Apple Pay & Privacy
Apple Pay is designed to protect your information and enable you to choose what you share.
Apple Pay is designed to protect your information and enable you to choose what you share.
Apple Pay allows you to make secure purchases in shops, in apps and on the web, using your debit, credit and pre-paid cards.
Adding Cards to Apple Pay
When you are adding a payment card like store, credit, debit and pre-paid cards to Apple Pay, information you provide about your card and whether certain device settings are enabled may be sent to Apple in order to determine your eligibility to enable Apple Pay. Your device may also evaluate device use patterns (for example, percentage of time device is in motion, approximate number of calls per week) to help identify fraud. The information evaluated by your device is not shared with Apple in a way that can be linked to you.
Information may also be provided by Apple to your card issuer, payment network or any providers authorised by your card issuer to enable Apple Pay, in order to determine the eligibility of your card, to set up your card with Apple Pay and to prevent fraud, including:
When you add a card to Apple Pay using a third-party app such as a banking app, the app sends an account or card identifier to your device. This information is used by Apple and your card issuer to determine the eligibility of your card, set up your card with Apple Pay and to prevent fraud. To help you set up cards you have, or have recently had, on other devices, Apple stores a card reference with your iCloud account that can be used with the card issuer or payment network to re-add the card after entering the security code. Apple Pay does not store the original credit, debit or pre-paid card number.
Paying with Apple Pay
Information Shared When You Make a Payment
When you begin a payment within an app, on the web or within Apple Messages for Business using Apple Pay, to enable tax and shipping cost calculation, your postcode or other equivalent information is provided to the app, website or merchant. After you authorise the payment, other information requested by the merchant, such as a device- or merchant-specific account number, your shipping address or email address, is also provided. The card number from your credit, debit or pre-paid card is not provided when you use Apple Pay.
To help ensure that any recurring or other merchant-initiated charges like subscriptions are authorised by you, when you choose to provide eligible Apple Pay payment methods to participating merchants for recurring or merchant-initiated charges, your issuer and/or payment network will approve and generate a merchant-specific account number to be used for such charges. Only that merchant-specific account number can be used by a participating merchant to authorise transactions without you taking a specific action. Apple will know which merchants are associated with your merchant-specific account numbers, but not what you purchased or how much you paid for it. You can manage your merchant-specific account numbers in Wallet by tapping the card and tapping the More button to view card details.
For cards with certain enhanced fraud prevention, when you attempt an online or in-app transaction, your device will evaluate information about your Apple ID, device and location if you have enabled Location Services for Wallet, in order to develop on-device fraud prevention assessments. The output of the on-device fraud prevention assessments, but not the underlying data, will be sent to Apple and combined with information Apple knows about your device and account to develop Apple Pay transaction fraud prevention assessments. These transaction fraud prevention assessments may be shared with your payment network, together with a shipping address identifier and IP address if available, in order to prevent fraud at the time of transaction. The shipping address identifier differs per payment network and may be used to confirm whether shipping addresses for different transactions using a particular card on your device are the same, in a way that does not reveal the underlying address. You can check whether a card has this enhanced fraud prevention at any time by going to the back of your payment credential in Wallet. To prevent the sharing of fraud prevention assessments with your payment network, you can select another card.
Apps and Websites Can Check Whether You Have Set Up Apple Pay
When using an app or a website that uses Apple Pay in iOS, watchOS or macOS, the app or website can check if you have Apple Pay enabled on that device. When visiting a website in Safari on an iOS device, or Mac to which a card cannot be added, the website can check if you have Apple Pay set up on an iPhone or Apple Watch using the same iCloud account. You can disable websites you visit from checking if Apple Pay is enabled by changing your settings. On iOS, go to Settings > Safari > Check for Apple Pay. On Mac, go to Safari > Settings > Privacy and deselect “Allow websites to check for Apple Pay and Apple Card”.
Safeguarding Your Payment Methods
Safeguarding Safari Payment Methods
To help safeguard your payment methods on the Apple ecosystem and take advantage of the benefits of Apple Pay privacy and security, your supported Apple Pay payment methods from Wallet will also be available in Safari AutoFill. When shopping online with Safari AutoFill, for websites, you can set up a virtual card number to hide your physical card number, if supported by your participating card network and issuer. To enable this functionality, Apple will send limited information about your payment method to your network, which will generate a virtual card number for your use when shopping online with Safari AutoFill. To manage your Apple Pay card numbers, including virtual card numbers, go to the back of your pass in Wallet and tap to see Card Information. You may also help to safeguard payment methods already in Safari AutoFill by paying with Apple Pay or a virtual card number rather than your physical card number. To manage, go to Settings > Wallet & Apple Pay and tap Use Apple Pay When Available. When enabled, limited information about your saved card in Safari AutoFill necessary to verify eligibility for Apple Pay will be sent to your payment network for verification. If your payment network indicates the card is eligible, Apple will add the payment method to Wallet and your network will generate an Apple Pay card number for enhanced online shopping protection.
Safeguarding Apple ID Payment Methods
To help you manage your payment methods on the Apple ecosystem, Apple may check whether any Apple Pay payment methods are eligible to be added as a payment method on file to your Apple ID and display those payment methods in Settings > [your name] > Payment & Shipping > Add Payment Method > Found in Wallet. When you conduct a transaction with your Apple ID, Apple may also check whether any Apple ID payment methods on file are eligible for Apple Pay. If so, to help safeguard your payment information, Apple may enable Apple Pay for that payment method. You can modify your Apple ID payment methods at any time by going to Settings > [your name] > Payment & Shipping.
Apple Transmits but Does Not Store Your Payment Information
In order to securely transmit your payment information within apps, websites and Business Chat, it is sent to Apple in encrypted form, where it is briefly decrypted and re-encrypted with a merchant-specific key, so that only the merchant, the developer or their payment processor can decrypt your payment information. When you make a payment on a Mac to which a card cannot be added, the Mac and the authorising device communicate over an encrypted channel via Apple servers. Apple does not retain any of this information in a form that personally identifies you.
Apple Pay Order Tracking
To provide you with order tracking, upon making an Apple Pay purchase, a participating merchant sends your device-limited order information for your device to use to track your order. And Apple provides the merchant with a merchant-specific device identifier and a push token the merchant can use to provide the device with order updates. Apple facilitates merchant updates, but does not store order information, nor track how many, how often or which merchants send order updates. Order tracking information is stored locally on your devices and is kept up to date across devices by syncing an encrypted copy, which cannot be accessed by Apple. You can manage your Apple Pay orders at any time by tapping to view your Orders, tapping on a specific order and tapping Manage Order. You can also manage notifications about Orders by going to Orders, tapping the More button, then tapping Mute Notifications.
When you sign out of your account, your device may still retain limited information about orders for which the device is getting updates. This information will not be visible to device users, will be retained for a short time, and used by your device only to help stop updates from being sent to the device after sign-out to prevent unauthorised access to your order information.
By adding a travel card to Wallet, information about the travel card will be associated with your iCloud account. So long as your travel card has a positive balance, the card will remain associated with your iCloud account to help ensure you can recover the balance. If you add more than one travel card to Wallet, Apple or its partners may be able to link personal and account information associated between cards — for example, personalised travel cards can be linked to non-personalised travel cards. In Japan, aggregate, non-personally identifiable information about setting up travel cards in Wallet may be shared with mobile device network providers on a periodic basis.
When you use a travel card, information like recently visited stations, transaction history and additional tickets may be accessed by a contactless card reader. This information can be accessed by any nearby contactless card reader if the card is set as your Express Travel Card (a setting that allows you to complete transactions without Touch ID, Face ID or a passcode). You can manage Express Travel on your iOS device by going to Settings > Wallet & Apple Pay, or in the Apple Watch app by tapping Wallet & Apple Pay, then tapping Express Travel Card and selecting a payment card.
Rewards and Gift Cards
Apple Pay also allows you to use eligible rewards and gift cards that are stored in Wallet to make contactless rewards and gift card transactions in selected shops. If you add a rewards or gift card to Wallet, information about your account or card (including an identifier) will be stored on your device and synced via iCloud. You can disable iCloud syncing by going to Settings > [your name] > iCloud and tapping to turn off Wallet.
After redeeming an Apple Gift Card or adding value to your Apple ID balance, your Apple account card will be added to Wallet so you can easily view your latest transactions and use your Apple account balance at Apple Stores.
Student ID Cards
If you choose to add a supported student ID card to Wallet, information about your student ID card and whether certain device settings are enabled may be provided to Apple. Information may also be provided by Apple to your school and providers authorised by your school to enable your ID card, determine eligibility, to set up your card and to prevent fraud, including:
Apple Receives and Stores Your Student ID Photo and Stores It with Your iCloud Account
When you use a student ID card, contactless card readers can access your ID card number if the card is set to operate in Express Mode (a setting that allows you to complete transactions without Touch ID, Face ID or a passcode). You can manage Express Mode on your iPhone in Settings > Wallet & Apple Pay or in the Apple Watch app by tapping Wallet & Apple Pay.
If you have Location Services turned on, the location of your device at the time you use it to make purchases in shops may be sent anonymously to Apple and will be used to help Apple Pay improve the accuracy of business names in the Wallet card transaction history, and may be retained in aggregate to improve Apple Maps, Apple Pay and Wallet. You can disable this location-based functionality of Apple Pay at any time on your iOS device by going to Settings > Privacy & Security > Location Services > System Services and tapping to turn off Apple Pay Merchant Identification. On Mac, go to System Settings > Privacy & Security > Privacy > Location Services, then deselect Wallet.
To help improve Apple Pay, Apple collects information about your use of Apple Pay and stores that information in a way that does not identify you personally. This information includes the time it takes you to successfully add a card or complete a transaction using Apple Pay. Apple may also use this information to improve other Apple products and services, for marketing, and for fraud and security purposes.
The terms of any cardholder, user, merchant agreement, or other terms and conditions applicable to the use of the features of Apple Pay will continue to govern the use of your cards and their use in connection with Apple Pay, and such terms may have additional privacy policies. In the event that Apple suspects fraud in connection with use of Apple Pay, information about the potentially fraudulent Apple account and transactions may be shared with your card issuer or payment network provider to prevent fraud.
Published Date: February 1, 2023