To ensure that the transaction is secure, Apple verifies the domain association. The verification occurs once, although reverification can occur again later. For every payment request, Apple verifies the server source of the request using TLS validation through the session validation key. Apple encrypts the payment data with the encryption key.
The merchant runs any verification they need on the billing address, just as they would for a non-apple Pay transaction. The billing address information can be provided with the payment object as non-encrypted and isn't required for the processing of Apple Pay transactions.
Process Flow
- Shopper visits the storefront using an Apple Pay on the Web enabled device.
- The storefront detects the device and other conditions necessary for Apple Pay and, if all conditions are met, shows the Apple Pay button.
- The shopper clicks the Apple Pay button.
- The storefront provides the necessary information to Apple Pay.
- The shopper checks out using Apple Pay.
- The storefront updates the basket with Apple Pay information.
- The shopper authorizes payment on their Apple Pay enabled device.
- Apple Pay provides the storefront with encrypted payment information.
- The storefront makes the authorization request to the PSP.
- The storefront stores the transaction ID that is in the authorization response from the PSP.
- The storefront notifies Apple Pay of successful authorization.
- The storefront shows the order confirmation.
- The order, including the PSP transaction ID, is exported to the OMS.
- The OMS sends post order updates to the shopper.
