How do Apple Pay and Google Pay handle the sensitive CARD Info?

 

2 1. Registering your credit card flow 2. Basic payment flow

3 The registration flow is represented by steps 1~3 for both cases.

𝐀𝐩𝐩𝐥𝐞 𝐏𝐚𝐲: It doesn’t store any card info. It passes the card info to the bank. Bank returns a token called DAN (device account number). iPhone then stores DAN into a special hardware chip.

4 𝐆𝐨𝐨𝐠𝐥𝐞 𝐏𝐚𝐲: When you register the credit card with Google Pay, the card info is stored in the Google server. Google returns a payment token to the phone.

5 When you click the “Pay” button on your phone, the basic payment flow starts. Here are the differences: 𝐀𝐩𝐩𝐥𝐞 𝐏𝐚𝐲: For iPhone, the e-commerce server passes the DAN to the bank.

6 𝐆𝐨𝐨𝐠𝐥𝐞 𝐏𝐚𝐲: The e-commerce server passes the payment token to the Google server. Google server looks up the card info and passes it to the bank. In the diagram, the red arrow means the credit card info is available on the public network, although it is encrypted.

7 Over to you: Apple needs to discuss the DAN details with banks. It takes time and effort, but the benefit is that the credit card info is on the public network only once.

Apple pay: the apple server looks at the card info and determines how to route. Since the card data is not stored on the apple server, apple server is not in the illustration. More detail: https://support.apple.com/en-us/HT203027 Google pay, more details: https://developers.google.com/pay/api/android/overview

How does Card Schemes make money ? - Thanks to bytebytego.com

 

1. The cardholder pays a merchant $100 to buy a product.

2. The merchant benefits from the use of the credit card with higher sales volume and needs to compensate the issuer and the card network for providing the payment service. The acquiring bank sets a fee with the merchant, called the “𝐦𝐞𝐫𝐜𝐡𝐚𝐧𝐭 𝐝𝐢𝐬𝐜𝐨𝐮𝐧𝐭 𝐟𝐞𝐞.”

3. 3 3 - 4. The acquiring bank keeps $0.25 as the 𝐚𝐜𝐪𝐮𝐢𝐫𝐢𝐧𝐠 𝐦𝐚𝐫𝐤𝐮𝐩, and $1.75 is paid to the issuing bank as the 𝐢𝐧𝐭𝐞𝐫𝐜𝐡𝐚𝐧𝐠𝐞 𝐟𝐞𝐞. The merchant discount fee should cover the interchange fee.

4.The interchange fee is set by the card network because it is less efficient for each issuing bank to negotiate fees with each merchant.

5. 5 5. The card network sets up the 𝐧𝐞𝐭𝐰𝐨𝐫𝐤 𝐚𝐬𝐬𝐞𝐬𝐬𝐦𝐞𝐧𝐭𝐬 𝐚𝐧𝐝 𝐟𝐞𝐞𝐬 with each bank, which pays the card network for its services every month. For example, VISA charges a 0.11% assessment, plus a $0.0195 usage fee, for every swipe.

6 6. The cardholder pays the issuing bank for its services. Why should the issuing bank be compensated? The issuer pays the merchant even if the cardholder fails to pay the issuer. The issuer pays the merchant before the cardholder pays the issuer.

7. 7 The issuer has other operating costs, including managing customer accounts, providing statements, fraud detection, risk management, clearing & settlement, etc.

BaaS vs Open Banking Vs Platform Banking

 Banking as a Service Providers

• What it is: licensed banks that enable other businesses to integrate digital banking and payment services directly into their own products. 
• How it works: the business’ frontend is connected to the BaaS provider via API, allowing the business to offer digital lending services, account management and payment services themselves in their own apps and websites.

Open banking providers (a.k.a third-party service providers)

• What it is: non-banks that access data from their customer’s bank account to provide account insights or trigger payments from within an app or website. 
• How it works: the open banking providers connect to the bank’s system via API to retrieve the data. Often, the API layer between the bank and the open banking provider is provided by an API banking platform. 

Platform banking

• What it is: banks integrating services from other providers, mainly fintechs, in order to offer their customers a broader range of financial services from one bank account. 
• How it works: depending on the type of set-up, the fintech’s services are usually fully integrated into the bank’s app/webpage user interface via API.