Apple Pay uses[4] the EMV Payment Tokenisation Specification.[5]
The service keeps customer payment information private from the retailer by replacing the customer's credit or debit card Funding Primary Account Number (FPAN) with a tokenized Device Primary Account Number (DPAN), and creates a "dynamic security code [...] generated for each transaction".[6] The 'dynamic security code' is the cryptogram in an EMV-mode transaction, and the Dynamic Card Verification Value (dCVV) in a magnetic stripe data emulation-mode transaction. Apple added that they would not track usage, which would stay between the customers, the vendors, and the banks. Users can also remotely halt the service on a lost phone via the Find My iPhone service.[6]
To pay at points of sale, users hold their authenticated Apple device to the point of sale system's NFC card reader. iPhone users authenticate by using Touch ID, Face ID,[6][7] or passcode,[7] whereas Apple Watch users authenticate by double-clicking a button on the device.[8] To pay in supported iOS apps, users choose Apple Pay as their payment method and authenticate with Touch ID or Face ID.[6] Users can add payment cards to the service in any of four ways: through the payment card listed on their iTunes accounts, by taking a photo of the card, being provisioned from within the card issuer's app, or by entering the card information manually.
Although users receive immediate notification of the transaction, the Apple Pay system is not an instant payment instrument, because the fund transfer between counter-parties is not immediate.[9] The settlement time depends on the payment method chosen by the customer. (An exception being payments made using a Japanese Suica card, which stores the user's balance on the card itself and can transfer funds directly to the merchant without the need for an online connection.)