Apple Pay security and privacy overview
Find out how Apple protects your personal information, transaction data and payment information when you use Apple Pay.
Apple Pay allows you to make easy, secure and private transactions in shops, in apps and on the web. You can also send and receive money with friends and family using Apple Cash (US only). And with contactless rewards cards in Wallet, you can receive and redeem rewards when you pay using Apple Pay.
Apple Pay is designed with your security and privacy in mind, making it a simpler and more secure way to pay than using your physical credit, debit and prepaid cards. Apple Pay uses security features built in to the hardware and software of your device to help protect your transactions. In addition, to use Apple Pay, you must have a passcode set on your device and, optionally, Face ID, Touch ID, or Optic ID.
Apple Pay is also designed to protect your personal information. Apple doesn’t store or have access to the original credit, debit or prepaid card numbers that you use with Apple Pay. And when you use Apple Pay with credit, debit or prepaid cards, Apple doesn't retain any transaction information that can be tied back to you. Your transactions stay between you, the merchant or developer, and your bank or card issuer.
When you add credit, debit, prepaid or travel cards
When you add a credit, debit, prepaid or travel card (where available) to Apple Pay, information that you enter on your device is encrypted and sent to Apple servers. If you use the camera to enter the card information, the information is never saved on your device or photo library.
Apple decrypts the data, determines your card’s payment network and re-encrypts the data with a key that only your payment network (or any providers authorised by your card issuer for provisioning and token services) can unlock.
Information that you provide about your card, whether certain device settings are enabled, and device use patterns – such as the percentage of time the device is in motion and the approximate number of calls you make per week – may be sent to Apple to determine your eligibility to enable Apple Pay. Information may also be provided by Apple to your card issuer, payment network or any providers authorised by your card issuer to enable Apple Pay, to determine the eligibility of your card, to set up your card with Apple Pay and to prevent fraud.
After your card has been approved, your bank, your bank’s authorised service provider or your card issuer creates a device-specific Device Account Number, encrypts it and sends it along with other data (such as the key used to generate dynamic security codes that are unique to each transaction) to Apple. The Device Account Number can’t be decrypted by Apple but is stored in the Secure Element – an industry-standard, certified chip designed to store your payment information safely – on your device. Unlike with usual credit or debit card numbers, the card issuer can prevent its use on a magnetic stripe card, over the phone or on websites. The Device Account Number in the Secure Element is isolated from iOS, watchOS, macOS and visionOS, is never stored on Apple servers, and is never backed up to iCloud.
Apple doesn’t store or have access to the original card numbers of credit, debit or prepaid cards that you add to Apple Pay. Apple Pay only stores a portion of your actual card numbers and a portion of your Device Account Numbers, along with a card description. Your cards are associated with your Apple Account to help you add and manage your cards across your devices.
In addition, iCloud secures your Wallet data – such as passes and transaction information – by encrypting it when it's sent over the Internet and storing it in an encrypted format when it's kept on Apple’s servers. You can disable iCloud support on your device by going to Settings > [your name] > iCloud, and then, next to Saved to iCloud, tapping See All and turning off Wallet.
Find out more about how iCloud stores and protects your data
When you use Apple Pay in shops
When you use Apple Pay in stores that accept contactless payments, Apple Pay uses Near Field Communication (NFC) technology between your device and the payment terminal. NFC is an industry-standard, contactless technology that’s designed to only work across short distances. If your iPhone is on and detects an NFC field, it will present you with your default card. To send your payment information, you must authenticate using Face ID, Touch ID or your passcode (except when you use Express Mode with a payment or transit card). With Face ID or with Apple Watch, you must double-click the side button when the device is unlocked to activate your default card for payment.
After you've authenticated your transaction, the Secure Element provides your Device Account Number and a dynamic, transaction-specific security code to the shop’s point of sale terminal, along with additional information needed to complete the transaction. Again, neither Apple nor your device sends your actual payment card number. Before they approve the payment, your bank, card issuer or payment network can verify your payment information by checking the dynamic security code to make sure it’s unique and tied to your device.
When you use Apple Pay within apps or on the web
When you use an app or a website that uses Apple Pay in iOS, watchOS, macOS or visionOS, the app or website that you visit can check if you have Apple Pay enabled on that device. You can manage this option in Settings > Apps > Safari > Advanced on your iPhone, iPad or Apple Vision Pro, and in the Advanced tab in Safari settings on your Mac.
To securely transmit your payment information when you pay in apps or on the web, Apple Pay receives your encrypted transaction and re-encrypts it with a developer-specific key before the transaction information is sent to the developer or payment processor. This key helps ensure that only the app or the website that you're purchasing from can access your encrypted payment information. Websites must verify their domain every time they offer Apple Pay as a payment option. Like with in-store payments, Apple sends your Device Account Number to the app or website along with the transaction-specific dynamic security code. Neither Apple nor your device sends your actual payment card number to the app.
Apple retains anonymous transaction information, including the approximate purchase amount, app developer and app name, approximate date and time, and whether the transaction was completed successfully. Apple uses this data to improve Apple Pay and other products and services. Apple also requires apps and websites in Safari that use Apple Pay to have a privacy policy that you can view, which governs their use of your data.
When you use Apple Pay on your iPhone or Apple Watch to confirm a purchase from Safari on Mac, your Mac and the authorising device communicate over an encrypted channel via Apple servers. Apple doesn’t retain any of this information in a form that personally identifies you. You can disable the ability to use Apple Pay on your Mac in Settings on your iPhone. Go to Wallet & Apple Pay and turn off Allow Payments On Mac.
When you use Apple Pay on your iPhone or iPad to confirm a purchase initiated from a third-party browser on Mac, PC or other device, the initiating device and the authorising device communicate over an encrypted channel via Apple servers. Apple doesn't retain any of this information in a form that personally identifies you.
When you add and use rewards cards with Apple Pay transactions in shops
When you add contactless rewards cards to Wallet, all the information is stored on your device and encrypted with your passcode. You can choose to have a rewards card automatically presented for use in the merchant’s shops when you make an Apple Pay purchase (or you can turn off this setting in Wallet). Apple requires all information sent to the payment terminal to be encrypted. Rewards card information is only sent with your authorisation. And Apple doesn’t receive any information about the rewards transaction other than what's displayed on the pass. iCloud backs up your cards and keeps your rewards cards up to date on multiple devices.
If you sign up for a rewards card and provide information to the merchant, such as your name, postcode, email address and phone number, Apple will receive notification of the sign-up, but the information that you share will be sent directly from your device to the merchant and is treated in accordance with the merchant’s privacy policy.
If you lose your device and need to suspend or remove cards from Apple Pay
If you turned on Find My on your device, you can suspend Apple Pay by placing your device in Lost Mode instead of immediately cancelling your cards. If you find your device, you can re-enable Apple Pay.
You can go to your Apple Account page to remove the ability to make payments with the credit, debit and prepaid cards that you were using with Apple Pay on the device.
Erasing your device remotely using Find My also removes the ability to pay with the cards that you were using with Apple Pay. Your credit, debit and prepaid cards will be suspended from Apple Pay by your bank, your bank’s authorised service provider, your card issuer or your issuer's authorised service provider, even if your device is offline and not connected to a mobile or Wi-Fi network. If you find your device, you can add the cards again using Wallet.
In addition, you can call your bank or issuer to suspend your credit, debit or prepaid cards from Apple Pay. The ability to use rewards cards stored on your device is only removed if or when your device is online.
When you send and receive money with Apple Cash (US only)
Apple Cash allows you to send and receive money with other people in Messages and Wallet. When you receive money, it’s added to your Apple Cash card that can be used to make purchases using Apple Pay in shops, in apps and on the web. Person-to-person payments and the Apple Cash card are services provided by Apple’s partner bank, Green Dot Bank, member FDIC. You can learn how Green Dot Bank protects your information by reviewing their privacy policy.
When you set up Apple Cash, the same information as when you add a credit or debit card may be shared with Green Dot Bank and with Apple Payments Inc. Apple created Apple Payments Inc., a wholly owned subsidiary and licensed money transmitter, to protect your privacy. Your Apple Cash account registration information (name, address), balance, transaction amounts and who you send money to or receive money from are stored separately by Apple Payments Inc. in a way that the rest of Apple doesn’t know. Your personal data stored with Apple Payments Inc. is used only to provide you services that you request, for troubleshooting, regulatory purposes and to prevent fraud.
To verify your identity, you may be asked to provide information, including your name and address to the bank and their identity verification service provider. This information is only used for fraud prevention and to comply with US financial regulations. Your name and address is securely stored by the partner bank and Apple Payments Inc., but any additional information you’re asked to provide – such as National Insurance number, date of birth, answers to questions (e.g. confirm street name you have previously lived on) or a copy of your government ID – can’t be read by Apple.
When you use Apple Cash – including when you add money or transfer money to a bank account – our partner bank, Apple and Apple Payments Inc. may use and store information about you, your device and your account to process the transaction, for troubleshooting, to help prevent fraud and to comply with financial regulations. Apple may provide Apple Payments Inc. with approximate use patterns from your device about how frequently you communicate with that person by phone, email or in Messages. The content of your communication isn’t collected. This information is stored for a limited time, and in such a way that it is not linked to you unless the associated transaction is determined to require further analysis due to suspicious activity.
More information about using Apple Pay with your travel card
If you designate a travel card that you've added to Apple Pay as an Express Travel card, you can pay and travel without having to use Face ID, Touch ID or a passcode first. You can manage Express Travel on your iPhone in Settings > Wallet & Apple Pay, and on your Apple Watch via the Apple Watch app.
You can temporarily suspend travel cards by using Find My to place your device into Lost Mode. Or you can remove travel cards by erasing your device remotely using Find My or by removing all cards from your Apple Account page. Travel cards can't be removed or suspended if your device is offline.
Find out more
You can see more details about Apple Pay and privacy directly on your device. Go to Wallet & Apple Pay in Settings on your iPhone and tap "See how your data is managed". On your Mac, go to Wallet & Apple Pay in System Settings and click Apple Pay & Privacy.
You can find out even more about how Apple protects your data and personal information by reviewing the Apple Platform Security Guide and Apple's Privacy Policy.
Apple Pay is a service provided by certain Apple affiliates, as designated by the Apple Pay privacy notice. Neither Apple Inc. nor its affiliates are a bank. Any card used in Apple Pay is offered by the card issuer.
Apple Cash services are provided by Green Dot Bank, Member FDIC. Apple Payments Services LLC, a subsidiary of Apple Inc., is a service provider of Green Dot Bank for Apple Cash accounts. Neither Apple Inc. nor Apple Payments Services LLC is a bank. Find out more about the Terms and Conditions. Only available in the US on eligible devices. To send and receive money with an Apple Cash account, you must be 18 and a US resident. If you're under 18, your family organiser can set up Apple Cash for you as part of their Apple Cash Family account, but you may not be able to access features that require a supported payment card. Security checks may require more time to make funds available. Apple Cash Family accounts can only send or receive up to USD 2000 within a rolling seven-day period. Tap to Cash transactions can only be used to send or receive up to USD 2000 within a rolling seven-day period. Other limits apply, see Terms and Conditions for details. To access and use all Apple Cash features, you must have an eligible device with Wallet that has the latest version of iOS.