Apple Pay privacy
 

Apple is not in the middle. They do not get any transaction data and have no idea where you shop or what you purchased.

I recall Apple saying that they won't store ApplePay customers' purchase history or credit card information on its servers and that the ApplePay-accepting merchants will not be able to see ApplePay customers' credit card numbers but that those merchants will get an Apple transaction number and the payment from ApplePay. And I've not yet seen anything that indicates it to be otherwise.

Amex, on the other hand, definitely stores purchase history on its servers; and that purchase history stored by Amex on servers can and will be used against customers at times. I am curious how reliably it goes with making an ApplePay purchase with an Amex card at a merchant but then the buyer returning the purchase for credit to a non-Amex card linked to a given ApplePay account. Amex would have the initial purchase transaction, but would it have the refund transaction data?

Curious, if Apple do not have this information on its servers, where does it have it? Locally stored on the users phone/Ipad/etc.? That cannot be right either. I can pull my Apple purchase history on my Windows using ITune, and it seems to be syncing to Apple (hence its servers), and doesn't pull Apple purchase history from my Ipad (where I do all the Apple purchases).

Apple may not pass those information to merchants, but they definitely seem to have customer information on their servers.

Can you see non Apple purchase on itunes or just those from Apple? When I look on itunes I see my Apple Music, App purchases, iCloud etc but I do not see my Amex purchases done via Apple Pay.

Technically Apple is very much in the middle and has access to all that is happening. Whether you choose to believe they won't use your data, now or in the future, is up to you.

Agree, technically they are in the middle but they are not the people you go to to sort out issues with purchases or statements for the cards you use in your wallet with Apple Pay. Even for the Apple card you contact Apple CS first they they put you through to Goldman. If I have an issue with Amex I go to Amex. There's no recourse against Apple Pay. They are very much like a 21st Century authorize.net or Stripe. They are a glorified payment gateway.

Having said that, Apple Wallet keeps a track of all my Apple Pay transactions in their App so I do have to believe somewhere in the cloud all my transactions are sitting. So while an individual may not have access to them they sure as are accessible.

‘In the middle’ is a fairly general term. Apple is a facilitator, and I’m fine with that. As far as identifying the means of payment goes, all my Apple Pay receipts Show the same ‘card’ number, different from my Amex number. Apple Pay shows all purchases, including ones made with the card itself.

That's exactly where it is, encrypted on the device.
Purchases made in the iTunes store are visible in iTunes, as it would be in any other store's portal. Apple Pay transactions are not.


Apple is not in the middle and does not have access to transaction information.

Apple Pay Press Release, Oct 16, 2014 (emphasis mine):


Transactions are in the Wallet app and the card issuer's servers. Merchants also have a record of the transactions, but not the customer's name (unless it's provided separately).

https://support.apple.com/en-us/HT203027

has the ApplePay security and privacy overview. But this ApplePay stuff should likely be in its own thread since it applies to all card users and isn’t really a Centurion thing despite the ability to use a Centurion card with ApplePay and whatever that means in terms of getting Amex MR points for ApplePay purchases, refunded in ways or otherwise.

Funny, but not technically accurate. The client side code that runs Wallet and Apple Pay executes on the iPhone, as does the GPS location info that can note and timestamp your location when you make the transaction. So they do have access to all the necessary information. Again, it is your choice to believe that they do not, nor will not in the future make hay with your data.

What runs on the phone is local to the device and not accessible by Apple nor is it kept on Apple's servers.
More detailed information is in Apple's security white paper.

Sorry, but EVERYTHING that is local to the iPhone is accessible by Apple. If they choose to.

That is absolutely false. What's on the device is encrypted with keys that Apple does not know nor can the data be extracted, and is normally end to end encrypted when in transit to others on top of that.

We are way off topic, but I have to say that is a very naive opinion. Apple has FULL control of their OS and can do whatever they like. And they update this OS with every major and minor release. That's why I keep repeating they can do this today or in the future. None of us know what policies or procedures they will implement in the future. And they do not have to tell us what they have done or not done. In fact they are extremely secretive and will not release the actual code involved for obvious reasons. Both competitive and legal.

Further you can read up on Apple Financial Identifier Requests. "Financial Identifier requests are based on financial identifiers such as credit/debit card or iTunes Gift Card. Financial Identifier requests generally seek information regarding suspected fraudulent transactions - for example, law enforcement investigations on behalf of customers in which a credit card was fraudulently used to purchase Apple products or services." These could be server side or client side but there isn't a whole lot of transparency about that.

Apple has control over the OS, but not the encryption keys used, and without the encryption keys, they can't access the data, nor can anyone else for that matter.

Further information available in Apple's iOS Security white paper as well as developer documentation.