Apple Pay is a digital wallet that allows users to make purchases and transactions using their Apple devices. With the touch of a button on your mobile or Apple Watch, checkout is easy and fast. Apple also emphasizes privacy and security. In this article, we dive into Apple Pay’s various security measures and examine how these measures protect users’ personal and financial data.
Update Jan 2023
Is Apple Pay Privacy-Friendly?
Apple’s revenue model is not based on collecting as much data as possible, as is the case with Facebook and Google.
“We’re not in the business of collecting your data,” Eddy Cue said during the keynote speech introducing Apple Pay. “Apple doesn’t know what you bought, where you bought it, or how much you paid. The transaction is between you, the merchant and the bank.”
But if Apple Pay was not created to collect as much personal data as possible, what are they making money off of?
With Apple Pay, Apple wants to keep its customers within its own environment (ecosystem). So it is not a service designed to collect user data, but a service to sell you more Apple devices and services. And yet the question remains: can you trust Apple’s word? In any case, Apple has made a big bet on privacy.
Privacy during login
When you add a (prepaid) credit or debit card to Apple Pay through the Wallet app, your device securely sends card details and other information about your account and device to the card provider.
The actual numbers of the pass are never stored on the your device or on Apple servers. Instead, it creates a unique devic account number, whose encryption Apple cannot decrypt. This number is stored in the Secure Element of your device. This device account number in the Secure Element is completely separate from your operating system and is not stored on Apple Pay servers or in iCloud. Apple does not track what you buy when you pay with Apple Pay. So they also can’t show you ads based on your purchase history.
So Apple does not have access to the original card numbers of credit, debit or prepaid cards you add to Apple Pay. Apple Pay stores only part of your actual card numbers and part of your device account numbers, along with a description of the card. Your cards are linked to your Apple ID. That helps you add and manage your maps on your devices.
Is Apple Pay secure?
Compared to other payment systems, Apple Pay is indeed secure. This is because a payment with Apple Pay requires two-factor authentication (Touch ID, Face ID, a PIN or a password) at
purchases. Other contactless payment solutions usually only require a PIN for purchases larger than a certain amount. Apple Pay uses NFC for payments. NFC (Near Field Communication) is a wireless way to exchange small amounts of information within a 10-centimeter radius. Thus, NFC only works at small distances and cannot be read at long distances. Since you must always authenticate first (with Touch ID, Face ID or two presses of the side button on the Apple Watch), this also means your device cannot be secretly read (skimmed) with a mobile pin device.
Apple Pay card blocking or deletion
If you have enabled Find My iPhone on your device, you can block Apple Pay by activating lost mode on your device instead of canceling your cards immediately. When you find your device, you can turn Apple Pay back on.
You can go to your Apple ID account page to remove the ability to make payments with the credit cards, debit cards and prepaid cards you used with Apple Pay on the device.
When you remotely erase your device with Find My iPhone, you immediately remove the ability to pay with the cards you used with Apple Pay anyway.
Is Apple Pay anonymous?
Paying online with Apple Pay
When a customer uses Apple Pay to make a purchase, the selling party typically receives a limited amount of information from the transaction. This can be your name, email address and your shipping or billing address, but you can choose whether you want to share that. The seller does not receive your payment information, such as your credit card numbers or bank account information. This is because Apple Pay uses a process called tokenization to protect this sensitive information.
In tokenization, the customer’s payment information is replaced by a unique token that is used to authorize the transaction. The token is then sent to the merchant, allowing them to complete the transaction without ever having access to actual payment information from you. This provides an additional layer of security and helps protect your personal and financial information.
Pay in stores with Apple Pay
In stores, payments are processed based on the devic account number and a transaction-specific dynamic security code. Apple and your device do not share your credit or debit card numbers with merchants.
Apple pay and location features
Apple Pay does not use location data to track where you buy something. However, location data may be used to improve the security of the service. For example, Apple Pay can use location data to determine whether a transaction is suspicious or potentially fraudulent. This can help prevent unauthorized transactions and protect the user’s account from fraud. In addition, Apple Pay may use location data to enable certain features, such as using the service in physical stores or in-app purchases.
Once the transaction is processed, location data is not retained by Apple Pay and is not shared with the selling party.
To enable these features, the device’s location services must be enabled.
You can also disable this location feature for more privacy.
Settings> Privacy> Location Features> System
Is Apple Pay privacy friendly?
We have so far found no reason to doubt this. Apple’s revenue model is hardware and services. Taking money by debit card and spending it in cash, of course, provides more assurance of privacy.
Is Apple Pay Secure?
Yes, Apple Pay has proven to be a very secure payment method.