Apple Pay security certifications
Security certificates for Apple Pay in Europe
The Revised Payment Services Directive (PSD2, Directive (EU) 2015/2366) is an EU Directive administered by the European Commission to regulate payment services and payment service providers (PSPs) throughout the European Union (EU) and European Economic Area (EEA). To increase the security of electronic payments, PSD2 contains a set of requirements for payment service providers to ensure that electronic payments are performed with multi-factor authentication (Strong Customer Authentication) and the authentication code is specific to the transaction amount and payee (Dynamic Linking). These requirements came into force in September 2019, with a final implementation deadline of 31 December 2020.
As provider of Apple Pay technology, Apple must ensure that its technology can support the application of Strong Customer Authentication (SCA) and Dynamic Linking by PSPs (such as banks) when their customers use Apple Pay. To do this, Apple engages independent, accredited, third-party labs to evaluate and audit the security measures for Apple Pay according to the Common Criteria certification methodology. The evaluations are then approved by certification bodies that issue Common Criteria certifications. The certifications serve to demonstrate that the various Apple devices (iPhone, Mac, Apple Watch) that support Apple Pay also support the required processes for both card provisioning and payment transactions.
Product / Certification date | Scheme ID / Documents | Compliance |
|---|---|---|
Product: Strong Customer Authentication for Apple Pay on MacBook Air 2023 with M2 using macOS Ventura 13.3.1 Certification date: 12-04-2024 | Scheme ID: CCN-2023-09 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on Mac mini with M2 and Magic Keyboard with Touch ID with macOS Ventura 13.3.1 Certification date: 2023-12-28 | Scheme ID: NSSI-CC-2023/61 Apple documents: | Compliance: EAL2+ ADV_FSP.3 |
Product: Strong Customer Authentication for Apple Pay on Apple Watch with S8 running watchOS 9.4 Certification date: 19-01-2024 | Scheme ID: ANSSI-CC-2023/60 Apple documents: | Compliance: EAL2+ ADV_FSP.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone 14 Pro with A16 Bionic using iOS 16.4.1 Certification date: 2023-12-28 | Scheme ID: ANSSI-CC-2023/59 Apple documents: | Compliance: EAL2+ ADV_FSP.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone SE (3rd generation) with A15 Bionic using iOS 16.4.1 Certification date: 2023-12-28 | Scheme ID: ANSSI-CC-2023/58 Apple documents: | Compliance: EAL2+ ADV_FSP.3 |
Product: Strong Customer Authentication for Apple Pay on Mac mini with M1 and Magic Keyboard with Touch ID with macOS Monterey 12.3.1 Certification date: 27-03-2023 | Scheme ID: ANSSI-CC-2023/19 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone 13 with A15 Bionic running iOS 15.4.1 Certification date: 27-03-2023 | Scheme ID: ANSSI-CC-2023/18 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on Apple Watch with S7 running watchOS 8.5.1 Certification date: 27-03-2023 | Scheme ID: ANSSI-CC-2023/17 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on MacBook Air 2020 with M1 running macOS Monterey 12.3.1 Certification date: 27-03-2023 | Scheme ID: ANSSI-CC-2023/16 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone SE (2nd generation) with A13 Bionic running iOS 15.4.1 Certification date: 27-03-2023 | Scheme ID: ANSSI-CC-2023/15 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on Apple Watch with S4 using watchOS 7.4.1 Certification date: 01-03-2023 | Scheme ID: ANSSI-CC-2023/13 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on MacBook Air 2020 with M1 using macOS Big Sur 11.3.1 Certification date: 28-09-2022 | Scheme ID: ANSSI-CC-2022/44 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone SE (2nd generation) using iOS 14.5.1 Certification date: 19-01-2022 | Scheme ID: ANSSI-CC-2022/05 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Product: Strong Customer Authentication for Apple Pay on iPhone with A12 Bionic using iOS 14.5.1 Certification date: 19-01-2022 | Scheme ID: ANSSI-CC-2022/04 Apple documents: | Compliance: EAL2+ ADV_FSP.3 ALC_FLR.3 |
Security certificates for Apple Pay in China
The Apple Pay Trusted Execution Environment (TEE) certification programme in China is conducted on an annual basis, and is based on JR/T 0156-2017 Mobile terminal payment trusted environment specification (the specification), a financial industrial standard published by People’s Bank of China in 2017. The introduction of the specification helps improve the security of mobile terminal payment, promotes the integration and development of financial and information technology, and is of great significance in preventing telecommunication and financial fraud in China.
Apple Pay is a technical platform designed to enable card issuers to use technology on Apple devices and associated application programming interfaces (APIs) to facilitate secure contactless and e-commerce payments for their customers using credit, debit and pre-paid cards from the card issuers. The TEE certification programme clarifies the definition of the trusted environment for mobile terminal payment, and specifies the overall architecture of the trusted environment, trusted execution environment, communication security, data security and client-side payment applications. Every year, Apple engages entitled third-party test labs to evaluate the effectiveness of security controls based on the requirements outlined in the specification. The certification itself is issued by National Financial Technology Certification Center (Beijing), and validated annually.
Operating system / Validation or renewal dates | Certificates/Documents | Module info |
|---|---|---|
Operating system: iOS 16.0 Validation dates: 18-05-2023 to 17-05-2026 | Certificates: NFTC202302910046 (P.R. China: Technology Certification of Mobile Financial Service) | Title: Mobile Terminal Trusted Execution Environment Specification: JR/T 0156-2017 |
Operating system: iOS 14.5 Renewal date: 27-12-2021 | Certificates: CFNR201902910002 (P.R. China: Technology Certification of Mobile Financial Service) | Title: Mobile Terminal Trusted Execution Environment Specification: JR/T 0156-2017 |
Operating system: iOS 13.5.1 Validation dates: 07-12-2019 to 26-12-2022 | Certificates: CFNR201902910002 (P.R. China: Technology Certification of Mobile Financial Service) | Title: Mobile Terminal Trusted Execution Environment Specification: JR/T 0156-2017 |
For questions about Apple Security and Privacy Certifications, contact security-certifications@apple.com.