Apple Pay explained - technology, security, and payment methods


By introducing Apple Pay, the Cupertino giant wants two things. It wants to take away the inconvenience of carrying a wallet and paying in cash, and it wants to offer a more secure alternative to the aging credit card and POS payment system. Apple Pay will be compatible with the iPhone 6 and iPhone 6 Plus, as well the Apple Watch, when paired to the iPhone 5, 5c, 5s, 6, or 6 Plus. The system will be available in the USA from October, with a world-wide expansion planned for later. In this article, we'll show you how the system is built, and how you will end up using it to buy stuff!

Apple Pay relies on three essential components - an NFC antenna, a dedicated chip in the iPhone and Apple Watch called the Secure Element, and the familiar Touch ID fingerprint sensor for purchases through the smartphone.

NFC (near-field communication) is a set of short-range wireless technologies that connect devices at a distance of up to 10cm through a radio frequency field. NFC-connected devices can take very simple and small form factors, such as tags, stickers, key fobs, or cards. James Andreson, MasterCard's senior VP of mobile and emerging payments, expects NFC to become "the predominant technology for point-of-sale payments" between a smart device and merchant terminal. Perhaps Apple Pay could be the push his prediction needs to be fulfilled.

The Secure Element is a complicated piece of integrated technology. The one in the iPhone 6 and iPhone 6 Plus is rumored to be sourced from NXP, a key supplier of NFC, SIM, identification and other mobile connectivity platforms for Apple and other vendors. It also happens to be the same company that makes the M7 motion co-processor in the iPhone 5s. From its web-page, we can learn that a secure element "typically features non-volatile memory, a security CPU and crypto co-processor, and features additional security measures to protect it against tampering and attacks." It is integrated into the NFC controller.

The element has its own embedded operating system, power supply (a small battery) and its own processors and RAM memory. All data storage areas, which is where your credit card and fingerprint information will reside, are protected against both physical and software attacks, and the flow of data goes through a number of interfaces and micro-controllers, protected by various types of end-to-end encryption (Public Key Infrastructure, Dual / Triple key DES-3). Apple Pay takes your banking information and generates an unique Device Account Number, which is encrypted and stored inside the Secure Element. The chip is included in both the iPhone and the Apple Watch.

Touch ID, found on the iPhone 5s and iPhone 6, is built inside the smartphone's home button. It is protected with a laser-cut sapphire crystal so as not to scratch, which would prevent it from operating properly. It also features a stainless steel detection ring to detect the user's finger. Fingerprint data is stored in a secure enclave inside the iPhone's processor, most likely the Secure Element we spoke of above. Fingerprint reading isn't used for payments with the Apple Watch - instead, you are expected to double-press the button below the Digital Crown. As the Watch is pretty tightly strapped on your wrist and in no risk of being tampered with when you're on the go, putting a fingerprint sensor on it would have been over the top.

How to use Apple Pay in stores? First things first, you'll have to add your credit card information to the Passbook app. You can enter it manually or photograph your card with the iSight camera. At the moment, the system supports Visa, MasterCard, and American Express banking cards issued by American Express, Bank of America, Capital One, Chase, Citi, and Wells Fargo. Apple lists Barclaycard, Navy Federal, PNC, USAA, and US Bank as "coming soon".


At launch, Apple Pay will be accepted at 220 000 stores and up. Users will be able to use their iPhone and Apple Watch at Babies R Us, Bloomingdales, Disney establishments, Duanereade, Macy's, McDonalds, Nike, Petco, Staples, Subway, Toys R Us, Unleashed, Walgreens, and Whole Foods Market. In addition, purchases through the following apps are supported: Groupon, Instacart, MLB.com, OpenTable, Panera Bread, Sephora, Starbucks, Target, Tickets.com, and Uber.

Shopping at a retailer and paying with Apple Pay will be something like this - the shop's register will have an NFC-enabled credit card terminal at which you hold the iPhone for a second, put your finger on the Touch ID button, and that's it - no apps and passwords. If you have the Apple Watch on you, you have to double-press the button located beneath the crown, and hold the watch to the terminal. Of course, there's no Touch ID security involved, but Apple has ensured a secure payment process by generating a dynamic, secure code for each transaction and keeping your credit card number private. The Apple Watch uses a scaled-down version of Passbook, which probably means it will let users choose which credit or debit card to use. Upon successful payment, the watch vibrates and beeps.

In case you were wondering, Apple's payment system doesn't rely on an exclusive infrastructure. You won't be seeing Apple-branded terminals for the foreseeable future. Instead, it uses regular NFC-enabled terminals for contact-less credit cards, which have been in place at stores for a number of years. If you see the symbol on the right anywhere on the register, you'll be good to go. In-app payments are even simpler. On the iPhone, just select Apple Pay as a payment method, and place your finger on the home button. In-app purchases through Apple Watch are not supported.

It won't be long before Apple Pay is available to customers - it will launch next month in the USA. Now that you know what the system is all about, we can only wish you happy shopping!

FEATURED VIDEO

33 Comments

1. Python212

Posts: 363; Member since: Aug 13, 2014

Apple should never use the word 'security' when describing their devices

3. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Silence as to who is on the hook for any fraudulent transactions.... Triple DES doesn't inspire confidence regarding security of encryption.

6. greathero1

Posts: 584; Member since: Jun 13, 2008

Does you bank and credit card companies not cover you for fraudulent charges? I know that mine does and for added security, after I set this payment system up, I will definitely set custom alerts to notify me of all transactions via text or email to be proactive.

25. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

The bank/card companies cover for fraudulent charges made if the card is lost or stolen and you have to notify them when the card is lost or stolen. Some even cover fraud where the Point of Sale system is hacked (Target, Home Depot, for example). Fraudulent charges made because the digital wallet you were using to store your card information got hacked is another matter entirely. If Apple isn't accepting liability and the card companies aren't, then you most definitely are on the hook.

29. stealthd unregistered

You aren't responsible for fraudulent charges on your card, period. There isn't some loophole here.

31. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Link? Responsibility for fraudulent charges is covered in the agreement between the card issuer and the card holder.

7. Mxyzptlk unregistered

Because android is devoid of security threats and malware breaches on the Play Store.

8. xperiaDROID

Posts: 5629; Member since: Mar 08, 2013

Because iOS shares your nude photos to the public.

18. kentas

Posts: 11; Member since: Jul 06, 2014

dailymail.co.uk/news/article-2751238/Google-advise​s-users-change-passwords-hackers-expose-5-million-​Gmail-usernames-passwords-Russian-website.html Here you go blind fanboy....

23. Cicero

Posts: 1129; Member since: Jan 22, 2014

Go to search: from rhat 5 mil., 60% were inactive and only 2% were correct. Hacked by phishing, malware and so in Rusia. (Android Police . com)

24. kentas

Posts: 11; Member since: Jul 06, 2014

Same was with iCloud, phished account name and passwords... I have posted that article just to show to one stupid fanboy that it is not company fault that some users doesn't take attention to their security by using weak passwords or same password for x websites...

30. stealthd unregistered

Actually their security is really good. They just can't stop tech-illiterate celebrities from using weak passwords and easy to guess security questions.

2. darkkjedii

Posts: 31063; Member since: Feb 05, 2011

This is gonna give NFC, and mobile payments a huge boost. Well done Apple, keep it coming. 9-19 is gonna be a fun day.

4. omar300

Posts: 210; Member since: Jun 24, 2012

I always looked forward to apple adapting NFC, since old blackberry days when it alone had NFC. Only way to get boost in mobile market for new untested tech, get Apple to push it. Dont get me wrong, i truely have never been apple user and most likely nor be. but one must understand the market mostly follows apple.

19. Damo579

Posts: 264; Member since: May 18, 2013

In the USA this is true..... It also explains why we are behind when it comes to mobile technology.

5. Mxyzptlk unregistered

This is amazing.

10. xperiaDROID

Posts: 5629; Member since: Mar 08, 2013

Ooo...ya, this feature has already existed on phones few years ago and slow sneaky snaily snail Apple is picking up and Apple fanboy is considering it as "amazing". Ooo...ya, even sharing your nude photos to the public is also amazing ya? Ya, velly amazing.

15. Ninetysix

Posts: 2964; Member since: Oct 08, 2012

I'm having a hard time searching for google wallet + fingerprint scanner support. There's paypal but it's not the same. Can you help me please?

17. Mxyzptlk unregistered

Lol he's now hiding in shame after that massive burn

20. Damo579

Posts: 264; Member since: May 18, 2013

What xperiaDROID means Android and WP phones have had NFC for a couple of years now. It is a great thing to have in our phones but it isn't new. The problem we have in the USA is we follow what Apple does and since they are usually last to implement new features in their products we are behind other parts of the world.

28. stealthd unregistered

It's not that the entire country follows what Apple's doing, it's that NFC payments have been a mess. Most carriers block Google Wallet in favor of the formerly known as ISIS payment system. And there's been no big push for retailer support. Apple actually seems to be going to retailers and making deals, where I haven't heard about Google/ISIS really doing that.

32. nodes

Posts: 1160; Member since: Mar 06, 2014

Anyone using tap and pay on android?

33. gotgame

Posts: 2; Member since: Jun 06, 2012

Yes, I use it on my Moto X (1st gen) at a couple of places. Since there are not a lot of places that support this type of POS transaction I am still needing to carry around my traditional wallet and card :-(. Hopefully this will change soon.

9. AppleJuice

Posts: 145; Member since: Sep 12, 2013

Good stuff.

12. tech2

Posts: 3487; Member since: Oct 26, 2012

Didn't get that James Anderson reference/joke. If you're talking about the cricketer then he's over 6 feet. So he isn't really small :/

13. JayFiveAlive

Posts: 67; Member since: May 30, 2014

This was the only good announcement on Tuesday lol. It's really good though - I wonder if Android users will be able to use Google Wallet with these terminals since it's not Apple exclusive tech. I hope so anyway...

21. sks1969

Posts: 108; Member since: Mar 04, 2012

The 'secure element' is not a big deal it is called a TPM. Every laptop built after 2007 has it. Even windows phone has it. But lets not get too easy on this one. What if someone got hold of your iphone and got hold of your pass code. All the secure element/TPM chip is a waste. With the credit card system it truly indicates your presence (photo ID, Name, signature) at the time of purchase, I still think this is the most secure system. Credit card users and credit card companies too will say that the latter is more secure, this is why there is delay in deploying this mainstream. Apple may be using its clout to make other companies submit to this payment method.

22. AJagtiani

Posts: 466; Member since: Apr 24, 2014

One word: GIMMICK.

27. 0xFFFF

Posts: 3806; Member since: Apr 16, 2014

+1 

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.