Card provisioning security overview
When a user adds a credit, debit or pre-paid card (including store cards) to Apple Wallet, Apple securely sends the card information, along with other information about the user’s account and device, to the card issuer or card issuer’s authorised service provider (usually the payment network). Using this information, the card issuer (or its service provider) determines whether to approve adding the card to Apple Wallet. As part of the card provisioning process, Apple Pay uses three server-side calls to send and receive communication with the card issuer or payment network:
Required Fields
Check Card
Link and Provision
The card issuer or payment network uses these calls to enable the card issuer to verify, approve and add cards to Apple Wallet. These client-server sessions use TLS 1.2 to transfer the data.
Full card numbers aren’t stored on the device or on Apple Pay servers. Instead, a unique Device Account Number is created, encrypted and then stored in the Secure Element. This unique Device Account Number is encrypted in such a way that Apple can’t access it. The Device Account Number is unique and different from most credit or debit card numbers; the card issuer or payment network can prevent its use on a magnetic stripe card, over the phone or on websites. The Device Account Number in the Secure Element is never stored on Apple Pay servers or backed up to iCloud, and is isolated from iOS, iPadOS and watchOS devices as well as from Mac computers with Touch ID and Mac computers with Apple silicon that use the Magic Keyboard with Touch ID.
Cards for use with Apple Watch are provisioned for Apple Pay using the Apple Watch app on iPhone or within a card issuer’s iPhone app. Adding a card to Apple Watch requires that the watch be within Bluetooth communications range. Cards are specifically enrolled for use with Apple Watch and have their own Device Account Numbers which are stored within the Secure Element on the Apple Watch.
When credit, debit or pre-paid cards (including store cards) are added, they appear on a list of cards during Setup Assistant on devices that are signed in to the same iCloud account. These cards remain on this list for as long as they are active on at least one device. Cards are removed from this list after they have been removed from all devices for 7 days. This feature requires two-factor authentication to be enabled on the respective iCloud account.