Rendering cards unusable with Apple Pay
Credit, debit, and prepaid cards added to the Secure Element can be used only if the Secure Element is presented with authorization using the same pairing key and Authorization Random (AR) value from when the card was added. On receipt of a new AR value, the Secure Element marks any previously added cards as terminated. This allows the operating system to instruct the Secure Enclave to render cards unusable by marking its copy of the AR as invalid under the following scenarios:
Method | Device |
|---|---|
The passcode is disabled. | iPhone, iPad, Apple Watch |
The password is disabled. | Mac |
The user signs out of iCloud. | iPhone, iPad, Mac, Apple Watch |
The user selects Erase All Content and Settings. | iPhone, iPad, Mac, Apple Watch |
The device is restored from Recovery Mode. | iPhone, iPad, Mac, Apple Watch |
Unpairing | Apple Watch |
Suspending, removing, and erasing cards
Users can suspend Apple Pay on iPhone, iPad, and Apple Watch by placing their devices in Lost Mode using Find My. Users also have the ability to remove and erase their cards from Apple Pay using Find My, iCloud.com, or directly on their devices using Apple Wallet. On Apple Watch, cards can be removed using iCloud settings, the Apple Watch app on iPhone, or directly on the watch. The ability to make payments using cards on the device is suspended or removed from Apple Pay by the card issuer or respective payment network, even if the device is offline and not connected to a cellular or Wi-Fi network. Users can also call their card issuer to suspend or remove cards from Apple Pay.
When a user erases the entire device—using Erase All Content and Settings, using Find My, or restoring their device—iPhone, iPad, Mac, and Apple Watch instruct the Secure Element to mark all cards as terminated. This has the effect of immediately changing the cards to an unusable state until the Apple Pay servers can be contacted to fully erase the cards from the Secure Element. Independently, the Secure Enclave marks the AR as invalid so that further payment authorizations for previously enrolled cards aren’t possible. When the device is online, it attempts to contact the Apple Pay servers to help ensure that all cards in the Secure Element are erased.