Apple Platform Security
-
Welcome
-
Introduction
-
-
Services security overview
-
-
Apple Pay overview
-
Apple Pay components
-
Secure Element and NFC controller
-
Payment authorization
-
Transaction-specific dynamic security code
-
Pay with credit and debit cards in stores
-
Pay with credit and debit cards within apps
-
Paying with credit and debit cards on the web
-
Contactless passes
-
Render cards unusable
-
Suspending, removing, and erasing cards
-
Apple Cash
-
Transit cards
-
Credit and debit cards for transit
-
Student ID cards
-
-
Business Chat
-
FaceTime
-
-
-
Developer Kits overview
-
-
HomeKit identity
-
Communication with HomeKit accessories
-
Local data storage
-
Data synchronization between devices and users
-
Home data and apps
-
HomeKit and Siri
-
HomeKit IP cameras
-
HomeKit routers
-
iCloud remote access for HomeKit accessories
-
HomeKit TV Remote accessories
-
Apple TV profiles for HomeKit homes
-
-
CloudKit
-
SiriKit
-
DriverKit
-
Camera and ARKit
-
-
-
Secure device management overview
-
Pairing model
-
Passcode and password settings management
-
Configuration enforcement
-
Mobile device management (MDM)
-
Automated Device Enrollment
-
Apple Configurator 2
-
Device supervision
-
Device restrictions
-
Activation Lock
-
Lost Mode, remote wipe, and remote lock
-
Screen Time
-
-
Glossary
-
Document Revision History
-
Copyright

Credit, debit, and prepaid card provisioning overview with Apple Pay
When a user adds a credit, debit, or prepaid card (including store cards) to Apple Wallet, Apple securely sends the card information, along with other information about user’s account and device, to the card issuer or card issuer’s authorized service provider. Using this information, the card issuer determines whether to approve adding the card to Apple Wallet.
As part of the card provisioning process, Apple Pay uses three server-side calls to send and receive communication with the card issuer or network: Required Fields, Check Card, and Link and Provision. The card issuer or network uses these calls to verify, approve, and add cards to Apple Wallet. These client-server sessions are encrypted using TLS v1.2.
Full card numbers aren’t stored on the device or on Apple Pay servers. Instead, a unique Device Account Number is created, encrypted, and then stored in the Secure Element. This unique Device Account Number is encrypted in such a way that Apple can’t access it. The Device Account Number is unique and different from most credit or debit card numbers; the card issuer or payment network can prevent its use on a magnetic stripe card, over the phone, or on websites. The Device Account Number in the Secure Element is never stored on Apple Pay servers or backed up to iCloud, and it is isolated from iOS, iPadOS, watchOS, and Mac computers with Touch ID.
Cards for use with Apple Watch are provisioned for Apple Pay using the Apple Watch app on iPhone, or within a card issuer’s iPhone app. Adding a card to Apple Watch requires that the watch be within Bluetooth communications range. Cards are specifically enrolled for use with Apple Watch and have their own Device Account Numbers, which are stored within the Secure Element on the Apple Watch.
When credit, debit, or prepaid cards (including store cards) are added, they appear in a list of cards during Setup Assistant on devices that are signed in to the same iCloud account. These cards remain in this list for as long as they are active on at least one device. Cards are removed from this list after they have been removed from all devices for 7 days. This feature requires two-factor authentication to be enabled on the respective iCloud account.