初步了解 EMVCo 組織所提出的憑證化支付的標準中的 NFC 使用案例流程，並與 Apple Pay 支付流程進行比對。
Mobile NFC at Point of Sale
The mobile device will interact with the NFC terminal through the payment application and pass the following key Payment Token data elements to the Merchant terminal:
- Payment Token will be passed in the existing PAN field.
- Token Expiry Date will be passed in the PAN Expiry Date field.
- Token Cryptogram will be generated based on the Token data elements and will be passed in the Chip Cryptogram field.
- Token Requestor ID will be passed as an optional field.
- All other contactless data elements will be created and passed following the contactless data standards.
The Merchant terminal will pass the contactless authorisation request to the Acquirer, carrying all of the standard Payment Token data fields and contactless data elements; POS Entry Mode will be set to indicate contactless transaction.
The Acquirer will perform routine processing checks and pass the Token data fields and the contactless data to the Payment Network.
The Payment Network will interface with the Token Service Provider to:
- Retrieve the PAN.
- Verify the state of the Payment Token to PAN mapping in the Token Vault for the active Payment Token, and other controls that may be defined for that Payment Token.
- Validate the Token Cryptogram and validate the Token Domain Restriction Controls for that Payment Token.
- Retrieve the Token Requestor ID if it was not provided in the authorisation message.
The Payment Network will send the authorisation request to the Card Issuer, with the following changes to the authorisation request message:
- Replace Payment Token with PAN.
- Replace Token Expiry Date with PAN Expiry Date.
- Add an indicator that conveys to the Card Issuer that an on-behalf-of validation has been completed by the Token Service Provider of that Payment Token.
- The following Payment Token-related fields are passed to the Card Issuer in the authorisation request: Payment Token, Token Expiry Date (Optional), Token Assurance Data (Optional), Token Assurance Level, Token Requestor ID or POS Entry Mode Code.
The Card Issuer completes the account-level validation and the authorisation check, and sends the PAN back in the authorisation response to the Payment Network.
The Payment Network (possibly in communication with the Token Service Provider) may generate a response cryptogram and will replace the PAN with the Payment Token based on the mapping, and will pass the following required fields to the Acquirer as part of the authorisation response, in addition to other standard data elements:
- Payment Token
- Token Assurance Level
- Last 4 digits of PAN
- PAN Product ID (Optional)
The Acquirer will pass the authorisation response to the Merchant.
The consumer will be notified of the success or failure of the transaction.
Apple Pay provides an easy and secure way for users to buy physical goods and services in your app. Using Touch ID, users can authorize payments using credit and debit card payment credentials that are stored on iPhone 6 and iPhone 6 Plus. These models contain a Secure Element, isolating card payment credentials from the main processor where your app runs.
First the app checks that it can offer Apple Pay as a payment method. In this example, the app needs the postal code from the selected shipping address to calculate shipping cost and update the total amount due.
When the user authorizespayment, your app receives a payment token from the Secure Element, via PassKit.
Finally the app calls appropriate APIs in the payment processor SDK to pass the payment information to the payment processor, they process the transaction.
- EMV Payment Tokenisation Specification – Technical Framework
- Getting started with Apple Pay PDF - Apple Developer