I’m Quang – a Mobile app developer, specializing in iOS. Today, I spent 30 minutes reading “How Apple Pay works under the hood?” by Prashant Ram. I am excited to share this knowledge right away. And I will try to explain it in the simplest way.
How Apple Pay supports your security
- Whenever you add your card to your phone (1), Apple passes the info to your bank – Issuer Bank (2). Then, the bank returns a unique identifier – DAN. Your phone will store DAN on a special hardware chip – Secure Element (3).
- If you make a payment, Secure Element will generate the one-time codes (Dynamic CVV & Dynamic Cryptogram) and send them to the POS machine (4). The POS passes to the seller’s bank (Merchant Bank) together with your DAN (5). After the Merchant Bank conveys the request to the Issuer Bank, your payment is approved (6). Find out what really happens in step 6 here.
So what?
1. Apple doesn’t store your info, they pass it to the bank.
2. By using DAN, no one except your bank owns your card information.
3. Dynamic CVV cannot be reused, even if it is captured by a 3rd party.
4. Secure Element is physically isolated from your device, making it very difficult for hackers.
Google Pay does this a bit differently
- Whenever you add your card to your phone (1), Google Server receives the info (2), gets verification from your bank (3) and returns an identifier (Payment Token) to your phone (4).
- If you make a payment, your phone passes the Dynamic CVV, Dynamic Cryptogram and Payment Token to the POS machine (5). The POS passes them to the Merchant Bank (6). After the validation process between Merchant Bank and Issuer Bank (7), Google Server will be informed (8).
So what?
1. Both Apple & Google are secure, just different approaches
2. By recording your purchase on the server, Google could theoretically track your spending habits
3. Apple controls both software & hardware (e.g., Secure Element), that’s why they offer a more comprehensive solution
Apple says their products are designed to protect your privacy, noting the following on their website: “At Apple, we believe privacy is a fundamental human right.” This also raises the question for me of whether Google uses private information to make money. Could anyone answer this?
Reference
How does Apple Pay and Google Pay work? Steps & Architecture
Google keeps an eye on what you buy, and it’s not alone
Google tracks your purchases. Here’s how to see what Gmail knows