1

Can anyone explain to me how ApplePay works ?

I have gone through some blogs but I am still unclear about the payment flow.

Questions:

  1. How card is added.

  2. How Transaction process works.

user1680286
  • 119
  • 1
  • 6

2 Answers2

6

This is how apple pay works.

Step 1: Adding a card.

enter image description here

Step 2: Payment using contactless terminal.

enter image description here

Step 3: Final Transection from contactless terminal.

enter image description here

You can check this link.

Akhilesh Mani
  • 3,502
  • 5
  • 28
  • 59
-1

InApp ApplePay

Just high level diagrams

Who is who:

  • Card - card with PAN, Cardholder name, expiration date, CVV/CVC

  • Cardholder - buyer, person who is an owner of a card

  • Merchant - seller

  • Issuer - Bank which supports the Cardholder

  • Acquirer - Bank which supports the Merchant

  • Payment Network - linker of Acquirer and Issuer, e.g. Visa, MasterCard, AmericanExpress...

Cardholder add a Card to Wallet App: enter image description here

Cardholder buy something in an app: enter image description here

Some abbreviation:

  • Secure Element(SE) - It is a special microprocessor physical chip on device that stores sensitive data
  • Primary Account Number (PAN) - card number
  • Device Account Number(DAN) - unique PAN representation for device
  • Token Service Provider(TSP) - generates and saves Card Data
  • Payment Data(PD) typically includes information about the transaction- amount, cardholder name, transaction amount, card expiration date, transaction time...
  • TSP Token - id of record with card data information on TSP side
  • SE Cryptogram - dynamic representation of private data. It is created every time when new transaction is instantiated
  • Transaction is authorised when Issuer approved transaction
  • Discount Rate - is a floating percentage(e.g. 2%) of transaction amount of which is set by Payment Network and which is hold and shared between participants - Issuer(1.7%), Acquirer(0.2%), Payment Network(0.1%). Issuer pays Interchange Fee to Apple (1.7% of the Issuer's transaction income)

PKPayment structure:

PKPayment                                 - Apple Payment Payload
  token: PKPaymentToken                   - Apple Payment Token
    paymentMethod: PKPaymentMethod 
      displayName: String
      network: PKPaymentNetwork           - Payment Network(visa, masterCard, amex...)
      type: PKPaymentMethodType           - (debit, credit, prepaid...)
      paymentPass: PKPaymentPass
    paymentData: Data                       
      signature                           - deatached signature of version == EC_v1(ephemeralPublicKey, data, transactionId, applicationData), version == RSA_v1(wrappedKey, data, transactionId, applicationData) in PKCS7 to verify
      data                                - Encrypted Payment Data(EPD)
        applicationPrimaryAccountNumber   - DAN
        applicationExpirationDate         - Card expiration date
        currencyCode                      - Currency Code
        transactionAmount                 - Amount
        cardholderName                    - Cardholder Name
        deviceManufacturerIdentifier
        paymentDataType                   - "3DSecure" or "EMV"
        paymentData
          //paymentDataType == 3D Secure
          onlinePaymentCryptogram         - SE Cryptogram   
          eciIndicator

          //paymentDataType == EMV
          emvData
          encryptedPINData
        authenticationResponses
          merchantIdentifier
          authenticationData
          transactionAmount
        merchantTokenIdentifier           - TSP token
        merchantTokenMetadata
      version                             - Apple Pay servers encrypted the payment token(data) 
        EC_v1                             - ECC 
        RSA_v1                            - RSA
      header
        transactionId                     - Transaction Id
        applicationData                   - SHA–256 hash which was swnd in PKPaymentRequest.applicationData
        publicKeyHash                     - SHA–256 hash of Merchant public key
        //version == EC_v1
        ephemeralPublicKey                - Ephemeral public key bytes
        //version == RSA_v1
        wrappedKey                        - Symmetric Key which is decrypted by Merchant public key
  billingAddress
  billingContact
  shippingContact
  shippingAddress
  shippingMethod

Verify the Signature: PKPayment.PKPaymentToken.Data.signature is detached PKCS #7 signature[About] with Intermediate and End-user chain certificates[About]

Restore the Symmetric Key:

  • PKPayment.token.paymentData.data - Encrypted Payment Data is encrypted under a Symmetric Key

//version == EC_v1

  • Restoring the Symmetric Key for ECC
  • Apple Pay uses Elliptic Curve Diffie–Hellman(ECDH) (id-ecDH 1.3.132.1.12)[About]

Side Apple:

  • Apple generates ephemeral key pair (private/public key) = generate from Merchant ECC Certificate public INFO AND random private key
  • Apple Pay computes shared secret key = Merchant public key AND ephemeral private key
  • KDF(shared secret key, MerchantId) => Symmetric Key

Side Merchant:

  • Merchant computes shared secret key = Merchant private key AND ephemeral public key

  • KDF(shared secret key, MerchantId) => Symmetric Key

  • Decrypt the Payment Data by Symmetric Key

Apple Pay Programming Guide
Payment Token Format Reference

yoAlex5
  • 29,217
  • 8
  • 193
  • 205