes in the way we use our mobile devices – Anthony Iacovone, Augme

Almost all new phones have an NFC chip in them which allow them to exchange a small amount of information with terminals containing a similar chip. NFC does not require a lot of energy, therefore some of the terminals may not even require any power to operate.

There is no way this is secure. Or is it?

Apple Pay is more secure than traditional forms of payment. No credit card information – not even in an encrypted format – is stored on Apple or merchant servers. As soon as a user signs up, the credit card information is encrypted and sent to the credit card vendor (Visa or MasterCard) which then convert it into a 16 digit token and send it back to your phone. This token is then stored within iPhone’s Secure Element. When you tap on the terminal to pay for items, this token is then used to authorize your payment instead of your credit card number. If you are a nerd like me then you can read a whitepaper on Tokens here

The key to tokens is that the token itself is worthless and hold no value to perform a monetary transaction. Here is where it gets mind boggling – Apple Pay tokens are not mathematically generated, they are randomly generated strings that exist in a master index. Hence it is impossible for hackers to reverse engineer your credit card number. The only entity that can map the string back to the credit card account is the token issuer (credit card network).

How does a transaction take place?

You start by adding a credit card to your Apple Wallet before proceeding to make a payment using the NFC technology. As soon as you tap your phone to a terminal, the phone will ask you to authorize the transaction by using the Touch ID or the Face ID. Once the phone has identified you, it sends the token to the terminal (not your credit card information). The merchant terminal then sends this token to your credit card network (Visa or MasterCard) for them to map it to the credit card account. Once mapped, the credit network contacts the issuing bank to authorize the payment. Once the bank authorizes the payment, the bank sends a message to the merchant terminal to proceed with the transaction. Throughout the process, no one is in possession of your credit card numbers, which makes this process immune to man in the middle attack and credit card skimming. Gone are the days when you need to worry about companies like Target being hacked and compromising your credit card information since there are no credit cards to hack in the first place.

A Win-Win

The use of token based payments is something that banks have been pushing for and credit card networks are equally excited. By creating an impressively simple user experience, Apple is expecting a growth of 200% over the next 12 months. All of this works out perfectly well for Apple since the issuer (the banks) pay 0.15% of every transaction helping Apple boost it’s $1 trillion dollar market cap.

Click here for interesting Apple Pay adoption stats.