Hot Take How Apple Pay and Google Pay security handle your sensitive card data

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Credit: Twitter / Nitter (Sept 21, 2022)

Alex Xu said:
The diagram below shows the differences. Both approaches are very secure, but the implementations are different. To understand the difference, we break down the process into two flows.

Steps 1 to 3 - Registration of the card
  • Apple Pay: It doesn’t store any card info. It passes the card info to the bank. Bank returns a token called DAN (device account number). iPhone then stores DAN into a special hardware chip.
  • Google Pay: When you register the credit card with Google Pay, the card info is stored in the Google server. Google returns a payment token to the phone.
Step 4 to 6 - Tapping the 'Pay' button
  • Apple Pay: For iPhone, the e-commerce server passes the DAN to the bank.
  • Google Pay: The e-commerce server passes the payment token to the Google server. Google server looks up the card info and passes it to the bank.
In the diagram, the red arrow means the credit card info is available on the public network, although it is encrypted

Apple needs to discuss the DAN details with banks. It takes time and effort, but the benefit is that the credit card info is on the public network only once.

1664549601853.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top