Methods

Apple Pay

Offer Apple Pay to your customers for streamlined mobile transactions. Cardflo integrates directly with Apple Pay, enabling secure, one-touch payments across your platforms.

This integration helps reduce friction at checkout, improving conversion rates by simplifying the payment process for a significant user base.

Category
Methods
Capabilities
10
Available on
All plans
Apply now

The overview

Apple Pay functions as a digital wallet that utilises near-field communication (NFC) for proximity payments and the Payment Request API for web and in-app transactions.

Within the payments stack, it acts as a container for tokenised card credentials, where the actual primary account number (PAN) is replaced by a Device Account Number (DAN).

By facilitating Strong Customer Authentication (SCA) through biometric verification such as Face ID or Touch ID, Apple Pay satisfies PSD2 requirements without necessitating additional redirects to 3D Secure pages.

The mechanism relies on a secure element within the hardware to store encrypted payment data, which is only released to the acquirer upon successful user authorisation.

For merchants, this reduces the technical burden of handling sensitive plainsight card data, as the system provides a one-time security code for each transaction, effectively minimising the risk of certain types of card-not-present fraud whilst maintaining high authorisation rates across the Visa, Mastercard,

and American Express networks.

How it works

  1. Merchant Identity Validation

    The merchant registers a domain and validates it with the scheme through the payment service provider.

    This process involves hosting a specific verification file and using a Merchant Identity Certificate to establish a secure handshake between the server and the Apple Pay servers, ensuring the request originates from a recognised entity.

  2. Tokenised Data Transmission

    When a customer initiates a payment, the device generates a dynamic security code and a network token. This token replaces the actual card number.

    The encrypted payload is sent to the payment gateway, which then forwards the specialised cryptogram to the acquirer for processing via the relevant card schemes.

  3. Biometric SCA Verification

    The user confirms the transaction using Touch ID, Face ID, or a device passcode. This action performs the required two-factor authentication under SCA regulations.

    Because the authentication is bound to the physical device and the biometric signature, it confirms both possession and inherence, reducing the probability of unauthorised use.

  4. Authorisation and Settlement

    The issuer receives the cryptogram and verifies the token against the original account. Once the authorisation is granted, the transaction proceeds through the standard settlement cycle.

    The merchant receives funds in their configured currency, with the transaction marked as an Apple Pay method within the settlement reports.

Why it matters

Reduced PCI DSS Scope

By utilising tokenisation and the secure element, merchants do not handle or store actual credit or debit card numbers. This architecture shifts a significant portion of the security responsibility away from the merchant infrastructure.

Consequently, the merchant may qualify for a simplified PCI DSS Self-Assessment Questionnaire, such as SAQ A-EP or SAQ A, reducing the administrative and technical burden of annual compliance audits.

Mandatory SCA Compliance

Under PSD2 regulations in the European Economic Area and the United Kingdom, most electronic payments require Strong Customer Authentication. Traditional 3DS challenges can cause user drop-off during the redirect phase.

Apple Pay satisfies SCA requirements at the hardware level, allowing for a frictionless checkout experience that meets legal mandates without the need for additional passwords or SMS codes.

Enhanced Authorisation Rates

Industry data suggests that transactions authenticated via biometric wallets often see higher authorisation rates compared to traditional card-entry methods. Issuers generally view these transactions as lower risk because the multi-factor authentication is built into the flow.

This can lead to a decrease in false declines, particularly for high-value or cross-border transactions where traditional fraud filters might be more restrictive.

Use cases

Mobile E-commerce Platforms

Retailers with a high volume of mobile traffic use this to allow customers to bypass lengthy shipping and billing address forms, as the wallet provides this information directly to the merchant.

Subscription Billing Services

Businesses specialising in recurring models use Merchant Initiated Transactions (MIT) linked to Apple Pay tokens to ensure continuous service without requiring the customer to be present for every billing cycle.

In-App Digital Goods

Developers selling digital content or services within iOS applications implement this to provide a native checkout flow that matches the system interface, leading to higher completion rates for micro-transactions.

Omnichannel Hospitality

Restaurants and hotels integrate this method into their booking engines or self-service kiosks, permitting guests to authorise payments for stays or meals using their personal devices securely.

By the numbers

<2s
Average Checkout Time Reduction

Typical implementations show that biometric wallet checkouts can be completed significantly faster than manual card entry, though actual times vary by network latency.

20-25%
Conversion Rate Improvement

Merchants often observe an uplift in mobile conversion when introducing wallet-based checkouts due to the removal of form-filling friction, based on standard industry benchmarks.

95%+
Authorisation Rate Support

Standard industry ranges suggest that authenticated wallet transactions often maintain very high approval rates, as they are pre-verified by the issuer's biometric protocols.

Ready to route with Apple Pay?

Talk to our team about a live rollout on your acquiring stack.

Apply now

What you get with Apple Pay

  • Native integration for Safari browsers on iOS, iPadOS, and macOS devices for web checkouts.
  • Hardware-level biometric authentication satisfying European SCA mandates under current PSD2 and future PSD3 frameworks.
  • Support for Merchant Initiated Transactions to facilitate recurring billing and subscription-based business models.
  • Direct integration via Payment Request API to capture billing and shipping details during authorisation.
  • Tokenisation of sensitive card data using Device Account Numbers to minimise merchant data liability.
  • Support for Apple Pay on the Web using Javascript SDK for cross-device payment consistency.
  • Detailed reporting of Apple Pay specific metadata within the merchant dashboard for reconciliation.
  • Compatibility with major card schemes including Visa, Mastercard, and American Express for global reach.
  • Automatic updates for expired cards through network token synchronisation with participating banking institutions.
  • Simplified refund and dispute management using the original transaction reference or ARN provided.
See Apple Pay on your acquiring stack.

A short scoping call, then a written plan for your MIDs.

Apply now

Questions about Apple Pay

How does Apple Pay impact the merchant's PCI DSS compliance requirements?

Apple Pay significantly reduces the merchant's PCI DSS scope. Since the merchant never receives the actual primary account number (PAN) but instead receives a one-time token and a cryptogram, they do not store, process, or transmit sensitive cardholder data.

Most merchants using this method for their entire checkout flow can move to the most basic levels of PCI self-assessment, provided they do not store other sensitive data. This reduces the security controls they must implement and verify annually.

Are there additional fees for processing transactions through Apple Pay compared to standard cards?

Apple does not charge merchants or payment service providers a fee for using the service. The transaction is typically processed at the standard interchange-plus or blended rate applicable to the underlying card type (e.

g. , credit vs debit).

However, merchants should verify with their acquirer if there are specific gateway fees for processing mobile wallet transactions. The primary cost components remain the interchange fee, scheme fees, and the acquirer margin.

How is Strong Customer Authentication handled for Apple Pay in the UK and EEA?

Apple Pay is considered inherently SCA-compliant. The two factors required (possession of the device and inherence via biometrics) are verified at the time of the transaction.

Unlike traditional 3D Secure 2. 0 flows which may pop up a challenge window from the issuer, the Apple Pay flow completes the authentication on the device itself.

This usually results in a 'frictionless' flag being sent to the issuer, which satisfies the legal requirements of PSD2 and the RTS.

Can Apple Pay be used for recurring payments or automated dunning processes?

Yes, Apple Pay supports recurring payments through the use of merchant-linked tokens. During the initial Customer Initiated Transaction (CIT), the user authorises the merchant to perform subsequent Merchant Initiated Transactions (MIT).

The gateway stores the token, and the merchant can then trigger future payments for subscriptions or variable billing without the user being present, provided the initial mandate was correctly established and authorised.

What happens if a customer requests a refund for an Apple Pay transaction?

The refund process for Apple Pay is identical to a standard card refund. The merchant uses the unique transaction ID or Acquirer Reference Number (ARN) to initiate the refund via their PSP or gateway.

The funds are returned to the account associated with the Device Account Number used for the original purchase. Because it is a tokenised transaction, the merchant does not need to see the customer's actual card number to process the return.

Does Apple Pay work for cross-border transactions and multiple currencies?

Apple Pay supports cross-border transactions as long as the underlying card network (Visa, Mastercard, etc.) and the merchant's acquirer support the relevant currency.

The currency conversion is handled either by the issuing bank at the time of the transaction or by the acquirer if the merchant is settled in a different currency.

The user will typically see the estimated amount in their home currency within the Apple Pay interface before they confirm the payment.

Get started

Ready for velocity?

Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.

Apply now
Apply now