What is Apple Pay?
Apple Pay is Apple's digital wallet. It stores your card credentials in the Secure Element of an iPhone, Apple Watch, iPad or Mac, then pays in shops over NFC, in apps, and on the web. Apple never sees your real card number — a Device Account Number is generated on enrolment and used for every transaction. Face ID, Touch ID or your passcode authorises each payment, which also satisfies SCA under PSD2.
Apple Pay is the digital wallet built into iPhone, Apple Watch, iPad and Mac. It launched in the US in 2014 and the UK in 2015, and it now handles most contactless mobile payments in both markets. When you add a card, the device stores a tokenised Device Account Number in its Secure Element chip — Apple itself doesn't keep your real card number, and neither does the merchant you pay. Each transaction is authorised with Face ID, Touch ID or your passcode, which counts as Strong Customer Authentication under PSD2.
Apple Pay — sometimes still called Apple's mobile wallet or digital wallet — turns the phone in your pocket into a contactless payment card. The card details never leave your device in the clear, and the merchant only ever sees a token plus a one-time cryptogram. That's why a stolen Apple Pay transaction record is useless to a thief: there's nothing reusable in it.
How Apple Pay actually works
When you add a card to Wallet, Apple sends the details to your bank. The bank — not Apple — generates a Device Account Number that's unique to your device and that specific card. That number gets written into the Secure Element, a tamper-resistant chip soldered onto the device. From that moment on, your real card number is gone from the Apple Pay flow. Every payment uses the Device Account Number plus a one-time cryptogram that's only valid for that single transaction.
In a shop, the device talks to the card terminal over NFC, the same short-range radio used by contactless cards. In apps, the merchant calls the Apple Pay API and gets back the token. On the web in Safari, the Payment Request API does the same thing — Apple Pay surfaces on a checkout page, you authenticate with the side button or Touch ID on your Mac, and the merchant receives a token they can charge through their normal payment processor.
Why merchants like it
Apple Pay sits on top of tokenisation and biometric auth, so the fraud rate is markedly lower than keyed-in CNP transactions. Issuers see that and pass the saving through — chargebacks are rarer, and disputes that do happen tend to favour the merchant because the cardholder authenticated on their own device. There's a small Apple fee on the issuer side (around 0.15% in the US, smaller or absorbed in the EU and UK), but it doesn't get passed on to merchants. You pay your normal interchange and that's it.
The other big merchant win is SCA compliance. Under PSD2, almost every online card payment in Europe needs two-factor authentication. Apple Pay handles that natively — the biometric on the device counts as inherence, the device itself counts as possession, and the bank is happy. No 3DS challenge screen, no drop-off, no abandoned cart.
What it doesn't do
Apple Pay isn't a payment processor. It doesn't move money on its own — it's a vault and an authentication layer on top of the existing card networks. The transaction still goes Visa, Mastercard or Amex, still gets authorised by the issuer, still settles through the same acquiring bank you already use. So if you're a merchant, accepting Apple Pay doesn't mean signing up with Apple. It means asking your payment gateway to enable it, which most modern gateways already support.
It also doesn't work over the phone. There's no way for an agent on a voice call to take an Apple Pay payment the way they'd key in a card number — the customer has to be in front of a screen or a card reader. For phone payments you still need card details, which is where DTMF masking comes in.
Where you'll see it
Anywhere contactless is accepted, Apple Pay works — look for the wave-shaped contactless logo or the Apple Pay logo at the till. UK adoption is now north of 75% of contactless mobile payments. Transport for London takes it on every gate and bus. Most major UK retailers, every supermarket chain, and the vast majority of online checkouts have it built in. If you're running an ecommerce site and you don't offer Apple Pay at checkout, you're losing conversions on iPhone traffic — which in the UK is roughly half your visitors.
We get asked about Apple Pay a lot, usually by merchants who'd love to bolt it onto their phone-payment flow. The honest answer: you can't. Apple Pay needs a screen the customer is looking at — an in-store terminal, an app, or a Safari checkout page. There's no agent-assisted equivalent.
What we do instead is solve the same problem a different way. When a customer phones your contact centre to pay, our DTMF masking setup lets them key their card number into the keypad without the agent or the call recording ever hearing it. The card data flows straight to a tokenisation vault, the agent stays on the line to help, and you get the same outcome Apple Pay gives you in a shop: card details that never touch your environment, and a token you can charge again later for refunds or repeat orders. If you also sell online, our merchants typically run Apple Pay at web checkout and Paytia on the phone — same security posture, two channels.
Frequently Asked Questions
Does Apple see my card number when I use Apple Pay?
No. When you add a card, your bank generates a Device Account Number that's stored in your device's Secure Element. Apple's servers never hold your real card number, and the merchant you pay only ever receives the token plus a one-time cryptogram.
Can I take Apple Pay payments over the phone?
No. Apple Pay needs the customer to authenticate on their own device, so it only works in person, in apps, or on the web. For phone payments you'd use something like our DTMF masking service, which keeps card details out of the call and the agent's environment.
Does Apple Pay satisfy SCA under PSD2?
Yes. The biometric (Face ID or Touch ID) plus the device itself counts as two-factor authentication, so Apple Pay transactions are SCA-compliant by default. That's why you don't see a 3D Secure challenge screen when you check out with Apple Pay on Safari.
Do merchants pay extra to accept Apple Pay?
Not directly. Apple charges a small fee on the issuer side (around 0.15% in the US, smaller or absorbed in Europe), but it comes out of the bank's interchange share. Merchants pay their normal card processing fees with no Apple Pay surcharge.
What happens if my iPhone is stolen?
The thief can't use Apple Pay without your biometric or passcode, and you can suspend the wallet remotely from iCloud or any other Apple device. Even better, the cards in your wallet keep working as normal — there's no need to call your bank for replacements, because the Device Account Numbers are device-specific and can be killed without affecting the underlying card.
See how Paytia handles apple pay
Book a personalised demo and we'll show you how our platform works with your setup.
Trusted by law firms, insurers, healthcare providers and regulated businesses worldwide. Learn more about Paytia