/1 How do Apple Pay and Google Pay handle sensitive card info?
The diagram below shows the differences. Both approaches are very secure, but the implementations are different. To understand the difference, we break down the process into two flows.
514
9,625
615
39,751
/3 1️⃣ The registration flow is represented by steps 1~3 for both cases.
𝐀𝐩𝐩𝐥𝐞 𝐏𝐚𝐲: It doesn’t store any card info. It passes the card info to the bank. Bank returns a token called DAN (device account number). iPhone then stores DAN into a special hardware chip.
6
66
5
635
/4 𝐆𝐨𝐨𝐠𝐥𝐞 𝐏𝐚𝐲: When you register the credit card with Google Pay, the card info is stored in the Google server. Google returns a payment token to the phone.
8
41
3
433
/5 2️⃣ When you click the “Pay” button on your phone, the basic payment flow starts. Here are the differences:
𝐀𝐩𝐩𝐥𝐞 𝐏𝐚𝐲: For iPhone, the e-commerce server passes the DAN to the bank.
4
29
376
/7 👉 Over to you: Apple needs to discuss the DAN details with banks. It takes time and effort, but the benefit is that the credit card info is on the public network only once. If you are an architect and have to choose between security and cost, which solution do you prefer?
Sep 21, 2022 · 3:53 PM UTC
40
53
6
771
/8 I hope you've found this thread helpful.
Follow me @alexxubyte for more.
Like/Retweet the first tweet below if you can:
/1 How do Apple Pay and Google Pay handle sensitive card info?
The diagram below shows the differences. Both approaches are very secure, but the implementations are different. To understand the difference, we break down the process into two flows.
Show this thread
50
75
516
