How Apple Pay Handles 41 Million Transactions a Day Securely 💸
#68: Break Into Apple Pay Architecture (5 Minutes)
Get the powerful template to approach system design for FREE on newsletter signup:
This post outlines how Apple Pay works. You will find references at the bottom of this page if you want to go deeper.
Share this post & I'll send you some rewards for the referrals.
Note: This post is based on my research and may differ from real-world implementation.
January 2023 - London, United Kingdom.
A student named Kenji is on a tourist visit.
Yet he spends so much time waiting in queue to buy tickets for the underground train.
So he was sad and upset.
He hears about the tap & pay service called Apple Pay from the station officer.
Although doubtful about its safety, he decides to try it.
Onward.
“Monolith to Microservices Migration — What to Expect (10 Challenges + Frameworks to Overcome Them)” Ebook by Cerbos - Sponsor
Transitioning to microservices is tough. It’s not just a technical shift, but an organizational one too.
From defining service boundaries to managing decentralized data and handling interservice communication, many things can go wrong.
This 80+ page ebook breaks down common migration challenges with examples from dev teams at Uber, Spotify & Netflix, helping you understand the obstacles before you hit them.
How Does Apple Pay Work
Here’s a simplified version of Apple Pay architecture:
Chapter 1: A Credit Card, a Wallet, and an iPhone
Kenji enters his credit card details into the Apple Wallet.
Yet Apple doesn’t store it on the iPhone or Apple servers.
Instead they send credit card details and iPhone metadata to the payment network, such as Visa or MasterCard, in encrypted form.
The iPhone metadata includes its model number and secure element ID. Imagine the secure element ID as a unique number assigned to each iPhone.
The payment network verifies the credit card details and generates a device account number (DAN). Think of DAN as a unique random number representing the credit card number, but irreversible.
Also the DAN is unique and specific to each credit card and iPhone.
The payment network sends DAN to the iPhone in encrypted form.
And the iPhone stores it inside the secure element, a highly specialized chip, so nobody can access it. Besides Apple servers don’t store DAN for security and privacy.
While the payment network keeps a copy of the DAN, credit card details, and iPhone metadata.
Let’s keep going!
Chapter 2: A Single Tap to Open the Gate
Kenji has no internet connection due to roaming.
Yet he taps his iPhone on the card reader at the train station gate.
The iPhone communicates with the card reader via near-field communication (NFC). Consider NFC as a short-range, wireless communication standard.
The card reader creates a transaction record, which contains details such as the payment amount and date.
The card reader then sends these details to the iPhone via NFC.
Yet Apple Pay must validate the transaction by checking Kenji’s involvement in it.
So they ask for his biometric information, such as a touch ID or face ID. They don’t store the biometric information on Apple servers, but only on the secure enclave in the iPhone.
Imagine the secure enclave as a separate processor inside the iPhone, isolated from the rest of the system.
The secure enclave fetches the encrypted biometric information when Kenji places his finger on the touch ID.
It confirms his identity by comparing the data with the stored biometric information.
This approach ensures biometric information never leaves the iPhone.
Ready for the best part?
Chapter 3: No Credit Card, No Cash, No Problem
The secure enclave confirms Kenji’s identity and signals the secure element.
Think of the secure element as a highly specialized chip in the iPhone. It combines DAN and transaction details to create a unique cryptogram. This is called the request cryptogram.
Imagine the cryptogram as a time-based, single-use password to prove a transaction’s legitimacy.
The iPhone sends an authorization request to the payment network. It contains the request cryptogram and transaction details. Put simply, DAN never leaves the iPhone for security.
The payment network regenerates the request cryptogram by combining the transaction details and DAN copy. A payment is valid only if the cryptogram values are equal.
Chapter 4: The Problem With Contactless Payment
Yet the train station keeps Kenji's gate closed until his payment gets confirmed.
So the payment network creates a response code, a number representing the payment status. Then combines it with the DAN and the request cryptogram to create a new cryptogram. This is called the response cryptogram.
The payment network sends a response to the card reader. It includes only the response code and response cryptogram. Put simply, it doesn’t send DAN and request cryptogram.
The iPhone regenerates the response cryptogram using the request cryptogram, DAN, and response code.
The card reader considers a payment network authentic only if cryptogram values are equal. While the response code represents the payment status.
A credit card displays sensitive information, so there’s a risk of information misuse.
But Apple Pay is safer as it doesn’t show credit card information to anyone.
Apple Pay relies on the EMV contactless payment specification as part of its security model. Think of EMV as a chip-based card payment authentication mechanism.
While Kenji visited the main tourist sights in London and happily returned home.
👋 PS - Do you want to level up at work?
I’m launching system design deep dives in a few months.
Yet it’ll be available only to paid subscribers of this newsletter.
My mission is to help you go from 0 to 1 in system design by spending less than an hour each month. Yet paid subscription fees will be higher than current pledge fees. So pledge today to get access at a low price.
“This newsletter is an amazing resource for learning system design.” Alex
Subscribe to get simplified case studies delivered straight to your inbox:
Want to advertise in this newsletter? 📰
If your company wants to reach a tech audience, you may want to advertise with me.
Thank you for supporting this newsletter. Consider sharing this post with your friends and get rewards. Y’all are the best.
References
Block diagrams created with Eraser
Great write-up and nice graphics 🤌
Just wanted to mention that if I understood your sentence correctly I think this "The iPhone sends an authorization request to the payment network." is not correct, as Apple Pay without any internet, just like the credit or debit card itself, so the iPhone itself doesn't have to communicate with the payment network, it's all done by the PoS.
“The iPhone regenerates the response cryptogram using the request cryptogram, DAN, and response code.”
At what point does the iPhone get the response code? I thought the payment network sent the response data to the card reader?