/1 How do Apple Pay and Google Pay handle sensitive card info? The diagram below shows the differences. Both approaches are very secure, but the implementations are different. To understand the difference, we break down the process into two flows.
514
9,625
615
39,751
/2 1. Registering your credit card flow 2. Basic payment flow
6
19
392
/3 1锔忊儯 The registration flow is represented by steps 1~3 for both cases. 饾悁饾惄饾惄饾惀饾悶 饾悘饾悮饾惒: It doesn鈥檛 store any card info. It passes the card info to the bank. Bank returns a token called DAN (device account number). iPhone then stores DAN into a special hardware chip.
6
66
5
635
/4 饾悊饾惃饾惃饾悹饾惀饾悶 饾悘饾悮饾惒: When you register the credit card with Google Pay, the card info is stored in the Google server. Google returns a payment token to the phone.
8
41
3
433
/5 2锔忊儯 When you click the 鈥淧ay鈥 button on your phone, the basic payment flow starts. Here are the differences: 饾悁饾惄饾惄饾惀饾悶 饾悘饾悮饾惒: For iPhone, the e-commerce server passes the DAN to the bank.
4
29
376
/6 饾悊饾惃饾惃饾悹饾惀饾悶 饾悘饾悮饾惒: The e-commerce server passes the payment token to the Google server. Google server looks up the card info and passes it to the bank. In the diagram, the red arrow means the credit card info is available on the public network, although it is encrypted.
7
46
5
420
/7 馃憠 Over to you: Apple needs to discuss the DAN details with banks. It takes time and effort, but the benefit is that the credit card info is on the public network only once. If you are an architect and have to choose between security and cost, which solution do you prefer?

Sep 21, 2022 路 3:53 PM UTC

40
53
6
771
/8 I hope you've found this thread helpful. Follow me @alexxubyte for more. Like/Retweet the first tweet below if you can:
/1 How do Apple Pay and Google Pay handle sensitive card info? The diagram below shows the differences. Both approaches are very secure, but the implementations are different. To understand the difference, we break down the process into two flows.
Show this thread
50
75
516
Replying to @alexxubyte
In Apple Pay, DAN is stored to device chip. Can we break down the data stored in chip by unlocking or dismantle the iPhone ? If my phone is stolen, intruder can read the DAN and do the transaction through e-commerce
1
1
9
Sure but the same situation applies for a stolen google phone, they're just acting as an in-between so it's you contacting your bank vs. you contacting google.
1
8
Replying to @alexxubyte
As a user, definitely prefer the Apple method where they don't store my actual card details.
1
14
Replying to @alexxubyte
What is the risk of sharing the DAN with the e-commerce server? Could it be used more than once without the user consent?
1
1
4
Replying to @alexxubyte
As an security architect that鈥檚 the real question. I鈥檇 chose Apple鈥檚 implementation. In GPay implementation there are more security risk factors. Great thread.馃憤
1
14
Replying to @alexxubyte
To me, network exposure threat is the same as both approaches would require TLS to be broken. Time window is irrelevant at scale. But Apple one is preferable since on GPay card info is stored in two places instead of one
1
13
Replying to @alexxubyte
Always security and privacy.
1
1