Have you ever wondered how Apple Pay and Google Pay handle your sensitive card info? Well, you probably should have, as this is very private and sensitive info we’re talking about, but don’t beat yourself up if you haven’t, the vast majority of people haven’t, as they trust both companies. Now, if you haven’t really thought about it, and you’re interested, we’re here to help out, thanks to Alex Xu. He is the founder of ByteByteGo, and has shared a series of rather interesting tweets. In them, he basically explains the differences between Apple Pay and Google Pay, when it comes to handling sensitive card info.
Both approaches are actually very safe, but the two payment solutions do work differently. The source actually shared an image, in which he goes into more detail. The image you can see below, shows two separate diagrams. The first (left) one shows Apple’s way of handling things, and the second (right) shows how Google handles your sensitive card data. We realize this diagram on its own can be a bit confusing, so let’s talk more about the two processes.
Apple Pay vs Google Pay – The Diagram
They do handle your info differently
The first step in both cases is to enter your credit card info, and pass it on to the two companies.
Apple doesn’t store your credit card info, it passes it to the bank. Following that, the bank returns a token called DAN (Device Account Number). That number is then stored on your iPhone, into a special hardware chip.
Google does this step a bit differently. The company doesn’t really pass your info to the bank straight away. It stores the info in the Google server, and returns a payment token to the phone.
The next step is the actual payment. Once again, the handling of the process is different between the two companies. In the case of Apple Pay, the e-commerce server passes the DAN to the bank.
Google Pay, on the other hand, passes the payment token to the Google server. Then, Google’s server looks up the card info, and passes it to the bank.
Both approaches are “very secure”
That’s basically the flow. There are some things you should note, though. If you take a look at the diagram provided above, you’ll notice some red arrows in there. That highlights when the credit card info is available on the public network, even though it’s encrypted.
You will notice that there is only one step when that happens with Apple Pay, and two steps with Google Pay. Apple does need to discuss the DAN details with banks when you enter your card info, which takes time and effort, while Google does not. That does enable Apple Pay to make your info pass through the public network only once, though.
Once again, both of these approaches are safe, and when your info ends up passing through a public network, it is encrypted. That is not really something you should worry about, but it’s interesting to see the differences here.