Analyzing the Security Protocols of Apple Pay and Google Pay

Verified

Added on 2023/06/12

AI Summary

This report provides a detailed security analysis of Apple Pay and Google Pay, examining their functionalities, encryption methods, and authentication protocols. It begins with an introduction to mobile payments and then delves into the specifics of each platform. For Apple Pay, the report discusses its secure transaction services, authentication methods using Touch ID, Face ID, and passcodes, and its privacy measures, including the use of device-specific numbers and unique transaction codes. The Apple Pay protocol is outlined, detailing how transactions are processed through NFC and tokenization. Similarly, for Google Pay, the report explores its integration with Google Chrome, its use of NFC technology, and its security safeguards, including encryption and user authentication options like fingerprint verification and PIN codes. The Google Pay protocol is also described, highlighting the roles of the acquirer, payment system, and Token Service Provider. The report concludes with a comparison of the two payment methods, noting their similarities in app-based access, compatibility with card readers, and retention of loyalty card benefits, as well as their differences in required hardware and authentication processes. The report also touches on potential threats and vulnerabilities, such as social engineering, phishing, and malware installation, emphasizing the importance of robust security measures in mobile payment systems.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running header: MOBILE PAYMENTS 1
Mobile Payments
Students’ Name
Institution
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

MOBILE PAYMENTS 2
Introduction
Mobile payment which is also known as mobile wallet, mobile money transfer, as well as
mobile money, usually refer to transactions done under financial regulations and done via or
from a mobile gadget (Rackley III, Porter, Rickman, and Cochran, Qualcomm Inc, 2013). There
are several mobile money services that are currently available in existence, and the variances
among them might get murky and confusing. Mobile payment services are growing every year
and they are truly our future. This paper will look at Apple pay and Google pay, look at how
each of them works and the persons who are legible to use them.
Apple Pay
Apple Pay provides secure, confidential, and easy electronic transaction services using
iPad, iPhone, Mac, and Apple Watch. Other than Apple gadgets, what is required in addition is
the recent version of Apple's Wallet app, MacOS or watchOS, iOs, as well as Apple ID engaged
to iCloud. When one receives cash, it is directed to his/her Apple Pay money card that is found
within the Wallet application (https://www.business.com). It is easy to start using money
immediately after reception to purchase anything through Apple Pay in apps, in stores, as well as
through online. Apple Pay money balance can as well be to the owner’s bank account (Chin,
2015). After purchasing anything using Apple Pay, receipts are stored in Wallet apps, however
the transaction details are not kept elsewhere. Each transaction made through Mac, iPhone, and
iPad requires authentication through passwords, Face IDs, or Touch IDs. Unique passcode is
used to protect the Apple Watch.
Authentication

MOBILE PAYMENTS 3
User Authentication: The user is required to authenticate on the gadget to make a
transaction (Chin, 2015). Authentication is done through the TouchID (fingerprint identification
sensor) or through PIN number keying in a watch (AppleWatch).
Device Authentication: All Apple Pay transactions produce unique value, which make
sure that the transactions are done through authorized devices (Chin, 2015). The unique identifier
together with the cryptogram as well as the token applied to approve the transaction make sure
that even when tokens are stolen it cannot be applied from a different gadget since the token
should originate from the gadget it was authorized to.
Encryption
When a transit, prepaid, credit, or debit card is added to the Apple Pay, data that entered
on the gadget is encrypted as well as sent to the Apple servers.
Safety and privacy of apple pay.
When one make transaction, Apple Pay use device-specific numbers as well as unique
transaction codes. Hence the card code is not stored on the Apple servers or on the gadget, and
when payment is done, the card number is never shared with merchants by Apple. Keep
customers transactions private. When payments are done with credit or debit cards, Apple Pay do
not retain transaction details that might be held back to the customer (Abulafia, and Cohen,
Jumio Inc, 2016). After transacting through Apple Pay Cash, transaction details is kept only for
regulatory purposes, fraud prevention, as well as troubleshooting. Debit and credit cards as well
as Apple Pay Cash are within the Wallet application together with rewards cards, tickets, and

MOBILE PAYMENTS 4
boarding passes. Apple Pay functions with most debit and credit cards from almost all banks in
America. All it needed is to add a participating card to the Wallet and continue to receive all the
benefits and rewards of the cards.
For online transactions, merchants only get information that the client approve to share
for fulfilling his/her order including; shipping and billing addresses, customer’s name, and email
address (Randazza, and Portal, National Payment Card Association, 2013). Applications using
Apple Pay should have privacy policies that can be viewed, which keeps customer to be the
controller of his/her data.
Apple pay Protocol
1. The device is placed near the NFC paying terminal by the user. When card is selected its
DAN number (token number) is added into the Secure Element (SE).
2. Information is sent to the bank which is the acquirer.
3. DAN number is received by the acquirer, however not informed if it is a token or valid
PAN.
4. The payment system will sense it is a DAN and not real PAN, then the number will be
forwarded to the Token Service Provider (TSP) sending the real PAN to issuers.
5. The issuer will authorise or deny the transaction is authorized or denied by the issuer and
notification will be sent to the acquirer, and then back to the merchant
Google pay

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

MOBILE PAYMENTS 5
Google Pay integrates Google Chrome's auto-fill feature. When using Google Pay app, it
is easy for the user to utilize the payment details saved to the Google Account hence it is possible
to speed thru checkout. Customers are able to add most gift, credit, and debit cards into the
application (https://developers.google.com). All loyalty cards can be stored to help customers in
maintaining reward points.
Google Pay employs NFC (Near Field Communication) technology, which allow
customers to transmit the credit card details between the card reader and the customer’s mobile
phone (Fisher, Blaze Mobile Inc, 2013). When the merchants accept Google Pay in their
business and have matching card readers, customers simply hold their mobile phones near the
card readers while their phones are open.
Google Pay app is the simple, fast, method to transact with Google web, and in stores. It
is easy to start, a card is only added once from a bank that is participating. Online transaction is
as fast as just a click. Each non-rooted Android gadget can access Google Pay. It is not a must
that customers remember all their card information or fill endless documents on their phone. As
an alternative, it transact with a number of clicks and use more time checking in, and less time
checking out(Fisher, Blaze Mobile Inc, 2013). Missing out in terms reward chances is the
contrary to the fun that is the reason why customer still receive all the similar protections and
perks of his/her physical card when using Google Pay.
Encrypted and secured by Google.
Like each and every Google product, Google Pay app have got strong security safeguards
at its center to automatically and continuously safeguard customers’ accounts as well as personal
information from safety threats. When a customers pay in stores, encrypted numbers are shared

MOBILE PAYMENTS 6
in place of customer’s real card information with the trader. It also means that, it’s got customers
back so his/her real card information remain secure (Confidential). Instead of utilizing real
credit card numbers as well as other personal details, Google Pay is expected to utilize a
simulated account number that will make sure customers’ personal details are safe on their phone
(Laracey, Paydiant Inc, 2013). If a customer lose his/her phone or it is stolen, he can lock his
phone easily, construct a fresh password or fully wipe all transaction details until he recover the
phone.
Encryption
Google Wallet safeguards payment identifications by keeping user information on safe
servers as well as encrypting all transaction details with company-standard secure socket layer
(SSL technology).
User Authentication
Google Pay has several options of authenticating users before payments. Google Pay
takes fingerprint verification (not supported by default), pattern, PIN code, or password to
authenticate transactions.
Device Authentication
Transaction tokens are added on the gadget in advance, prior to the transaction. Tokens are
occasionally recovered from Google server if connectivity is accessible.
Data Protection
Since HCE presumes that every information kept on a gadget is susceptible (like if the
device is compromised by malware or stolen) it keeps the card crucial information on databases

MOBILE PAYMENTS 7
held in a safe cloud environment. Preventing unauthorized accessibility to HCE is influenced by
the following four safety pillars: tokenization, limited use of security keys, gadget fingerprinting,
as well as transaction risk study.
Threats as well as Vulnerabilities
Mobile Payment Apps Users Threats
Social engineering and phishing
Through mobile phones personal as well as corporate usage are mixed. More information is
gathered by Mobiles phones from customers, which could assist to execute sophisticated attacks.
The attacks target users through phishing emails as well as social engineering via different
communication networks (like email, phone, SMS) and information concerning the user present
within the public territory (like search engines and social media).
Installation of malware on the gadget
Installation of rootkits11/malware can be enabled by drive, through downloading attacks
leveraging like WebKit to roots level accessing, or through side-load of malware along semi
legitimate or legitimate applications taken from some stores.
Google pay protocol
1. The device is placed near to the NFC POS
2. Information is sent to the bank which is the acquirer.
3. The acquirer obtains the cryptogram as well as the token and transfer to the right issuer
through the payment system that acts like a bridge between the issuer and the acquirer.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

MOBILE PAYMENTS 8
4. The real PAN will be requested by payment network from the Token Service Provider
(TSP) and transfer it to the issuer for to the issuer for authorization.
5. The issuer should deny or authorize the payment and then send the details to acquirer,
then back to the merchant. Which will in turn send it back to the merchant.
Similarities between google pay and apple pay
 In both methods of payment, customers simply need to download apps on their
smartphone.
 Apple Pay and Google Pay are becoming progressively popular and they are compatible
with several trader card readers, banks and credit cards.
 In both cases customers can also keep all of their loyalty cards, helping them to retain
reward points
Differences
 In case of Apple Pay, the recent version of Apple's Wallet app, MacOS or watchOS, iOs,
as well as Apple ID engaged to iCloud is all that is needed. Google Pay employs NFC
(near field communication technology).
 When the merchants accept Google Pay in their business and have matching card readers,
customers simply hold their mobile phones near the card readers while their phones are
open. In case of Apple pay all transactions are made on the Mac, iPhone, or iPad requires
authentication using Touch ID, Face ID, or the passcode (Laracey, Paydiant Inc, 2013).

MOBILE PAYMENTS 9
Bibliography
https://developers.google.com/android/reference/com/google/ android/gms/wallet/PaymentsClient
https://www.business.com/articles/google-pay-vs-apple-pay-vs-samsung-pay/
Laracey, K., Paydiant Inc, 2013. Mobile phone payment processing methods and systems. U.S.
Patent 8,380,177.
Fisher, M., Blaze Mobile Inc, 2013. Conducting an online payment transaction using an NFC
enabled mobile communication device. U.S. Patent 8,352,323.
Randazza, J.R. and Portal, D., National Payment Card Association, 2013. Payment system and
methods. U.S. Patent 8,490,865.
Abulafia, D. and Cohen, E., Jumio Inc, 2016. Mobile phone payment system using integrated
camera credit card reader. U.S. Patent 9,269,010.
Chin, D.H., 2015. Gesture based authentication for wireless payment by a mobile electronic
device. U.S. Patent 9,082,117.
Rackley III, B.L., Porter, W.D., Rickman, G.M. and Cochran, K.L., Qualcomm Inc,
2013. Methods and systems for managing payment sources in a mobile environment. U.S. Patent
8,467,766.