Here are the actions that take place in the background when you add a new payment card (either a credit or a debit card) to Apple Pay.
The DAN is a permanent, one-of-a-kind number that does not change. The DAN serves as a stand-in for the actual card number (PAN) and personal information. Any transaction records for transactions made using Apply Pay will not include your credit card’s last four numbers. Rather, the last four digits of the DAN will be shown in the transaction records. Apple Pay does not save actual credit card details on the device or Apple servers, and payment token data is never retained on their cloud servers(The Payment Token, i.e. DAN, is exclusively stored on the iPhone’s Secure Element (SE). Furthermore, Apple Pay does not retain actual card data within the Secure Element (SE).
When you use Apple Pay on your iPhone, it sends payment data to the contactless POS terminal through NFC. Apple Pay transmits data from your iPhone to the contactless reader terminal using EMVCo’s contactless suite of requirements.
When you pay with Apple Pay, you use your biometric to verify yourself to the iPhone’s Secure Element (SE) (i.e. fingerprint, face id or PIN). The authentication method simply authenticates you to the Secure Element (SE) and grants Apple Pay access to the Secure Element’s data (SE).
When you authenticate yourself to the iPhone, the Secure Element performs the following actions:
(a) produces a Dynamic Cryptogram
(b) produces a Dynamic CVV
The Payment Token is then passed by the Secure Element. The Secure Element then uses NFC to send the Payment Token (DAN), the Dynamic Cryptogram (also known as the One-time Unique Number), the Dynamic CVV Value (also known as the Dynamic Security Code), and other payment and chip data components to the POS terminal. This request is sent by the POS to the Merchant Bank, which then passes it to the Payment Network.
Based on the BIN tables, the Payment Network determines that the request is a Payment Token and not a genuine PAN. As a result, the Payment Network sends the Payment Token and the Dynamic Cryptogram to the Token Service Provider (TSP) to receive the associated PAN.
The Payment Token (DAN) and Dynamic Cryptogram are delivered to the Token Service Provider. The request is validated by decoding the Dynamic Cryptogram using the secret Payment-Token-Key. Once the request has been confirmed, the TSP searches the Token Vault for the PAN associated with the Payment Token and returns the customer’s true PAN to the Payment Network. It now sends the PAN, transaction information, and Dynamic CVV to the Issuer Bank for transaction authorization.
The request is validated by the Issuer Bank using its private key to interpret the Dynamic CVV. After validating the Dynamic CVV, the Issuer Bank compares the customer’s credit balance to the transaction amount and “authorizes” the request.
The Issuer bank sends the “authorization” answer to the Payment Network, which sends it back to the Merchant Bank and then to the POS terminal, and your transaction is accepted at the POS. The POS further sends this to the iPhone through NFC, and you get a confirmation that the transaction was successful.
The entire procedure takes less than a handful of seconds. You’ll also observe that the real PAN and customer information are never transferred to or from the POS during the foregoing procedure. As a result, the transactions are incredibly secure.
Introduction Early Life and Education: Kashyata is an anchor, presenter, and voiceover artist. She has…
The Tirumala Tirupati Devasthanams (TTD), which manages the Tirumala Venkateswara Temple in Tirupati, has decided…
Nikita Porwal from Madhya Pradesh won the title of Femina Miss India 2024 on 16th…
Riddhima Brahmbhatt, a multi-faceted professional from Ahmedabad, Gujarat, has made a significant mark in the…
Sakshi Mandwal has been associated with all frontiers of media for the last 15 years.…
Sakshi Mandwal Featured on Exhibition Showcase magazine (2018 edition) as a special feature story, highlighting…