As a developer, I know that an Apple Pay payment seems to offer more privacy in some cases when online.
Can anyone elaborate the different scenarios Apple pay offers and what the consumer privacy risk is of each? For example:
- A shoe vendor uses a "Apple Pay Merchant" such as Stripe or Braintree to process payments online. In this case the trusted URL is set to
https://BrainTreeOrStripe.com/.well-known/apple-developer-merchantid-domain-association
- A shoe vendor acts as an Apple Pay Merchant, and the above URL points to their own website (Payless.com)
In the above examples some information identifying the user is shared with some parties and not others.
My question is regarding PII (Personally Identifiable Information) or even a per-user tracking identifier that may exist. I'd like to know when any of that data is shared between the merchant, the payment network, and/or other parties.
A risky example shows itself when I use ApplePay with two different merchants (medical processing and a nightclub), and that data is subsequently correlated by two merchants willing to share data or perhaps it's observed on the payment network itself. My fear is that insurance rates will rise simply because I'm buying drinks for friends at a nightclub, but the data makes it appear that I'm buying all those drinks for myself.
Best Answer
Apple Support Document, Apple Pay security and privacy overview, throws some light on the security and privacy offerings when using Apple Pay on Web.
Relevant quote from the article: