Similar Posts

One Comment

  1. Also look at the Apple Pay Servers and how the cards are provisioned, if this is messed up it can’t be fixed and a new card must be issued.

    When a user adds a credit, debit or pre-paid card (including store cards) to Apple Wallet, Apple securely sends the card information, along with other information about user’s account and device, to the card issuer or card issuer’s authorised service provider. Using this information, the card issuer determines whether to approve adding the card to Apple Wallet. As part of the card provisioning process, Apple Pay uses three server-side calls to send and receive communication with the card issuer or network:

    Required Fields

    Check Card

    Link and Provision

    The card issuer or network uses these calls to verify, approve and add cards to Apple Wallet. These client-server sessions use TLS 1.2 to transfer the data.

    Full card numbers aren’t stored on the device or on Apple Pay servers. Instead, a unique Device Account Number is created, encrypted and then stored in the Secure Element. This unique Device Account Number is encrypted in such a way that Apple can’t access it. The Device Account Number is unique and different from most credit or debit card numbers; the card issuer or payment network can prevent its use on a magnetic stripe card, over the phone or on websites. The Device Account Number in the Secure Element is never stored on Apple Pay servers or backed up to iCloud, and it is isolated from iOS, iPadOS and watchOS devices, and from Mac computers with Touch ID.

Leave a Reply

Your email address will not be published. Required fields are marked *