For Apple Pay, is the card holder name of a debit card stored on Apple servers?
After you authenticate your transaction, the Secure Element provides
your Device Account Number and a transaction-specific dynamic security
code to the store’s point of sale terminal along with additional
information needed to complete the transaction. Again, neither Apple
nor your device sends your actual payment card number.
https://support.apple.com/en-us/ht203027
What is the additional information referred to here?
Best Answer
The cardholder name is not stored on Apple's servers when using Apple Pay.
Apple Pay works according to the "EMV Payment Tokenisation Specification", which you can download from here:
https://www.emvco.com/emv-technologies/payment-tokenisation/
The document is technical in nature, but describes exactly how the system works.
In simpler terms the system works like this: When you add a credit card to Apple Pay, your device generates a set of cryptographic keys - one public and one private. The private key is kept only in the secure element of your device. The public key along with your credit card number (the so called "PAN") is sent to Apple.
Apple needs the credit card number in order to determine whom to forward the information to - i.e. VISA, MasterCard, etc. The card number and public key is then forwarded to for example VISA, and they will send back an encrypted response to Apple. The encrypted response uses the public key generated on your device so that it is not readable by Apple.
At this point Apple discards your credit card number (it is not stored) and forwards the encrypted response to the device. The device is able to decrypt and read the response.
The response primarily contains a new credit card number generated for you. The credit card number looks like an ordinary credit card number, but it is both different from your real credit card number, and it is not usable for ordinary transactions. It can only be used as part of an Apple Pay transaction, where the cryptographic keys provide the additional security. This is the method used to ensure that the merchant doesn't see your actual credit card number.
As you can see in the specification, the cardholder's name is not transferred in the process. It is not sent by your device, and as the response from for example VISA is encrypted and unreadably by Apple, even should it have contained the name (which it doesn't) - it isn't readable by Apple.
You can see in the specification which types of additional information it is possible to send.
However, there are a few minor details to the above general answer:
1) Your Apple Pay is linked with your Apple-ID. This means that Apple has access to the name registered to the Apple ID - if this is identifical to the cardholder's name, which it would be in most cases, Apple defacto knows the name.
2) In the case of Apple Pay Cash, Apple reserves the right to request and store your name on their servers. As described here:
https://support.apple.com/da-dk/HT203027
3) There is a (very low) risk that Apple isn't actually following the standards, and actually your credit card number is not discarded or they somehow in an illegal way gets access to your cardholder's name. This would be illegal and it would be breaking agreements with payment processors. Also payment processors have certification processes in place to ensure that the involved parties adhere to the standard. In short, if this would be the case, it would be a huge scandal ruining Apple's reputation in the payment industry and elsewhere. I think it is extremely unlikely.