Apple Introduces New Security Standards for Apple Pay on the Web

Apple has announced critical updates to the algorithms used for securing server connections in Apple Pay on the Web, which will come into effect starting February 4, 2025.

The company says it will require production servers to support at least one of six designated cryptographic ciphers to maintain uninterrupted service. Businesses and developers must take immediate steps to comply with these changes to avoid disruptions in their Apple Pay integration.

These updates will directly affect the secure connections established for Apple Pay, especially for the following functionalities:

• Apple Pay Payment Sessions: All requests for payment sessions via Apple Pay on the Web will require compliance with the updated algorithms.
• Domain Verification Renewals: Secure connections for renewing domain verifications used in Apple Pay on the Web will be impacted.
• Merchant Token Notifications: Transactions involving recurring, deferred, or automatic reloads in both web and in-app environments must adhere to the new cipher requirements.
• Wallet Orders: Any creation or updates to Wallet Orders, whether on the web or in app, must align with the revised security standards.
• Merchant Onboarding: Payment Service Providers (PSPs) and e-commerce platforms that rely on the Apple Pay Web Merchant Registration API must also transition to the supported ciphers.

To avoid disruptions, Apple Pay integrators should verify if their production servers already support one or more of the six designated ciphers, and implement any required updates to the server configurations before the February 4 deadline.

Detailed guidelines and resources are available in Apple’s developer documentation to help businesses and developers complete the transition smoothly.