Apple Pay: Fast, Secure and Private

One of Apple’s biggest announcements last week was Apple Pay– Apple’s new mobile payment service. The company’s NFC-enabled payment system is uniquely positioned as a user-friendly, secure, and convenient way for processing payment transactions. Apple Pay will provide an easy and secure way for users to buy physical goods as well as services within apps, making Apple the latest — and perhaps the most significant — player in the mobile payment space. It will be available on the iPhone 6, iPhone 6 Plus, as well as on the Apple Watch. Limited device support is attributed to the fact that only the new suite of smartphones will be equipped with two required hardware pieces: the secure element and the NFC chip set.

Some respondents in the financial tech industry have suggested that the technology is nothing new. Jason Oxman, CEO of the Electronic Transactions Association tells CNET “ there’s nothing particularly revolutionary about Apple’s implementation of mobile payments. But Apple can get people excited.” It’s true- Apple has a knack for transforming and disrupting traditional markets, and this time with Apple’s One Touch authentication feature coupled with tokenization, it has done just that.

While everyone in the industry is curious to see how Apple Pay works out, we wanted to bring important aspects of the technology to your fingertips.


A token is easily the most important concept to understand about Apple Pay and though it has many variations, its core is replacing sensitive data, like your credit card number, with a random piece of data that typically has the same structure or formatting. In order to increase security, Apple Pay has configured tokens to expire after one purchase. What’s even more significant is that with tokenization, merchants never even see the user’s actual credit card information, better yet, the consumer’s credit card information never even enters the merchant’s POS system. Using per-device tokens, like Apple Pay, means that only the bank that issued the card ever has the customer’s details and purchase history.

During an interview with Bank Innovation, John Lambert, Group Executive of Digital Channels at Master Card shared a few technical details about tokenization within the Apple Pay framework:

In transactions, Apple Pay will not only use a cryptogram, but a token as well. The networks — Visa, MasterCard, and American Express — will generate the tokens that will be a 16-digit number that looks exactly like a credit card number, but is generated dynamically.

Therefore, with tokenization in place, had Home Depot’s merchant system been breached, no real credit card numbers would have been exposed.

Tokens serve an extremely useful role in keeping customer’s credit card information on file without the hassle of maintaining a database of Personal Account Numbers (PAN).

Apple Pay Process

The Apple Pay process starts when consumers enter their credit card details on their iPhone 6 or iPhone 6 Plus. Users can take advantage of the scan feature, which allows them to add a card by simply taking its photo. The device then generates a unique token and cryptogram, which is subsequently stored in the secure element- a tiny piece of hardware dedicated to security and required for performing contactless payments.

Since the iOS device has a unique cryptogram and token, it is considered the “token requestor” within this model. During the transaction, the consumer holds their fully equipped iOS device at the checkout terminal and uses the one touch scan to authenticate the transaction. NFC technology allows the two devices to exchange data and initiate the payment process.

The payment network typically handles tokenization, though it is possible for the issuing bank to do tokenization as well. Once transaction has been deemed authentic, the payment network decrypts the cryptogram and passes it along to the issuer or bank. The bank in return decrypts the token and sends it back to the payment network so that it can be given to the merchant for things like refunds or customer tracking. In other words, each party within the transaction process decrypts something different, which essentially serves to increase security. Once the entire process is over, money is credited to the merchant and marked as amount owed by the cardholder.

Apple Pay is working with some of the top names in the U.S banking industry such as Visa, Mastercard, American Express, Bank of America, Wells Fargo and Chase amongst others to bring this experience to your doorstep.

Apple Pay presents a user experience that is exceptionally faster and easier compared to existing alternatives. Through this technology, Apple has uniquely positioned itself as a leader within the mobile payments industry.

One Touch Authentication

This feature is what makes Apple Pay different. The service uses TouchID fingerprint recognition to authenticate in-person payments as well as online purchases. The one touch authentication helps provide a seamless and simple payment flow as users are not required to enter their card details or addresses or show ID proof at Point of Sale.To pay with Apple Pay–using the default card–consumers simply hold their finger on the device’s Touch ID sensor, then wave the device near an NFC reader at the merchant’s POS terminal. With Touch ID there’s no need to open and app or even wake up the display.

The adoption of Apple Pay is expected to be swift, says Apple Insider, especially in light of Apple’s partnerships with retailers and the size of their consumer market.

Companies such as Target, Uber, Groupn and OpenTable are all set to include Apple Pay in their service offerings and other are quickly following suite.

Apple Pay will be compatible with the lion’s share of debit and credit cards issued in the U.S. after it’s official release in October 2014.