Apple Pay Integrations and Payload Decryption Methods

In response to a payment request, Apple Pay returns an encrypted payload that contains sensitive payment information. Two methods can be used to extract and decrypt the payment information, and both methods support Apple Pay in-app and web transactions.
  • With
    Cybersource
     decryption
    ,
    Cybersource
     manages the generation of the payment encryption key and the decryption of the Apple Pay response.
    IMPORTANT
    This method reduces the exposure of sensitive payment data to your system.
  • With
    merchant decryption
    , you manage both the payment encryption key generation and the decryption of the Apple Pay response.
The remainder of this section summarizes the flow of Apple Pay transaction processing for each decryption method.

Flow of Apple Pay In-App Transactions Processed Using
Cybersource
Decryption

This diagram illustrates the flow of in-app transaction processing using
Cybersource
decryption.

Figure:

In-App Transaction Processing with
Cybersource
Decryption
In-App Processing with non-Merchant Decryption
  1. When the customer chooses to pay with Apple Pay, you use the Apple PassKit Framework to request the encrypted payment data from Apple.
  2. Apple uses the Secure Element to create a
    payment token
    and encrypt the token’s
    payment data
    before it sends your application.
    • The payment token is the
      PKPaymentToken
      structure.
    • The payment data is the
      paymentData
      field of the
      PKPaymentToken
      structure.
  3. You forward the encrypted payment data to your order management system.
  4. Using the
    Cybersource
    API, you submit the authorization request. In the
    paymentInformation.fluidData.value
    field, include the Base64-encoded value that you obtained from the
    paymentData
    field of the
    PKPaymentToken
    structure.
  5. Cybersource
    decrypts the payment data and forwards the information to the payment network, which includes your processor and the relevant payment card company.
    IMPORTANT
    You must use the
    Business Center
    or one of the
    Cybersource
    API services to capture, credit, or void the authorization.

Flow of Apple Pay In-App Transactions Processed Using Merchant Decryption

This diagram illustrates the flow of in-app transaction processing using merchant decryption.

Figure:

In-App Transaction Processing with Merchant Decryption
In-App Processing with Merchant Decryption
  1. When the customer chooses to pay with Apple Pay, you use the Apple PassKit Framework to request the encrypted payment data from Apple.
  2. Apple uses the Secure Element to create a
    payment token
    and encrypt the token’s
    payment data
    before it sends your application.
    • The payment token is the
      PKPaymentToken
      structure.
    • The payment data is the
      paymentData
      field of the
      PKPaymentToken
      structure.
  3. You forward the encrypted payment data to your order management system to decrypt. For information on decryption, see the Payment Token Format Reference article in the Apple Pay Developer Documentation.
  4. Using the
    Cybersource
    API, you submit the authorization request and include the decrypted payment data.
  5. Cybersource
    forwards the information to the payment network, which includes your processor and the relevant payment card company.
    IMPORTANT
    You must use the
    Business Center
    or one of the
    Cybersource
    API services to capture, credit, or void the authorization.

Flow of Apple Pay Web Transactions Using
Cybersource
Decryption

  1. When the customer chooses to pay with Apple Pay, you use the Apple Pay JavaScript to request the encrypted payment data from Apple.
  2. Apple uses the Secure Element to create a
    payment token
    and encrypt the token’s
    payment data
    before it sends your application using the
    onpaymentauthorized
    event handler.
    • The payment token is the
      ApplePayPaymentToken
      structure.
    • The payment data is the
      paymentData
      field of the
      ApplePayPaymentToken
      structure.
    For more information, see Apple Pay on the Web Interactive Demo.
  3. You forward the encrypted payment data to your order management system.
  4. Using the
    Cybersource
    API, you submit the authorization request. In the
    paymentInformaton.fluidData.value
    field, include the Base64-encoded value obtained from the
    paymentData
    field of the
    ApplePayPaymentToken
    structure.
  5. Cybersource
    decrypts the payment data and forwards the information to the payment network, which includes your processor and the relevant payment card company.
    IMPORTANT
    Use the
    Business Center
    or one of the
    Cybersource
    API services to capture, credit, or void the authorization.

Flow of Apple Pay Web Transactions Using Merchant Decryption

  1. When the customer chooses to pay with Apple Pay, you use the Apple Pay JavaScript to request the encrypted payment data from Apple.
  2. Apple uses the Secure Element to create a
    payment token
    and encrypt the token’s
    payment data
    before it sends your application using the
    onpaymentauthorized
    event handler.
    • The payment token is the
      ApplePayPaymentToken
      structure.
    • The payment data is the
      paymentData
      field of the
      ApplePayPaymentToken
      structure.
    For more information, see Apple Pay on the Web Interactive Demo.
  3. You forward the encrypted payment data to your order management system to decrypt. For information on decryption, see the Payment Token Format Reference article in the Apple Pay Developer Documentation.
  4. Using the
    Cybersource
    API, you submit the authorization request and include the decrypted payment data. See Authorization Service.
  5. Cybersource
    forwards the information to the payment network, which includes your processor and the relevant payment card company.
    IMPORTANT
    Use the
    Business Center
    or one of the
    Cybersource
    API services to capture, credit, or void the authorization.