1(630)802-8605 Ravi.das@bn-inc.net

In today’s blog, we provide an overview into Apple Pay, which is right now the leading platform for Virtual Payments.

So, what is Apple Pay exactly all about?  It is essentially the mobile app which can be downloaded and installed onto your iPhone or even your iPad.  Because it is deemed to have more robust Security than other dominant Mobile Wallets (such as that of Google Wallet), Apple Pay is actually supported by the major banks worldwide.  These includes the likes of JP Morgan Chase, Bank of America Corporation, and Citigroup, Inc.

After the end user has downloaded the mobile app, and has entered in their financial information (such as that of credit card number or bank account), he or she can now start to make payments with their iPhone or iPad.

In order to initiate the actual process, Apple has established what is known as a “Two Factor”, or “2FA” Authentication approach.

First, the individual must enter their Passcode.  Once this has been accepted, the end user is then prompted to have their identity further confirmed through the use of Touch ID, which is the Fingerprint Recognition embedded into the iPhone or the iPad.  An example of this illustrated above.

It should be noted, that the only time that your credit card or banking information is ever stored in Apple Pay is when you first enter it into the mobile app.  Also, you can take a picture of your credit card as well, and upload that into Apple Pay as well.

If this particular method is utilized, this image is fully encrypted and sent over to the servers at Apple for decryption.  From here, the credit card information is then checked for the authenticity and the issuer of the credit card.

After this process has been completed, Apple then re-encrypts the credit card information, with a Public Key/Private Key combination of which only the credit card issuer or network can unlock.

Other encrypted information and data is sent as well, such as your iTunes transaction history. Ultimately, the credit card issuer then either allow or deny the specific credit card to be used in Apple Pay.

If the credit card has been approved to be used in Apple Pay, a “Device Account Number” (also known as a “DAN”).  This is a Cryptographic Token which is assigned to each and every iPhone or iPad which makes use of Apple Pay.

This is then used to generate dynamic Security Codes which will become unique to each transaction that the end user engages in.  In a way, this is very similar to the transactions with credit cards that are Security chip enabled.

In more technical terms, a Cryptogram is generated in the Near Field Communications wireless stream between the antennae which is embedded in the iPhone and the reader at the Point of Sale Terminal.  This Cryptogram is then ultimately transmitted back the credit card issuer for the approval or denial of the Apple Pay transaction.

We review this last part in more technical detail in tomorrow’s blog.  Stay tuned!