Apple Pay security certifications
Security certificates for Apple Pay in Europe
The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366) is an EU Directive, administered by the European Commission to regulate payment services and payment service providers (PSPs) throughout the European Union (EU) and European Economic Area (EEA). To increase the security of electronic payments, PSD2 contains a set of requirements for payment service providers to ensure that electronic payments are performed with multi-factor authentication (Strong Customer Authentication) and the authentication code is specific to the transaction amount and payee (Dynamic Linking). These requirements came into force in September 2019, with a final implementation deadline of December 31, 2020.
As provider of Apple Pay technology, Apple must ensure that its technology can support the application of Strong Customer Authentication (SCA) and Dynamic Linking by PSPs (such as banks) when their customers use Apple Pay. To do this, Apple engages independent accredited third-party labs to evaluate and audit the security measures for Apple Pay, according to the Common Criteria certification methodology. The evaluations are then approved by certification bodies that issue Common Criteria certifications. The certifications serve to demonstrate that the various Apple devices (iPhone, Mac, Apple Watch) that support Apple Pay also support the required processes for both card provisioning and payment transactions.
Product / Certification date | Scheme ID / Documents | Compliance |
---|---|---|
Product: Strong Customer Authentication for Apple Pay on MacBook Air 2023 with M2 running macOS Ventura 13.3.1 Certification date: TBD | Scheme ID: TBD Apple documents: Certificate Security Target Guidance | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on Mac mini with M2 and Magic keyboard with Touch ID running macOS Ventura 13.3.1 Certification date: 2023-12-28 | Scheme ID: NSSI-CC-2023/61 Apple documents: Guidance | Compliance: EAL2+ ADV_FSP.3 |
Product: Strong Customer Authentication for Apple Pay on Apple Watch with S8 running watchOS 9.4 Certification date: 2024-1-19 | Scheme ID: ANSSI-CC-2023/60 Apple documents: Guidance | Compliance: EAL2+ ADV_FSP.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone 14 Pro with A16 Bionic running iOS 16.4.1 Certification date: 2023-12-28 | Scheme ID: ANSSI-CC-2023/59 Apple documents: Guidance | Compliance: EAL2+ ADV_FSP.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone SE (3rd generation) with A15 Bionic running iOS 16.4.1 Certification date: 2023-12-28 | Scheme ID: ANSSI-CC-2023/58 Apple documents: Guidance | Compliance: EAL2+ ADV_FSP.3 |
Product: Strong Customer Authentication for Apple Pay on Mac mini with M1 and Magic keyboard with Touch ID running macOS Monterey 12.3.1 Certification date: 2023-03-27 | Scheme ID: ANSSI-CC-2023/19 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone 13 with A15 Bionic running iOS 15.4.1 Certification date: 2023-03-27 | Scheme ID: ANSSI-CC-2023/18 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on Apple Watch with S7 running watchOS 8.5.1 Certification date: 2023-03-27 | Scheme ID: ANSSI-CC-2023/17 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on MacBook Air 2020 with M1 running macOS Monterey 12.3.1 Certification date: 2023-03-27 | Scheme ID: ANSSI-CC-2023/16 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone SE (2nd generation) with A13 Bionic running iOS 15.4.1 Certification date: 2023-03-27 | Scheme ID: ANSSI-CC-2023/15 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on Apple Watch with S4 using watchOS 7.4.1 Certification date: 2023-03-01 | Scheme ID: ANSSI-CC-2023/13 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on MacBook Air 2020 with M1 using macOS Big Sur 11.3.1 Certification date: 2022-09-28 | Scheme ID: ANSSI-CC-2022/44 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone SE (2nd generation) using iOS 14.5.1 Certification date: 2022-01-19 | Scheme ID: ANSSI-CC-2022/05 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone with A12 Bionic using iOS 14.5.1 Certification date: 2022-01-19 | Scheme ID: ANSSI-CC-2022/04 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Security certificates for Apple Pay in China
The Apple Pay Trusted Execution Environment (TEE) certification program in China is conducted on an annual basis, and is based on JR/T 0156-2017 Mobile terminal payment trusted environment specification (the specification), a financial industrial standard published by People’s Bank of China in 2017. The introduction of the specification helps improve the security of mobile terminal payment, promotes the integration and development of financial and information technology, and is of great significance in preventing telecommunication and financial fraud in China.
Apple Pay is a technical platform designed to enable card issuers to use technology on Apple devices and associated application programming interfaces (APIs) to facilitate secure contactless and e-commerce payments for their customers using credit, debit and prepaid cards from the card issuers. The TEE certification program clarifies the definition of the trusted environment for mobile terminal payment, and specifies the overall architecture of the trusted environment, trusted execution environment, communication security, data security, and client-side payment applications. Every year, Apple engages entitled third-party test labs to evaluate the effectiveness of security controls based on the requirements outlined in the specification. The certification itself is issued by National Financial Technology Certification Center (Beijing) and validated annually.
Operating system / Validation or renewal dates | Certificates / Documents | Module info |
---|---|---|
Operating system: iOS 16.0 Validation dates: 2023-05-18 to 2026-05-17 | Certificates: NFTC202302910046 (P.R. China: Technology Certification of Mobile Financial Service) | Title: Mobile Terminal Trusted Execution Environment Specification: JR/T 0156-2017 |
Operating system: iOS 14.5 Renewal date: 2021-12-27 | Certificates: CFNR201902910002 (P.R. China: Technology Certification of Mobile Financial Service) | Title: Mobile Terminal Trusted Execution Environment Specification: JR/T 0156-2017 |
Operating system: iOS 13.5.1 Validation dates: 2019-12-07 to 2022-12-26 | Certificates: CFNR201902910002 (P.R. China: Technology Certification of Mobile Financial Service) | Title: Mobile Terminal Trusted Execution Environment Specification: JR/T 0156-2017 |
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.