What personal info is given to merchants when using Apple Pay in-store?
February 8, 2022 8:29 PM Subscribe
I use Apple Pay on my iPhone in pretty much any shop that accepts it. I understand Apple Pay transmits a device account number to merchants instead of my actual credit card number, but what other information about me can they receive when I pay with my phone? Apple's support pages are kind of vague on this matter.
Best answer: You can see a list of all the potential data fields involved in Apple Pay retail POS transactions in this PDF, starting on page 82 (section 9.) It’s hard to understand what every field does, but you can see that the spec doesn’t allow for transmitting personal information.
posted by michaelh at 10:15 PM on February 8, 2022 [2 favorites]
posted by michaelh at 10:15 PM on February 8, 2022 [2 favorites]
Response by poster: I appreciate the response, blob -- I may not have been clear enough with my question, though. I'd like to know what personal info (such as my name) is shared by Apple Pay with merchants when using an iPhone at a contactless terminal in a physical store.
I'm not asking about info that's shared with Apple or with my credit card company and I'm not asking what's shared with merchants when buying stuff online or in an app.
posted by theory at 10:17 PM on February 8, 2022
I'm not asking about info that's shared with Apple or with my credit card company and I'm not asking what's shared with merchants when buying stuff online or in an app.
posted by theory at 10:17 PM on February 8, 2022
Theory, my understanding is that apple pay transmits an encoded message to the terminal that contains your name, expiration date of your card, and your card number with a "different last 4 digits".
My source is that when I tried to return something bought with apple pay, target was able to retrieve that info
posted by bbqturtle at 2:51 AM on February 9, 2022
My source is that when I tried to return something bought with apple pay, target was able to retrieve that info
posted by bbqturtle at 2:51 AM on February 9, 2022
My understanding is similar to bbqturtle's - ApplyPay transmits a one-time-use card number plus authentication information (this is basically in lieu of a signature or PIN). The merchant shouldn't be getting any more information than they would get if you used a credit card (arguably less, since they don't get your "real" card number, a copy of your signature, or your PIN).
posted by mskyle at 4:02 AM on February 9, 2022
posted by mskyle at 4:02 AM on February 9, 2022
My assumption would be that the merchant gets very little. Any terminal he has will probably be provided by his bank/payment processor and details exchanged there. I doubt many (any) merchants are dealing with Apple Pay direct.
At the end of it, the merchant will be able to see transaction details by logging into an admin screen. This will probably just be name, total and a transaction id.
The processor may get more information, including email address etc, and this may be shared with third party fraud processors etc.
posted by Hartster at 7:15 AM on February 9, 2022 [1 favorite]
At the end of it, the merchant will be able to see transaction details by logging into an admin screen. This will probably just be name, total and a transaction id.
The processor may get more information, including email address etc, and this may be shared with third party fraud processors etc.
posted by Hartster at 7:15 AM on February 9, 2022 [1 favorite]
Best answer: This article is from 2014, when Apple Pay was new, but I don’t think the mechanisms have changed. It's a fairly in depth look at how it works and states: “The merchant never sees your actual account number, nor even your name. Your private information stays private and secure.“
The lack of information relayed to the merchant was the cause of a lot of initial resistance to accepting Apple Pay — they wanted info and Apple wasn’t giving it. A consortium of large merchants even went as far as trying to set up their own electronic payment network over this issue (and wanting to avoid credit card processing fees).
posted by Quinbus Flestrin at 8:07 AM on February 9, 2022 [1 favorite]
The lack of information relayed to the merchant was the cause of a lot of initial resistance to accepting Apple Pay — they wanted info and Apple wasn’t giving it. A consortium of large merchants even went as far as trying to set up their own electronic payment network over this issue (and wanting to avoid credit card processing fees).
posted by Quinbus Flestrin at 8:07 AM on February 9, 2022 [1 favorite]
We are a merchant that takes Apple and Google and Samsung Pay and all we get is the info the terminal prints on the receipt. What the processor gets is probably more than that but a small/medium merchant sees nothing different than any other terminal payment.
posted by fiercekitten at 8:24 AM on February 9, 2022 [1 favorite]
posted by fiercekitten at 8:24 AM on February 9, 2022 [1 favorite]
i can tell you that we do NOT Get your name on the point of purchase if you use contactless payment. (we do get your name and type of card and last four if you swipe)
posted by wowenthusiast at 10:12 AM on February 9, 2022 [1 favorite]
posted by wowenthusiast at 10:12 AM on February 9, 2022 [1 favorite]
Best answer: I'd like to know what personal info (such as my name) is shared by Apple Pay with merchants when using an iPhone at a contactless terminal in a physical store.
Apple Pay utilises both the EMVCo Contactless specification and the EMVCo EMV Payment Token Specifications. You can read them online but they are pretty dry.
In short, Apple Pay passes to the merchant no more data than a contactless card would - that is PAN (the long number) and expiry date. There is not enough information given to be able to clone a card this way.
Technically Apple Pay actually passes a tokenised version of the PAN. This is a set of numbers that, for all intents and purposes, looks like a PAN but is not actually your real PAN. This is passed downstream from the terminal to the merchant’s acquirer who pass it to Visa or Mastercard who then convert it to your real PAN and then forward onto the correct card issuer for authorisation.
posted by mr_silver at 10:55 AM on February 9, 2022 [4 favorites]
Apple Pay utilises both the EMVCo Contactless specification and the EMVCo EMV Payment Token Specifications. You can read them online but they are pretty dry.
In short, Apple Pay passes to the merchant no more data than a contactless card would - that is PAN (the long number) and expiry date. There is not enough information given to be able to clone a card this way.
Technically Apple Pay actually passes a tokenised version of the PAN. This is a set of numbers that, for all intents and purposes, looks like a PAN but is not actually your real PAN. This is passed downstream from the terminal to the merchant’s acquirer who pass it to Visa or Mastercard who then convert it to your real PAN and then forward onto the correct card issuer for authorisation.
posted by mr_silver at 10:55 AM on February 9, 2022 [4 favorites]
This thread is closed to new comments.
* When you add a card to Apple Pay, card-related information, location, and information about device settings and use patterns may be sent to Apple to determine eligibility.
* Some of the above information, account-related information, and paired-device details may be shared with your card issuer or bank to determine eligibility and for anti-fraud purposes.
* When you use Apple Pay in apps and on the web, information necessary to process the payment is shared with the app or website. Your actual card number isn’t shared with the merchant.
* Apple Pay data that can no longer be tied to you may be retained for a limited period of time to generally improve Apple Pay and other Apple products and services.
posted by blob at 9:44 PM on February 8, 2022