Card provisioning security overview
When a user adds a credit, debit, or prepaid card (including store cards) to Apple Wallet, Apple securely sends the card information, along with other information about user’s account and device, to the card issuer or card issuer’s authorized service provider (usually the payment network). Using this information, the card issuer (or its service provider) determines whether to approve the user’s request to add the card to Apple Wallet. As part of the card provisioning process, Apple Pay uses three server-side calls to send and receive communication with the card issuer or payment network:
Required Fields
Check Card
Link and Provision
The card issuer or payment network uses these calls to enable the card issuer to verify, approve, and add cards to Apple Wallet. These client-server sessions use TLS 1.2 or later to transfer the data.
Full card numbers aren’t stored on the device or on Apple Pay servers. Instead, a unique Device Account Number is created by the card issuer, sent encrypted to Apple, and then stored in the Secure Element. This unique Device Account Number is encrypted in such a way that Apple can’t access it. The Device Account Number is unique and different from most credit or debit card numbers, in that the card issuer or payment network can prevent its use on a magnetic stripe card, over the phone, or on websites. The Device Account Number in the Secure Element is never stored on Apple Pay servers or backed up to iCloud, and it’s isolated from:
Devices that use biometric authentication
Apple Watch
Mac computers with Apple silicon that use the Magic Keyboard with Touch ID
Users can add cards to Apple Watch for Apple Pay using either the Watch app on their iPhone or the card issuer’s app. To add a card to Apple Watch:
When paired with an iPhone: The watch must be within Bluetooth communications range
When set up without an iPhone: The watch must have internet access using Wi-Fi
Cards are specifically enrolled for use with Apple Watch and have their own Device Account Numbers, which are stored within the Secure Element on the Apple Watch.
When credit, debit, or prepaid cards (including store cards) are added, they appear in a list of cards during Setup Assistant on devices that are signed in to the same iCloud account. These cards remain in this list for as long as they are active on at least one device. Cards are removed from this list after they have been removed from all devices for 7 days. This feature requires two-factor authentication to be enabled on the respective iCloud account.