Apple Pay & Privacy

Card-related information, location, and information about device settings and use patterns may be sent to Apple and may be used together with account information to provide assessments to your card issuer or payment network to set up Apple Pay and prevent transaction fraud.
 

Apple Pay is designed to protect your information and enable you to choose what you share.

Privacy Icon

  • When you add a card to Apple Pay, card-related information, location, and information about device settings and use patterns may be sent to Apple to determine eligibility.
  • Some of the above information, account-related information and paired-device details may be shared with your card issuer or bank to determine eligibility and for anti-fraud purposes.
  • When you use Apple Pay in apps and on the web, information necessary to process the payment is shared with the app or website. Your actual card number isn’t shared with the merchant.
  • Apple Pay data that can no longer be tied to you may be retained for a limited period of time to generally improve Apple Pay and other Apple products and services.

Apple Pay allows you to make secure purchases in shops, in apps and on the web, using your debit, credit and pre-paid cards.

Adding Cards to Apple Pay

When you are adding a payment card like store, credit, debit and pre-paid cards to Apple Pay, information you provide about your card and whether certain device settings are enabled may be sent to Apple in order to determine your eligibility to enable Apple Pay. Your device may also evaluate device use patterns (for example, percentage of time device is in motion, approximate number of calls per week) to help identify fraud. The information evaluated by your device is not shared with Apple in a way that can be linked to you.

Information may also be provided by Apple to your card issuer, payment network or any providers authorised by your card issuer to enable Apple Pay, in order to determine the eligibility of your card, to set up your card with Apple Pay and to prevent fraud, including:

  • Your credit, debit or pre-paid card number
    • The name and billing address associated with your Apple ID, iTunes or App Store account
    • General information about your Apple ID, iTunes and App Store account activity (for example, whether you have a long history of transactions within iTunes)
    • Information about your device and, if using Apple Watch, the paired iOS device (for example, a device identifier, phone number, and the name and model of your device)
    • Location at the time you add your card (if you have Location Services enabled)
    • Account or device history of adding payment cards
    • Aggregated stats relating to the information from payment cards you’ve added or attempted to add to Apple Pay

When you add a card to Apple Pay using a third-party app such as a banking app, the app sends an account or card identifier to your device. This information is used by Apple and your card issuer to determine the eligibility of your card, set up your card with Apple Pay and to prevent fraud. To help you set up cards you have, or have recently had, on other devices, Apple stores a card reference with your iCloud account that can be used with the card issuer or payment network to re-add the card after entering the security code. Apple Pay does not store the original credit, debit or pre-paid card number.

Paying with Apple Pay

Information Shared When You Make a Payment
When you begin a payment within an app, on the web or within Apple Messages for Business using Apple Pay, to enable tax and shipping cost calculation, your postcode or other equivalent information is provided to the app, website or merchant. After you authorise the payment, other information requested by the merchant, such as a device- or merchant-specific account number, your shipping address or email address, is also provided. The card number from your credit, debit or pre-paid card is not provided when you use Apple Pay.

To help ensure that any recurring or other merchant-initiated charges like subscriptions are authorised by you, when you choose to provide eligible Apple Pay payment methods to participating merchants for recurring or merchant-initiated charges, your issuer and/or payment network will approve and generate a merchant-specific account number to be used for such charges. Only that merchant-specific account number can be used by a participating merchant to authorise transactions without you taking a specific action. Apple will know which merchants are associated with your merchant-specific account numbers, but not what you purchased or how much you paid for it. You can manage your merchant-specific account numbers in Wallet by tapping the card and tapping the More button to view card details.

For cards with certain enhanced fraud prevention, when you attempt an online or in-app transaction, your device will evaluate information about your Apple ID, device and location if you have enabled Location Services for Wallet, in order to develop on-device fraud prevention assessments. The output of the on-device fraud prevention assessments, but not the underlying data, will be sent to Apple and combined with information Apple knows about your device and account to develop Apple Pay transaction fraud prevention assessments. These transaction fraud prevention assessments may be shared with your payment network, together with a shipping address identifier and IP address if available, in order to prevent fraud at the time of transaction. The shipping address identifier differs per payment network and may be used to confirm whether shipping addresses for different transactions using a particular card on your device are the same, in a way that does not reveal the underlying address. You can check whether a card has this enhanced fraud prevention at any time by going to the back of your payment credential in Wallet. To prevent the sharing of fraud prevention assessments with your payment network, you can select another card.

Apps and Websites Can Check Whether You Have Set Up Apple Pay
When using an app or a website that uses Apple Pay in iOS, watchOS or macOS, the app or website can check if you have Apple Pay enabled on that device. When visiting a website in Safari on an iOS device, or Mac to which a card cannot be added, the website can check if you have Apple Pay set up on an iPhone or Apple Watch using the same iCloud account. You can disable websites you visit from checking if Apple Pay is enabled by changing your settings. On iOS, go to Settings > Safari > Check for Apple Pay. On Mac, go to Safari > Settings > Privacy and deselect “Allow websites to check for Apple Pay and Apple Card”.

Safeguarding Your Payment Methods

Safeguarding Safari Payment Methods
To help safeguard your payment methods on the Apple ecosystem and take advantage of the benefits of Apple Pay privacy and security, your supported Apple Pay payment methods from Wallet will also be available in Safari AutoFill. When shopping online with Safari AutoFill, for websites, you can set up a virtual card number to hide your physical card number, if supported by your participating card network and issuer. To enable this functionality, Apple will send limited information about your payment method to your network, which will generate a virtual card number for your use when shopping online with Safari AutoFill. To manage your Apple Pay card numbers, including virtual card numbers, go to the back of your pass in Wallet and tap to see Card Information. You may also help to safeguard payment methods already in Safari AutoFill by paying with Apple Pay or a virtual card number rather than your physical card number. To manage, go to Settings > Wallet & Apple Pay and tap Use Apple Pay When Available. When enabled, limited information about your saved card in Safari AutoFill necessary to verify eligibility for Apple Pay will be sent to your payment network for verification. If your payment network indicates the card is eligible, Apple will add the payment method to Wallet and your network will generate an Apple Pay card number for enhanced online shopping protection.

Safeguarding Apple ID Payment Methods
To help you manage your payment methods on the Apple ecosystem, Apple may check whether any Apple Pay payment methods are eligible to be added as a payment method on file to your Apple ID and display those payment methods in Settings > [your name] > Payment & Shipping > Add Payment Method > Found in Wallet. When you conduct a transaction with your Apple ID, Apple may also check whether any Apple ID payment methods on file are eligible for Apple Pay. If so, to help safeguard your payment information, Apple may enable Apple Pay for that payment method. You can modify your Apple ID payment methods at any time by going to Settings > [your name] > Payment & Shipping.

Apple Transmits but Does Not Store Your Payment Information

In order to securely transmit your payment information within apps, websites and Business Chat, it is sent to Apple in encrypted form, where it is briefly decrypted and re-encrypted with a merchant-specific key, so that only the merchant, the developer or their payment processor can decrypt your payment information. When you make a payment on a Mac to which a card cannot be added, the Mac and the authorising device communicate over an encrypted channel via Apple servers. Apple does not retain any of this information in a form that personally identifies you.

Apple Pay Order Tracking

To provide you with order tracking, upon making an Apple Pay purchase, a participating merchant sends your device-limited order information for your device to use to track your order. And Apple provides the merchant with a merchant-specific device identifier and a push token the merchant can use to provide the device with order updates. Apple facilitates merchant updates, but does not store order information, nor track how many, how often or which merchants send order updates. Order tracking information is stored locally on your devices and is kept up to date across devices by syncing an encrypted copy, which cannot be accessed by Apple. You can manage your Apple Pay orders at any time by tapping to view your Orders, tapping on a specific order and tapping Manage Order. You can also manage notifications about Orders by going to Orders, tapping the More button, then tapping Mute Notifications.

When you sign out of your account, your device may still retain limited information about orders for which the device is getting updates. This information will not be visible to device users, will be retained for a short time, and used by your device only to help stop updates from being sent to the device after sign-out to prevent unauthorised access to your order information.

Travel Cards

By adding a travel card to Wallet, information about the travel card will be associated with your iCloud account. So long as your travel card has a positive balance, the card will remain associated with your iCloud account to help ensure you can recover the balance. If you add more than one travel card to Wallet, Apple or its partners may be able to link personal and account information associated between cards — for example, personalised travel cards can be linked to non-personalised travel cards. In Japan, aggregate, non-personally identifiable information about setting up travel cards in Wallet may be shared with mobile device network providers on a periodic basis.

When you use a travel card, information like recently visited stations, transaction history and additional tickets may be accessed by a contactless card reader. This information can be accessed by any nearby contactless card reader if the card is set as your Express Travel Card (a setting that allows you to complete transactions without Touch ID, Face ID or a passcode). You can manage Express Travel on your iOS device by going to Settings > Wallet & Apple Pay, or in Apple Watch app by tapping Wallet & Apple Pay, then tapping Express Travel Card and selecting a payment card.

Rewards and Gift Cards

Apple Pay also allows you to use eligible rewards and gift cards that are stored in Wallet to make contactless rewards and gift card transactions in selected shops. If you add a rewards or gift card to Wallet, information about your account or card (including an identifier) will be stored on your device and synced via iCloud. You can disable iCloud syncing by going to Settings > [your name] > iCloud and tapping to turn off Wallet.

After redeeming an Apple Gift Card or adding value to your Apple ID balance, your Apple account card will be added to Wallet so you can easily view your latest transactions and use your Apple account balance at Apple Stores.

When you use Apple Pay in shops, the payment terminal may request the rewards or gift card identifier from its associated rewards or gift card on your device as part of the transaction. You can disable this functionality by selecting the card in Wallet and disabling Automatic Selection in the card details. In selected shops, if the payment terminal does not receive a rewards card identifier from your device, when you pay using Apple Pay, it may trigger a notification asking if you would like to add your rewards card to Apple Pay or sign up for the merchant’s rewards programme if you are not a member. In the case of rewards sign-up, the merchant may request that you provide information to them such as your name, postcode, email address and phone number. While Apple will receive notice when you personalise a merchant’s rewards card, the information you share will be sent directly from your device to the merchant and treated in accordance with the merchant’s privacy policy.

Student ID Cards

If you choose to add a supported student ID card to Wallet, information about your student ID card and whether certain device settings are enabled may be provided to Apple. Information may also be provided by Apple to your school and providers authorised by your school to enable your ID card, determine eligibility, to set up your card and to prevent fraud, including:

  • Your student ID card number
    • The name and billing address associated with your Apple ID, iTunes or App Store account
    • Information about your device and, if using Apple Watch, the paired iOS device (for example, device identifier and model of your device)

Apple Receives and Stores Your Student ID Photo and Stores It with Your iCloud Account

When you use a student ID card, contactless card readers can access your ID card number if the card is set to operate in Express Mode (a setting that allows you to complete transactions without Touch ID, Face ID or a passcode). You can manage Express Mode on your iPhone in Settings > Wallet & Apple Pay or in the Apple Watch app by tapping Wallet & Apple Pay.

Other Information

If you have Location Services turned on, the location of your device at the time you use it to make purchases in shops may be sent anonymously to Apple and will be used to help Apple Pay improve the accuracy of business names in the Wallet card transaction history, and may be retained in aggregate to improve Apple Maps, Apple Pay and Wallet. You can disable this location-based functionality of Apple Pay at any time on your iOS device by going to Settings > Privacy & Security > Location Services > System Services and tapping to turn off Apple Pay Merchant Identification. On Mac, go to System Settings > Privacy & Security > Privacy, click Location Services, click the lock to make changes and enter your password, then deselect Wallet.

Apple Pay data that has been disassociated from you may be retained for a limited period of time to generally improve Apple Pay and other Apple products and services.

The terms of any cardholder, user, merchant agreement, or other terms and conditions applicable to the use of the features of Apple Pay will continue to govern the use of your cards and their use in connection with Apple Pay, and such terms may have additional privacy policies. In the event that Apple suspects fraud in connection with use of Apple Pay, information about the potentially fraudulent Apple account and transactions may be shared with your card issuer or payment network provider to prevent fraud.

At all times, information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at apple.com/uk/privacy

Published Date: September 12, 2022