How does Google Pay and Apple Pay handle?
The diagram shows the differences. Both methods are very secure, but the implementations are different. To understand better, we may break down the process into two flows.
We can understand the process better by dividing the two handlers into two flows to know the differences.
- Registering your credit card to the flow
- The normal payment flow
For both methods, steps 1–3 reflect the registration flow. The difference is:
- Apple Pay: No card information is saved by Apple.
- It sends the bank the card information.
- The iPhone receives a token from the bank called a DAN (device account number).
- Then, DAN is kept on the iPhone in a unique hardware chip.
- When you register the CC with G-Pay, the card information is stored in the Google server.
- Google returns a payment token to the phone.
- Upon clicking “Pay” button on your phone, the basic payment flow starts. Here is the difference:
- Apple Pay: The e-commerce server sends the DAN to the bank when using an iPhone.
- Google Pay: When using G-Pay, the online store’s server passes the Token for making payments to the Google server.
- The payment card is checked on the Google server and delivers it to the bank.
- The red arrow in the diagram indicates that, although being encrypted, the CC information is accessible on the public network.
Conclusion – Apple needs to discuss the DAN details with banks. It takes time and effort, but the benefit is that the credit card info is on the public network only once. If you are an architect and have to choose between security and cost, which solution do you prefer?
Credit – surya-kulshreshtha