Initiating a Transaction Using Apple Pay After the device receives this information from Apple servers, it is saved in the device’s secure element (SE). This DAN is generated using tokenization and is not the actual card number.Īfterward, this information is sent back to Apple servers. Then the card network validates the card information with the issuing bank.Īfter the validation, the card network acting as a TSP (Token Service Provider) creates a token (which is called a DAN or a Device Account Number in the context of Apple Pay) and a token key. Then this information is submitted to Apple servers.Īpple sends the received card information to the relevant card network (Visa, MasterCard, AmericanExpress, Discover, and so on). Adding a Card to Apple Pay Ī card can be added to Apple Pay by either scanning the card or by submitting the card information. We will discuss these step by step in the coming sections. The following diagram describes the transaction flow of Apple Pay. This makes it impossible for criminals to reverse engineer the Primary Account Number from a token.Ĭlick here for the Wikipedia article on tokenization if you want to learn more. There is no algorithm to derive the Primary Account Number if you have a token. Tokens have no meaning by themselves and are worthless to criminals if a token is stolen. Tokenization stops the original card number from being used during transactions. A token looks like a normal credit card number, but it’s not the original PAN. In the context of credit cards and Apple Pay, tokenization is used to replace the Primary Account Number (PAN, or the credit card number) with a token. The mapping from original data to a token uses methods which render tokens infeasible to reverse in the absence of the tokenization system identifier) that maps back to the sensitive data through a tokenization system. The following is a concise description from Wikipedia on Tokenization technology: Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. Here we’ll try to understand the basics of Tokenization. Tokenization as a process is being adopted more and more in the payments industry. SE emulates a payment card during an Apple Pay transaction. This is used at payment terminals to perform transactions over NFC. In the iPhones after iPhone 6, and in Apple Watch, an SE is embedded into the device’s near-field communication (NFC) chip. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities.Īpple Pay uses SE to store secret information associated with tokenized cards (we will talk about this later). Secure ElementĪ secure element (SE) is something that is mentioned when talking about Apple Pay, so we need to understand what it is.Īccording to Global Platform: A Secure Element (SE) is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (e.g. I’ll briefly discuss the security benefits as well.īefore diving in, let’s get familiar with some basic terminology. In this article, I am going to discuss how Apple Pay works in general and how it works when it is used at a physical POS terminal, specifically. No more plastic cards to carry around, and you do not have to worry about losing them (what a relief!). Mobile payments have become very popular due to the convenience and the security they offer. By Dumindu Buddhika How Apple Pay Works Under the Hood Photo by Jonas Leupe on Unsplashĭo you use Apple Pay? Have you ever wondered how an Apple Pay transaction goes through? In this post, you will learn how Apple Pay works end to end.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |