Amandeep Singh Narang's Blog

Mobile Payment Showdown: Apple Pay vs. Google Pay – System Design Unveiled

Mobile Payment Showdown: Apple Pay vs. Google Pay – System Design Unveiled

Amandeep Singh Narang's photo
Amandeep Singh Narang
·

12 min read

Table of contents

Introduction

"Welcome to the electrifying world of mobile payments, where two giants, Apple Pay and Google Pay, go head-to-head in a high-tech showdown! In this blog, we'll unveil the intricate details of their system designs, bringing you behind the scenes of the magic that powers these seamless transactions. Get ready for a thrilling exploration of secure elements, biometric marvels, and the NFC wizardry that makes your mobile wallet experience extraordinary. It's time to unravel the mysteries and decide which tech titan will reign supreme in the world of digital payments!"

Apple Pay and Google Pay as mobile payment systems.

Embark on a journey into the future of transactions with two titans in the digital payment arena: Apple Pay and Google Pay. These revolutionary mobile payment systems are not just apps; they're gateways to a new era of effortless and secure transactions.

Apple Pay: Picture a world where your iPhone, Apple Watch, or iPad becomes your digital wallet. Apple Pay transforms your device into a secure vault, thanks to its ingenious use of the Secure Element. Say goodbye to clunky wallets – with biometric marvels like Touch ID and Face ID, your transactions become as smooth as a touch or glance.

Google Pay: On the Android side, Google Pay emerges as the tech-savvy companion for your smartphone. Host Card Emulation (HCE) is its secret weapon, turning your device into a digital card ready for action. Unlock the possibilities with fingerprint recognition and facial authentication, making every payment a futuristic experience.

Working: How they actually revolutionize the way we pay!

Apple pay

Adding a Card:

  • To initiate the card-adding process, users start by locating and opening the "Wallet" app on their iOS device. The Wallet app typically comes pre-installed on iPhones and is designed to manage various digital cards, including credit and debit cards.

  • Within the Wallet app, users look for an option to add a new card. This is usually represented by a "+" symbol or an "Add Credit or Debit Card" button. Tapping on this initiates the card addition process.

  • Users are presented with multiple options for adding a card:

    • Manually Enter Card Details: Users can manually input their card information, including the card number, expiration date, and security code.

    • Scan Card: Apple Pay allows users to expedite the process by using the device's camera to scan and automatically input card details. This is done by aligning the card within the on-screen frame

  • After entering the card details manually or through scanning, Apple Pay may prompt users to verify their identity. This can involve various methods, such as sending a one-time verification code via SMS or email.

  • Apple Pay then contacts the card issuer (the bank or financial institution associated with the card) to verify the added card. This step ensures that the user has authorization to add the card to Apple Pay.

  • After adding the card, all the details are then sent to the Apple server

Tokenization:

  • From Apple Pay now the card details are sent to the Apple server where the details are not stored. After this process of tokenization starts.

  • Now from this card number, we get to know about a few things firstly about the payment network systems like VISA, Mastercard etc and the Bank in which the user has the account.

  • After validating the PAN (Personal Account Number) from the card details send this to the financial institutions which after validation generates the Device Account Number(DAN).

  • Tokenization involves replacing the actual card details with a unique and dynamic identifier known as the device account number. This number is specific to the device on which Apple Pay is set up.

  • The device account number is dynamic, meaning it changes with each transaction. Unlike a static card number that remains the same for all transactions, the device account number provides an added layer of security by generating a unique identifier for each payment.

  • Here the mapping of DAN to PAN is stored in TSP which forms the basis of every transaction. store securely as it is one of the important components of the transaction.

  • Now, After the DAN is generated by the financial institutions with the help of card details, This DAN is stored in the secure element which is a chip in the iPhone.

  • The device account number is securely stored within the device's Secure Element, a dedicated hardware component designed to protect sensitive information. The Secure Element acts as a fortified vault, ensuring that the device account number remains secure and inaccessible to unauthorized parties.

How does payment happen?

Payment through Apple Pay at a point-of-sale (POS) machine using Near Field Communication (NFC) is a seamless and secure process. When making a purchase, the user simply holds their iPhone or Apple Watch near the NFC-enabled POS terminal. The NFC technology establishes a communication link between the Apple device and the terminal. Once in proximity, Apple Pay prompts the user to authenticate the transaction using biometric verification, such as Touch ID or Face ID. Once authenticated, Apple Pay transmits the payment information, including the dynamically generated device account number and a one-time-use security code, to the POS terminal. Importantly, the actual card details are never transmitted, providing an additional layer of security. The POS terminal receives and processes the information, and upon successful authorization from the card issuer, the transaction is completed. The entire process is not only quick and convenient but also prioritizes user privacy and data security through the implementation of tokenization and dynamic security features.

In this way, Apple Pay works by using technology Tokenization to generate the DAN (Device Account Number) and then at the time of transaction sending this to the related Bank and payment network where they verify the DAN with the security code and processes the transaction. Apple Pay is highly secure as it doesn't store the DAN either on the server or in the application.

Google Pay

Adding a Card:

  • Users initiate the card addition process by opening the Google Pay app on their Android device. This app is typically pre-installed on Android devices, and users can access it from their app drawer.

  • Within the Google Pay app, users navigate to the section related to payment methods or cards. This section allows users to manage their existing cards or add new ones.

  • Users are presented with multiple options for adding a card:

    • Manually Enter Card Details: Users can manually input their card information, including the card number, expiration date, and security code.

    • Scan Card: Apple Pay allows users to expedite the process by using the device's camera to scan and automatically input card details. This is done by aligning the card within the on-screen frame

  • After entering the card details manually or through scanning, Google Pay may prompt users to verify their identity. This can involve various methods, such as sending a one-time verification code via SMS or email.

  • After adding the card, all the details are then sent to the Google server

Virtual Card Generation :

  • Now from this card number, we get to know about a few things firstly about the payment network systems like VISA, Mastercard etc and the Bank in which the user has the account. All these details are verified and then processed for virtual card generation.

  • Similar to Apple Pay, Google Pay uses tokenization. The actual card details are replaced with a virtual account number or token. This token is unique to the device and is used to represent the card during transactions. Basically, the token generated is known as Device PAN also referred to as Virtual Card.

  • This tokenized representation of the card is securely stored on the device, ensuring that the actual card details are never transmitted during transactions. The dynamic nature of tokenization means that for each transaction, a unique token is generated, adding an extra layer of security.

  • After the generation of this token, they are transferred to the application through the server and they are stored in the server only.

How does payment happen?

When engaging in a purchase at a point-of-sale (POS) machine through Google Pay, the intricacies of the transaction unfold with a blend of sophistication and security. The user's journey begins by unlocking their Android device and bringing it into close proximity with the NFC-enabled POS terminal. The Near Field Communication (NFC) technology orchestrates a rapid and secure connection between the device and the terminal.

Following this, Google Pay prompts the user to authenticate the transaction, typically utilizing biometric methods like fingerprint recognition or facial unlock. Once the user's identity is verified, the underlying technology of Host Card Emulation (HCE) steps onto the stage. In this pivotal phase, Google Pay employs HCE to dynamically generate a virtual representation of the user's payment card, residing securely within the device's software.

This virtual card, a digital emulation of its physical counterpart, comes to life with a dynamically generated security code unique to that specific transaction. What makes this process particularly robust is that, throughout these stages, the actual card details remain encrypted and secure, thanks to tokenization.

As the user taps their device on the POS terminal, this virtual card, equipped with its dynamic security code, is transmitted for payment. This is where the HCE technology shines; it emulates the behavior of a physical card being presented at the POS terminal, despite the user's actual card details never being physically present. The POS terminal, equipped with NFC technology, swiftly captures and processes this information.

Simultaneously, the encrypted transaction details are forwarded to the card network and the user's card issuer for instantaneous authorization. Upon receiving the green light, the transaction is marked as complete, and both the user and the merchant receive instantaneous confirmation of the successful payment.

In essence, the utilization of HCE, in conjunction with NFC and tokenization, not only facilitates secure and contactless payments but also showcases the advanced technological layers that make Google Pay transactions efficient, secure, and user-friendly in the dynamic realm of digital payments.

How Google Pay is different from Apple Pay

Google Pay and Apple Pay, while both offering secure and convenient digital payment solutions differ in their approach to two key aspects: the use of a secure element and the storage of card details.

1. Secure Element:

  • Apple Pay: Apple Pay relies on a dedicated hardware component known as the Secure Element (SE). This is a specialized chip embedded in iPhones and other Apple devices. The SE functions as a secure vault where sensitive information, such as credit card details, is stored. When a user adds a card to Apple Pay, the actual card details are securely stored within the SE. During a transaction, only a device-specific token is transmitted, ensuring the actual card information remains within the secure enclave of the device.

  • Google Pay: In contrast, Google Pay takes a different approach. It utilizes Host Card Emulation (HCE) technology, eliminating the need for a dedicated Secure Element. HCE allows the virtualization of payment card information within the device's software, emulating the behaviour of a physical card. The absence of a dedicated SE means that Google Pay transactions can occur on a broader range of Android devices, as it doesn't rely on specialized hardware.

2. Storage of Card Details:

  • Apple Pay: When a user adds a card to Apple Pay, the actual card details are not stored on Apple's servers or the device. Instead, the card details undergo a process called tokenization. The card is replaced with a unique device account number (token), which is securely stored in the Secure Element. This token is used for transactions, adding an extra layer of security by ensuring that the original card details are never transmitted during payments.

  • Google Pay: Similar to Apple Pay, Google Pay employs tokenization. When a user adds a card, the actual card details are replaced with a virtual account number or token. However, since Google Pay uses Host Card Emulation (HCE), it doesn't rely on a dedicated hardware Secure Element. Instead, the virtualized card information is securely stored within the device's software.

Let's Understand What is NFC

Near Field Communication (NFC) is a short-range wireless technology that enables communication between devices when they are in close proximity, typically within a few centimeters. It operates on the principle of electromagnetic radio field induction, allowing two NFC-enabled devices to establish a connection by bringing them near each other. NFC technology consists of an initiator device that generates a radio frequency (RF) field and a target device that responds to this field. In the context of mobile payments, such as Apple Pay, the user's device (like an iPhone or Apple Watch) serves as the initiator, while the NFC-enabled point-of-sale (POS) terminal acts as the target.

NFC facilitates contactless data transfer, making it ideal for secure and rapid transactions. In the payment process, when an Apple Pay user holds their device close to an NFC-enabled POS terminal, the NFC connection is established. This prompts the initiation of a secure communication channel between the user's device and the terminal, allowing for the exchange of payment information. The short-range nature of NFC ensures that the transaction is confined to the immediate vicinity, minimizing the risk of unauthorized interception. Overall, NFC technology underpins the effortless and secure experience of contactless payments, making it a fundamental element in modern mobile payment systems.

Conclusion

In conclusion, the comparison between Apple Pay and Google Pay reveals a fascinating exploration into the intricacies of their system designs. Apple Pay, with its exclusive integration into the iOS ecosystem, employs a robust Secure Element and tokenization, ensuring the utmost security for user payment information. The emphasis on biometric authentication, NFC technology, and dynamic security codes further solidifies Apple Pay as a user-friendly and secure mobile payment solution.

On the other hand, Google Pay, designed for Android devices, utilizes Host Card Emulation (HCE) and tokenization to achieve a secure payment environment. Its flexibility extends to cross-platform functionality, making it available on iOS for certain features, while also prioritizing biometric authentication and NFC for in-store transactions.

Ultimately, the choice between Apple Pay and Google Pay boils down to user preferences, device ecosystems, and the level of integration desired. Apple Pay excels in the seamless cohesion of its exclusive ecosystem, while Google Pay offers a more inclusive approach across various platforms. Both systems showcase innovative features, ensuring the future of digital payments remains dynamic, secure, and tailored to the diverse needs of users.

Author's Message

In crafting this blog on "Apple Pay vs. Google Pay – System Design Unveiled," the information has been meticulously sourced from official documentation provided by Apple Pay and Google Pay. By referring to the detailed documentation available from these tech giants, I've aimed to present an accurate and comprehensive comparison of the system designs.

Additionally, insights from ByteByteGo have been instrumental in providing a well-rounded perspective on the functionalities and features of both mobile payment systems. The combination of official documentation and industry insights ensures that readers receive a reliable and insightful overview of the nuanced differences between Apple Pay and Google Pay.

.

.

.

Amandeep Singh

System DesignSystem ArchitectureAppleGooglebackendWeMakeDevs