Secure Mobile Payments: Behind the Scenes How Apple Pay and Google Pay Protect Your Sensitive Card Info

Roman Glushach
4 min readJun 5, 2023

--

Secure Mobile Payments

Mobile payments​​ have become increasingly​​ popular in recent​​ years, and with​​ that comes the​​ need for secure​​ payment methods​​. Apple Pay and​​ Google Pay are​​ two of the most​​ popular mobile​​ payment options​​.

Both Apple Pay and Google Pay use a technology called Near Field Communication (NFC) to communicate with compatible terminals at checkout. NFC is a wireless technology that allows two devices to exchange data when they are close to each other (usually within a few centimeters). When you hold your phone or watch near the terminal, NFC creates a secure connection and transfers your payment information.

What information is transferred?

Apple Pay and Google Pay do not send your actual card number to the terminal. Instead, they use a process called tokenization to create a unique and temporary code that represents your card. This code is called a token, and it can only be used for that specific transaction. If a hacker intercepts the token, they cannot use it to make fraudulent purchases or access your card details.

Tokenization is a powerful way to protect your card information from theft and misuse. But it is not the only security feature that Apple Pay and Google Pay offer. Both apps also require you to authenticate your identity before making a payment. You can use your fingerprint, face recognition, or a PIN to verify that you are the owner of the device and the card. This adds another layer of protection in case your phone or watch is lost or stolen.

Apple Pay and Google Pay also encrypt your card information on your device and in their servers. Encryption is a method of transforming data into an unreadable format that can only be decoded with a secret key. Encryption ensures that only authorized parties can access your card information, even if someone hacks into your device or the app’s servers.

How Apple Pay Protects Your Sensitive Information

Apple Pay is designed with security and privacy in mind. When you use Apple Pay, your personal information, transaction data, and payment information are all protected. Here are some of the security features built into Apple Pay:

  • passcode and biometric authentication: To use Apple Pay, you must have a passcode set on your device and, optionally, Face ID or Touch ID. This adds an extra layer of security to your transactions
  • tokenization: Apple Pay uses tokenization to protect your card information. When you add a card to Apple Pay, a unique Device Account Number is created, encrypted, and stored in the Secure Element on your device. This means that your card information is never stored on Apple’s servers or shared with merchants
  • data encryption: Apple Pay uses data encryption to protect your transaction data. Your data is stored in a form that can only be read when your device is unlocked

How Google Pay Protects Your Sensitive Information

  • data encryption: Like Apple Pay, Google Pay uses data encryption to protect your transaction data. Your data is stored in a form that can only be read when your phone or tablet is unlocked
  • automatic security features: Google Pay uses built-in security features to protect you from scams and fraud. For example, Google Pay uses advanced security to better identify suspicious transactions
  • tokenization: Google Pay uses tokenization to protect your card information. When you add a card to Google Pay, a unique virtual account number is created, which is used for your transactions. This means that your card information is never shared with merchants

Registering Your Credit Card Flow

Apple Pay and Google Pay Security

The difference lies in how they handle your card information.

Apple Pay

Apple Pay does not store any card information. Instead, it passes the card information to the bank. The bank returns a token called DAN (device account number) to the iPhone, which then stores DAN into a special hardware chip. This means that your card information is never stored on your device or on Apple’s servers.

Google Pay

When you register your credit card with Google Pay, the card information is stored in the Google server. Google returns a payment token to your phone, which is used for future transactions. This means that your card information is stored on Google’s servers, but it is encrypted and kept secure.

Basic Payment Flow

When you click the “Pay” button on your phone, the basic payment flow starts.

Apple Pay

For iPhone users, the e-commerce server passes the DAN to the bank. The bank then processes the payment and sends a response back to the e-commerce server. This means that your card information is never transmitted over the internet.

Google Pay

In the Google Pay case, the e-commerce server passes the payment token to the Google server. The Google server looks up the credit card information and passes it to the bank. This means that your card information is available on the public network, although it is encrypted.

Conclusion

Apple Pay and Google Pay are two of the most secure and convenient mobile payment apps available today. They use advanced encryption and tokenization techniques to protect your sensitive card info from hackers and fraudsters. They also use biometric authentication to verify your identity before making a payment. They offer many benefits such as convenience, speed, privacy, and rewards. They are easy to set up and use with your phone or watch.

--

--

Roman Glushach

Senior Software Architect & Engineer Manager at Freelance