Detailed explanations of the above mentioned steps:
Talking about Apple Pay is a little bit like talking to lawyers. Talk to two of them and you get three opinions about the same thing. I talked about Apple Pay with a group of people recently, and I noticed that none of us really understood how it works.
I am a heavy user of Apple products for a decade now, and I certainly know a thing or two about payment, after all we are building a payment platform.
So I looked into the question of how Apple works and what is so special about it. It has to be easy and special, otherwise it wouldn’t stand a chance. I never met anyone who was desperate because they couldn’t pay at a cash register. “Being able to pay” is the easiest thing, especially since coins and paper money got invented – even today, 85% of all worldwide transaction are still made in cash… The modern credit card payment has then brought payment to the next level.
Therefore it must be another benefit than just simplicity, for Apple to undertake such a giant leap, and the benefit is anonymity. Especially when speaking about large companies like Apple this sounds strange, as they are usually inclined to collecting every data available.
So here is how Apple Pay really works and what’s so special about it. At the end I’ll summarize how different parties benefit.
I boiled it down to the essence and I made my own illustrations, because there are enough complex – and confusing – explanations about Apple Pay.
If we want to understand Apple Pay, we have to look at four different areas:
Two from the customer’s point of view, two from an expert point of view.
1. Paying with Apple Pay from the customer’s perspective, because that is all customers get to see in their daily usage.
2. The registration process from the customer’s perspective, for this is the basis for Apple’s cooperation with banks.
3. The Magic behind Apple Pay, Part 1: What happens in the background when a customer registers?
4. The Magic behind Apple Pay, Part 2: What happens in the background when a customer pays for something?
1. This is how you use Apple Pay in your daily life.
Just place your iPhone 6 or 6+ next to a NFC-enabled terminal and confirm your purchase by authenticating using Touch ID or your passcode. That’s it.
Alternatively you place your Apple Watch close to the terminal and confirm by pressing the button. For this, your phone has to be unlocked and paired with the Apple Watch. If you own an Apple Watch, you can also use an iPhone 5S or 5C, as the NFC chip needed to communicate with the terminal is in the Apple Watch.
The Apple Pay customer experiences a simplified payment process, and that makes us happy. It’s not as if it’s been that difficult to go through the same procedure with a credit card, but it is simply cool to pay with Apple Pay, because we hold our smartphones in our hands more frequently than we do our wallets. It gives us the odd feeling that this is an even safer way of paying for stuff.
2. The registration process from the customer’s perspective
1. In order to use Apple Pay, you need to have the right device.
Currently it works only with the iPhone 6 and 6+, or with the Apple Watch in combination with an iPhone 5S or 5C.
You have to activate Apple Pay by adding a new credit card to Passbook.
2. Take a picture of the credit card or enter the details manually.
If the card-issuing bank is supporting Apple Pay, and if the bank allows you to use Apple Pay after doing a quick check, you are set to go.
3. You can add and organize cards, just like with an analog wallet.
The process of setting up Apple Pay is easy for the customer, but what happens in the background?
The Magic, Part 1: What happens in the background of the registration process?
1. One thing that’s special about this process is that the picture taken from your card during registration is neither stored on your iPhone, nor with Apple or in the cloud. The information gets encrypted and then used in different stages for linking a token to your device by the right bank, and for making sure that you are you.
2. Apple receives the encrypted data from your phone and determines the card network (e.g. MasterCard, Visa, Amex) and the issuing bank (that’s the bank that issued your credit card).
Have a look at your credit card – if the first number is 5, then it’s a MasterCard, if it is 4, it’s Visa, 34 or 37 is American Express, and so on. The first 6 digits are the so-called Bank Identification Number (BIN). 481583.. stands for a Visa Card issued by Bank of America. These are basically the kinds of identification routines run by Apple.
3. Once your card network and your issuing bank have been found (and if they are part of the Apple Pay program), Apple sends some encrypted data from your phone to the bank, who will check whether to allow you to use Apple Pay or not. Let’s pretend they’re ok with it.
The bank then creates a token or Device Account Number (DAN) that is specific to your device and assigns a key to generate a unique security code for each transaction.
4. Token and key are then encrypted and sent back to Apple, where they get linked – without being read or processed by Apple – to the secure chip on your iPhone. At this point Apple doesn’t know you anymore. According to Apple, Apple “only stores a portion of your actual card numbers and a portion of your Device Account Numbers, along with a card description, to help you manage your cards”.
5. Now your device is ready for paying with Apple Pay.
Another specialty about Apple Pay is that the transaction itself is not special at all. Apple has made sure the process of the transaction looks exactly like paying with an NFC-enabled credit card. The big difference is that no credit card data, no customer data or any other personal data are being exchanged between the NFC terminal and your device. The only data that’s exchanged is transaction information (e.g. the price of the merchandise you bought), the Device Account Number and a unique, transaction-specific security code.
The credit card network or your bank will check if the Device Account Number is connected to the right device and if the TAN was generated with the right key, and then they will authorize the transaction.
That way no customer data or payment data will go back and forth, but only non-personal data and proxies that do not allow any conclusions about the customer. That will make the transaction more secure and privacy advocates happy.
Who is going to love Apple Pay, and why?
Customers and users will love Apple Pay, because they can pay for what they buy with a fingerprint.
Privacy advocates are going to love it because no credit card data or customer data will be going back and forth. A traditional credit card transaction is a lot more at risk of being hacked or abused. Through the combination of Device Account Number and TAN no direct link to the customer is visible. It’s like the license plate on my car – everyone can see it, but they don’t know who I am.
Apple is going to love Apple Pay because they will collect a small fee for every transaction, and because they don’t have anything to do with their customers’ personal data or payment data. Any abuse is the banks’ problem or the credit card companies’. Apple invested in the development of this technology and it operates a payment-enabling technology.
Apple Pay makes payments easier and more secure.
The exciting part is to follow, when new business models will be created around Apple Pay in the digital world, but we’re going to talk about that another time.