Apple Pay security and privacy overview

Learn how Apple protects your personal information, transaction data, and payment information when you use Apple Pay.

Apple Pay allows you to make easy, secure, and private transactions in stores, in apps, and on the web. You can also send and receive money with friends and family using Apple Pay in Messages (U.S. only). And with contactless rewards cards in Wallet, you can receive and redeem rewards when paying with Apple Pay. Apple Pay is designed with your security and privacy in mind, making it a simpler and more secure way to pay than using your physical credit, debit, and prepaid cards.

Apple Pay uses security features built-in to the hardware and software of your device to help protect your transactions. In addition, to use Apple Pay, you must have a passcode set on your device and, optionally, Face ID or Touch ID. You can use a simple passcode, or you can set a more complex passcode for even greater security. 

Apple Pay is also designed to protect your personal information. Apple doesn’t store or have access to the original credit, debit, or prepaid card numbers that you use with Apple Pay. And when you use Apple Pay with credit, debit, or prepaid cards, Apple doesn't retain any transaction information that can be tied back to you—your transactions stay between you, the merchant or developer, and your bank or card issuer.

When you add credit, debit, prepaid, or transit cards

When you add a credit, debit, prepaid, or transit card (where available) to Apple Pay, information that you enter on your device is encrypted and sent to Apple servers. If you use the camera to enter the card information, the information is never saved on your device or photo library.

Apple decrypts the data, determines your card’s payment network, and re-encrypts the data with a key that only your payment network (or any providers authorized by your card issuer for provisioning and token services) can unlock.

Information that you provide about your card, whether certain device settings are enabled, and device use patterns—such as the percent of time the device is in motion and the approximate number of calls you make per week—may be sent to Apple to determine your eligibility to enable Apple Pay. Information may also be provided by Apple to your card issuer, payment network, or any providers authorized by your card issuer to enable Apple Pay, to determine the eligibility of your card, to set up your card with Apple Pay, and to prevent fraud.

After your card is approved, your bank, your bank’s authorized service provider, or your card issuer creates a device-specific Device Account Number, encrypts it, and sends it along with other data (such as the key used to generate dynamic security codes that are unique to each transaction) to Apple. The Device Account Number can’t be decrypted by Apple but is stored in the Secure Element—an industry-standard, certified chip designed to store your payment information safely—on your device. Unlike with usual credit or debit card numbers, the card issuer can prevent its use on a magnetic stripe card, over the phone, or on websites. The Device Account Number in the Secure Element is isolated from iOS, watchOS, and macOS, is never stored on Apple servers, and is never backed up to iCloud.

Apple doesn’t store or have access to the original card numbers of credit, debit, or prepaid cards that you add to Apple Pay. Apple Pay stores only a portion of your actual card numbers and a portion of your Device Account Numbers, along with a card description. Your cards are associated with your Apple ID to help you add and manage your cards across your devices.

In addition, iCloud secures your Wallet data—like passes and transaction information—by encrypting it when it's sent over the Internet and storing it in an encrypted format when it's kept on Apple’s servers. You can disable iCloud support on your device by going to Settings > [your name] > iCloud and turning off Wallet. Learn more about how iCloud stores and protects your data.

When you use Apple Pay in stores

When you use Apple Pay in stores that accept contactless payments, Apple Pay uses Near Field Communication (NFC) technology between your device and the payment terminal. NFC is an industry-standard, contactless technology that’s designed to work only across short distances. If your iPhone is on and detects an NFC field, it will present you with your default card. To send your payment information, you must authenticate using Face ID, Touch ID, or your passcode (except in Japan if you designate a Suica card for Express Transit). With Face ID or with Apple Watch, you must double-click the side button when the device is unlocked to activate your default card for payment.

After you authenticate your transaction, the Secure Element provides your Device Account Number and a transaction-specific dynamic security code to the store’s point of sale terminal along with additional information needed to complete the transaction. Again, neither Apple nor your device sends your actual payment card number. Before they approve the payment, your bank, card issuer, or payment network can verify your payment information by checking the dynamic security code to make sure that it’s unique and tied to your device.

When you use Apple Pay within apps or on the web

When you use an app or a website that uses Apple Pay in iOS, watchOS, or macOS, the app or website can check if you have Apple Pay enabled on that device. You can manage this option in Settings > Safari on your iOS device, and in the Privacy tab in Safari preferences on your Mac.

To securely transmit your payment information when you pay in apps or on the web, Apple Pay receives your encrypted transaction and re-encrypts it with a developer-specific key before the transaction information is sent to the developer or payment processor. This key helps ensure that only the app or the website that you’re purchasing from can access your encrypted payment information. Websites must verify their domain every time they offer Apple Pay as a payment option. Like with in-store payments, Apple sends your Device Account Number to the app or website along with the transaction-specific dynamic security code. Neither Apple nor your device sends your actual payment card number to the app.

Apple retains anonymous transaction information, including the approximate purchase amount, app developer and app name, approximate date and time, and whether the transaction completed successfully. Apple uses this data to improve Apple Pay and other products and services. Apple also requires apps and websites in Safari that use Apple Pay to have a privacy policy that you can view which governs their use of your data.

When you use Apple Pay on your iPhone or Apple Watch to confirm a purchase from your Mac in Safari, your Mac and the authorizing device communicate over an encrypted channel via Apple servers. Apple doesn’t retain any of this information in a form that personally identifies you. You can disable the ability to use Apple Pay on your Mac in Settings on your iPhone. Go to Wallet & Apple Pay and turn off Allow Payments On Mac.

When you add and use rewards cards with Apple Pay transactions in stores

When you add contactless rewards cards to Wallet, all the information is stored on your device and encrypted with your passcode. You can choose to have a rewards card automatically presented for use in the merchant’s stores when you make an Apple Pay purchase (or you can turn off this setting in Wallet). Apple requires all information sent to the payment terminal to be encrypted. Rewards card information is sent only with your authorization. And Apple doesn’t receive any information about the rewards transaction other than what's displayed on the pass. iCloud backs up your cards and keeps your rewards cards up-to-date on multiple devices.

If you sign up for a rewards card and provide information to the merchant, such as your name, postal code, email address, and phone number, Apple will receive notification of the signup, but the information that you share will be sent directly from your device to the merchant and is treated in accordance with the merchant’s privacy policy.

If you lose your device and need to suspend or remove cards from Apple Pay

If you turned on Find My iPhone on your device, you can suspend Apple Pay by placing your device in Lost Mode instead of immediately canceling your cards. If you find your device, you can reenable Apple Pay.

You can go to your Apple ID account page to remove the ability to make payments with the credit, debit, and prepaid cards that you were using with Apple Pay on the device.

Erasing your device remotely using Find My iPhone also removes the ability to pay with the cards that you were using with Apple Pay. Your credit, debit, and prepaid cards will be suspended from Apple Pay by your bank, your bank’s authorized service provider, your card issuer, or your issuer's authorized service provider, even if your device is offline and not connected to a cellular or Wi-Fi network. If you find your device, you can add the cards again using Wallet.

In addition, you can call your bank or issuer to suspend your credit, debit, or prepaid cards from Apple Pay. Suica cards can't be suspended if your device is offline (more information below). The ability to use rewards cards stored on your device is removed only if or when your device is online.

When you send and receive money with Apple Pay or use Apple Pay Cash (U.S. only)

Apple Pay allows you to send and receive money with other people in Messages. When you receive money, it’s added to your Apple Pay Cash card that can be used to make purchases using Apple Pay in stores, in apps, and on the web. Person to person payments and the Apple Pay Cash card are services provided by Apple’s partner bank, Green Dot Bank, member FDIC. You can learn how Green Dot Bank protects your information by reviewing their privacy policy at applepaycash.greendot.com/privacy/.

When you set up Apple Pay Cash, the same information as when you add a credit or debit card may be shared with Green Dot Bank and with Apple Payments Inc. Apple created Apple Payments Inc., a wholly-owned subsidiary, to protect your privacy by storing and processing information about your Apple Pay Cash transactions separately from the rest of Apple, in a way that the rest of Apple doesn’t know. This information is used only for troubleshooting, regulatory purposes, and to prevent fraud for Apple Pay Cash.

To verify your identity, you may be asked to provide information including your name and address to the bank and their identity verification service provider. This information is used only for fraud prevention and to comply with U.S. financial regulations. Your name and address is securely stored by the partner bank and Apple Payments Inc., but any additional information that you’re asked to provide—such as social security number, date of birth, answers to questions (e.g., confirm street name you have previously lived on), or a copy of your government ID—can’t be read by Apple.

When you use Apple Pay Cash—including when you add money or transfer money to a bank account—our partner bank, Apple, and Apple Payments Inc. may use and store information about you, your device, and your account to process the transaction, for troubleshooting, to help prevent fraud, and to comply with financial regulations. Apple may provide Apple Payments Inc. with approximate use patterns from your device about how frequently you communicate with that person by phone, email, or in Messages. The content of your communication isn’t collected. This information is stored for a limited time, and in such a way that it is not linked to you unless the associated transaction is determined to require further analysis due to suspicious activity. You can view transactions that required further analysis in the list of your Apple Pay Cash card transactions.

More information about using Apple Pay with your transit card

If you designate a transit card that you added to Apple Pay as an Express Transit card, you can pay and ride without having to use Face ID, Touch ID, or a passcode first. You can manage Express Transit on your iPhone in Settings > Wallet & Apple Pay, and on your Apple Watch via the Apple Watch app.

You can temporaily suspend transit cards by using Find My iPhone to place your device into Lost Mode. Or you can remove transit cards by erasing your device remotely using Find My iPhone or by removing all cards from your Apple ID account page. Transit cards can't be removed or suspended if your device is offline.

Learn more

You can see more details about Apple Pay and privacy right on your device. Go to Wallet & Apple Pay in Settings on your iOS device and tap "See how your data is managed." On your Mac, go to Wallet & Apple Pay in System Preferences  and click Apple Pay & Privacy.

You can learn even more about how Apple protects your data and personal information by reviewing the iOS Security Guide and Apple privacy policy.

Published Date: Thu Apr 26 18:31:31 GMT 2018