Saturday, September 24, 2022

How do Apple Pay and Google Pay handle the sensitive CARD Info?

 


2 1. Registering your credit card flow 2. Basic payment flow
3 1️⃣ The registration flow is represented by steps 1~3 for both cases.
𝐀𝐩𝐩𝐥𝐞 𝐏𝐚𝐲: It doesn’t store any card info. It passes the card info to the bank. Bank returns a token called DAN (device account number). iPhone then stores DAN into a special hardware chip.

4 𝐆𝐨𝐨𝐠𝐥𝐞 𝐏𝐚𝐲: When you register the credit card with Google Pay, the card info is stored in the Google server. Google returns a payment token to the phone.

5 2️⃣ When you click the “Pay” button on your phone, the basic payment flow starts. Here are the differences: 𝐀𝐩𝐩𝐥𝐞 𝐏𝐚𝐲: For iPhone, the e-commerce server passes the DAN to the bank.
6 𝐆𝐨𝐨𝐠𝐥𝐞 𝐏𝐚𝐲: The e-commerce server passes the payment token to the Google server. Google server looks up the card info and passes it to the bank. In the diagram, the red arrow means the credit card info is available on the public network, although it is encrypted.
7 👉 Over to you: Apple needs to discuss the DAN details with banks. It takes time and effort, but the benefit is that the credit card info is on the public network only once.

Apple pay: the apple server looks at the card info and determines how to route. Since the card data is not stored on the apple server, apple server is not in the illustration. More detail: support.apple.com/en-us/HT203027 Google pay, more details: developers.google.com/pay/api/androi

No comments: