A new report has gone in depth about how Apple Pay will work and why it is so secure. In addition to reiterating information that Apple presented in September, like the the fact that credit or debit card data is never exposed, there are also extensive details on tokens, authentication via Touch ID, and cryptograms.
From Yoni Heisler at TUAW:
But there's a whole lot more to Apple Pay than Touch ID and the simple handing off of tokens. Providing an additional layer of security, an Apple Pay-equipped iPhone at the time of each transaction also sends a dynamically generated CVV up the chain along with a cryptogram. The CVV is the three-digit string located on the back of your credit card and, in the case of Apple Pay, is a algorithmically-generated dynamic string that's tied directly to the token. The cryptogram itself "uniquely identifies the device" that created the token and, according to the EMV Payment Spec, is likely comprised of encrypted data sourced from the token, the device itself, and transaction data. Note, though, that the precise components of the Apple Pay cryptogram aren't publicly known.
Apple Pay is supposed to launch at somepoint later this month. How do you feel about the security of Apple Pay, and will you use it to make payments? Leave your thoughts with us in the comments.