Apple_Pay_logo.svg

Life has gone so much easier and now with apple pay, paying in stores happens in one natural motion — you do not require to carry the bulky physical wallets or open an app or even wake your display thanks to the innovative Near Field Communication antenna in iPhone 6. You can now use your iPhone, Apple Watch, or iPad to pay in a simple, secure, and private way. Apple Pay is a mobile payment service that lets certain Apple mobile devices make payments at retail and online checkout. It digitizes and replaces the credit or debit magnetic stripe card transaction at credit card terminals. To pay, just hold your iPhone near the contact-less reader with your finger on Touch ID. You don’t even have to look at the screen to know your payment information was successfully sent. A subtle vibration and beep let you know.

When and where is Apple Pay available?

Apple Pay is initially only available in the US. It debuted on 20 October 2014.

Which devices currently work with Apple Pay?

Apple Pay works with iPhone 6, iPhone 6 Plus, and Apple Watch (paired with iPhone 5, iPhone 5c, iPhone 5s, iPhone 6, or iPhone 6 Plus).

Which banks and cards currently support Apple Pay?

Apple Pay supports most major credit and debit cards providers and US banks. It works with Visa, MasterCard, and American Express cards from financial institutions (like American Express, Bank of America, Capital One, Chase, Citi, and Wells Fargo). Other companies adding support soon include Barclays, USAA, Navy Federal Credit Union, PNC, and US Banks.

How does Apple Pay work?

mollywood-apple-payments-videoSixteenByNine540

Once a credit or debit card has been added to Passbook, Apple Pay is ready to be used in stores and in apps.
In a retail store, when approaching a point-of-sale system compatible with Apple Pay, the screen of the iPhone 6 or 6 Plus will light up and open Passbook automatically  when it gets in range of the terminal and initiates the payment process, where a user can tap on a credit card to be used or pay with the default card.
A payment is made by holding an iPhone 6 or 6 Plus near a checkout system that includes NFC, most of which look like standard card checkout terminals within stores. A finger registered with Touch ID must be kept on the home button for a short amount of time, after which a payment is authenticated and the transaction is completed. A completed payment is denoted by a slight vibration, a check mark on the screen, and a beep.

Unfortunately, in some stores, users may still be asked for a PIN code or to sign for a purchase, but in other retail locations, checking out with Apple Pay appears to be an easy one-step process.
At times, Apple Pay may not be much more convenient than swiping a card, but it’s important to recognize that Apple Pay is still more secure than a traditional card-based transaction. With Apple Pay, a cashier does not see a credit card number, a name, an address, or any other personally identifying information.
Stores are also not given a credit card number (as card numbers are replaced with unique Device Account Numbers) so store security breaches that leak credit card numbers will no longer affect Apple Pay users.

How do Passbook and Apple Pay work together?
iPhone

You need to use Apple’s Passbook app to setup Apple Pay or rather store your credit cards and debit cards. Apple Pay pulls this data to pay for goods.
You can add your credit card and debit card data from your iTunes account by entering the cards’ security codes. Passbook for iPhone will further let you use your iSight camera to instantly capture and then add card information. You can still enter card information manually, if you desire. Passbook also lets you store boarding passes, tickets, coupons, and more.
Keep in mind the first card you add becomes the default payment card. Use Settings within the Passbook app to pay with a different card or select a new default card.

Watch
Watch also uses Passbook.
Passbook for Apple Watch works just like the Passbook app for iPhone: it not only keeps your tickets, boarding passes, and loyalty cards in one place, it also lets you securely store and use your credit and debit cards.


But how do you even use Apple Pay?

iPhone
Apple Pay requires the Near Field Communication antenna and Touch ID on iPhone6.
To pay at checkout, just hold your iPhone near a contactless reader with your finger on Touch ID. Apple said you won’t have to look at your iPhone’s screen, because a subtle vibration and beep will confirm that you paid correctly. There’s also no need to open an app or wake your iPhone’s display.
In Pocket-lint’s hands-on, we found that your fingerprint confirms the payment, or you could enter a passcode if you haven’t setup Touch ID. Once approved, a receipt is recorded in the Passbook app so you can see what you’ve purchased.

Watch
To pay at checkout, double-click the button below the Digital Crown on Watch while also holding the face of Watch near a contactless reader. Similar to Apple Pay for iPhone, a pulse and beep will confirm that your payment information sent correctly.

Apps
Apple said iPhone apps can also integrate with Apple Pay, meaning you will be able to select Apple Pay at checkout when ordering anything from an app. You also still need to place your finger on Touch ID when paying.

Is Apple Pay secured?
Yes. Apple said it doesn’t save your transaction information or card numbers on its servers, though you’re most recent purchases are kept in the Passbook app.
Apple Pay, which has a tokenized backend infrastructure, makes card payments secure by creating a number or token that replaces your card details. More specifically, it creates a Device Account Number for each one of your cards.

According to Apple, the Device Account Number is assigned, encrypted, and securely stored in the Secure Element, a dedicated chip in iPhone and Apple Watch, and when a payment is initiated, the token is passed to the retailer or merchant. The retailer or merchant therefore never has direct access to your card details.

What if you lose your iPhone or Watch?

Losing your iPhone or Watch is stressful enough, but with Apple Pay, the chances of that happening just got a lot more frightening.
But it doesn’t have to be that way, in Apple’s opinion. The company said you can use Find My iPhone to put your device in Lost Mode. This will lock everything and prevent others from accessing your content including Apple Pay or Passbook data.
Alternatively, you can use Find My iPhone to wipe your iPhone clean completely.

COMPATIBLE DEVICES
At the current point in time, Apple Pay in stores is limited to the iPhone 6 and the iPhone 6 Plus, both of which contain near-field communication (NFC) chips that have not been incorporated into previous-generation iPhones.
Apple Pay purchases in apps can be made with the iPhone 6, the iPhone 6 Plus, the iPad Air 2, and the iPad mini 3, all of which have Touch ID.
Apple Pay will also work with Apple Watch, the company’s wrist-worn wearable device. The Apple Watch will allow owners of older iPhones, including the iPhone 5, 5c, and 5s, to use Apple Pay. Though the Watch needs to be paired with a phone, Apple Pay can be used when the phone is not present.

SECURITY
Apple has placed a heavy emphasis on security when advertising Apple Pay, to assure iPhone owners that their payment information is safe, and, in fact, safer on an iPhone than inside of a wallet. According to former credit card executive Tom Noyes, the way Apple Pay has been designed to work makes it “the most secure payments scheme on the planet.”

When a credit or debit card is scanned into Passbook for use with Apple Pay, it is assigned a unique Device Account Number, or “token,” which is stored in the phone rather than an actual card number.
The iPhone itself has a special dedicated chip called a Secure Element that contains all of a user’s payment information, and credit card numbers and data are never uploaded to iCloud or Apple’s servers. When a transaction is made, the Device Account Number is sent via NFC, along with a one time dynamic security code unique to each transaction, both of which are used to verify a successful payment. The dynamic security code is a one-time use cryptogram that replaces the credit card’s CCV and is used to ensure that a transaction is being conducted from the device containing the Device Account Number.
Dynamic security codes and Device Account Numbers (aka, tokens and cryptograms) are not unique to Apple and are built into the NFC specification that the company is adopting. In fact, much of the Apple Pay system is built on existing technology.

As described by TUAW in an in-depth report on Apple Pay’s security, the payments service is the first implementation of the EMVCo tokenization specification, a newly introduced framework designed to cover emerging payment methods. Credit card industry executives believe that tokenization is a new standard that is going to “shift fraud patterns” in the future, successfully preventing retail hacking incidents that have resulted in stolen user data. With the Apple Pay system, retailers never even encounter a user’s actual credit card number and a Device Account Number cannot be reverse engineered to obtain the credit card information.

Along with Device Account Numbers and dynamic security codes, Apple also authenticates each transaction through Touch ID. Whenever a transaction is conducted with an iPhone, a user must place a finger on Touch ID for the payment to go through. With the Apple Watch, authentication will reportedly be done through skin contact. When the watch is placed on the wrist, a user will be prompted to enter a passcode. After a passcode is entered, as long as the device continues to have contact with the skin (which is monitored through the heart rate sensors), it will be able to be used to make payments. If the watch is removed and skin contact is lost, it can no longer be used to make payments.
Both Touch ID and the skin contact authentication method in the Apple Watch will prevent someone who has stolen an iPhone or Apple Watch from making an unauthorized payment.

Because Apple utilizes Device Account Numbers, a user’s credit card number is never shared with merchants or transmitted with payments. Store clerks and employees do not see a user’s credit card at any point, and they also do not have access to personal information like name or address because an ID is not required for verification purposes.
Furthermore, if an iPhone is lost, the owner can utilize Find My iPhone to suspend all payments from the device, without needing to go through the hassle of canceling credit cards.

Banks are confident in Apple Pay’s security, and have opted to assume liability for any fraudulent purchases made both in retail stores and online using the system.

PRIVACY

In light of recent issues with iCloud, Apple has been careful to point out that it does not store or monitor the transactions that people make with Apple Pay. The company says that it does not know what people are purchasing, nor does it save transaction information.
“We are not in the business of collecting your data,” said Eddy Cue during the keynote speech introducing Apple Pay. “Apple doesn’t know what you bought, where you bought it, or how much you paid. The transaction is between you, the merchant, and the bank.”

Using Apple Pay in your App:
Below is the process that is followed when using apple pay in your app:

process

You Configure Apple Pay in Xcode and Member Center
Apps that use Apple Pay need to enable the Apple Pay capabilities in Xcode. You also register a merchant identifier and set up cryptographic keys, which are used to securely send payment data to your server.

Users Authorize a Payment Request
A payment request describes the purchase being made, including the payment amount. You pass the payment request to a payment authorization view controller, which displays the request and prompts the user for information you need, such as shipping and billing address. Your delegate is called to update the payment as the user interacts with the view controller and provides new information.

Your Server Processes Payments
Apple Pay encrypts payment information to prevent an unauthorized third party from obtaining the user’s payment information. You can handle payments entirely on your server, or your server can use a third-party payment platform to decrypt and process the payment.

Reference:
http://www.pocket-lint.com/news/130870-apple-pay-explained-what-is-it-and-how-does-it-work
http://www.macrumors.com/roundup/apple-pay/
https://developer.apple.com/library/ios/ApplePay_Guide/index.html#//apple_ref/doc/uid/TP40014764-CH1-SW1