Transit cards in the Wallet app
In many global markets, users can add supported transit cards to the Wallet app on supported models of iPhone and Apple Watch. Depending on the transit operator, this may be done by transferring the value and commuter pass from a physical card into its digital Apple Wallet representation or by provisioning a new transit card into the Wallet app from the Wallet app or the transit card issuer’s app. After transit cards are added to the Wallet app, users can ride transit simply by holding iPhone or Apple Watch near the transit reader. Some cards can also be used to make payments.
Added transit cards are associated with a user’s iCloud account. If the user adds more than one card to the Wallet app, Apple or the transit card issuer may be able to link the user’s personal information and the associated account information between cards. Transit cards and transactions are protected by a set of hierarchical cryptographic keys.
During the process of transferring the balance from a physical card to the Wallet app, users are required to enter card specific information. Users may also need to provide personal information for proof of card possession. When transferring passes from iPhone to Apple Watch, both devices must be online during transfer.
The balance can be recharged with funds from credit, debit and prepaid cards through Wallet or from the transit card issuer’s app. The security of reloading the balance when using Apple Pay is described in Pay with credit and debit cards within apps. The process of provisioning the transit card from within the transit card issuer’s app is described in Add credit or debit cards from a card issuer’s app.
If provisioning from a physical card is supported, the transit card issuer has the cryptographic keys needed to authenticate the physical card and verify the user’s entered data. After the data is verified, the system can create a Device Account Number for the Secure Element and activate the newly added pass in the Wallet app with the transferred balance. In some cities, after provisioning from the physical card is complete, the physical card is disabled.
At the end of either type of provisioning, if the transit card balance is stored on the device, it’s encrypted and stored to a designated applet in the Secure Element. The transit operator has the keys to perform cryptographic operations on the card data for balance transactions.
By default, users benefit from the seamless Express Transit experience that allows them to pay and ride without requiring Touch ID, Face ID, or a passcode. Information like recently visited stations, transaction history, and additional tickets may be accessed by any nearby contactless card reader with Express Mode enabled. Users can enable the Touch ID, Face ID, or passcode authorization requirement in the Wallet & Apple Pay settings by disabling Express Transit.
As with other Apple Pay cards, users can suspend or remove transit cards by:
Erasing the device remotely with Find My
Enabling Lost Mode with Find My
Mobile device management (MDM) remote wipe command
Removing all cards from their Apple ID account page
Removing all cards from iCloud.com
Removing all cards from the Wallet app
Removing the card in the issuer’s app
Apple Pay servers notify the transit operator to suspend or disable those cards. If a user removes a transit card from an online device, the balance can be recovered by adding it back to a device signed in with the same Apple ID. If a device is offline, powered off, or unusable, recovery may not be possible.