In a revised edition of its mobile security white paper, Apple has added a new section dedicated to Apple Pay Cash, the company’s recently released peer-to-peer payments method that works inside of Messages. Apple says that the new Apple Pay Cash feature, which debuted in the U.S. last month with iOS 11.2, allows transactions to be processed in a fashion not unlike standard Apple Pay (via AppleInsider).
Here’s what Apple notes in the updated document:
“When the user sends money with Apple Pay, adds money to an Apple Pay Cash account, or transfers money to a bank account, a call is made to the Apple Pay Servers to obtain a cryptographic nonce, which is similar to the value returned for Apple Pay within apps. The nonce, along with other transaction data, is passed to the Secure Element to generate a payment signature. When the payment signature comes out of the Secure Element, its passed to the Apple Pay Servers. The authentication, integrity, and correctness of the transaction is verified via the payment signature and the nonce by Apple Pay Servers. Money transfer is then initiated and the user is notified of transaction completion.”
According to Apple, the identity confirmation data, which is requested if an Apple Pay Cash balance reaches a predefined amount or if unusual activity is detected, is transmitted to the company’s verification partner. Apple itself does not receive and cannot access that data, while the partner has not been named either.
In addition to Apply Pay Cash, the updated iOS security guide also includes updates to security certifications, shared notes, CloudKit end-to-end encryption, standard Apple Pay, Shared iPad in educational environments, and Siri Suggestions