How do returns work with Apple Pay?

Discussion in 'iPhone' started by HXGuyAZ, Oct 20, 2014.

  1. HXGuyAZ macrumors 6502

    Sep 3, 2014
    From what I understand, when you use Apple Pay, the phone generates a random number to use as the credit card number, which is one time use, and the merchant never actually knows your real credit card number.

    How normally if you buy something and want to return it, the merchant asks to put it back on the same card you bought it from. How would this work if that generated number is a one time use and I assume is discarded after use?
  2. iceperson macrumors 6502

    Mar 31, 2014
    Why would the number be discarded after use? I would think they'd be able to reverse the charge just using the authorization code created. It's not like the banking system doesn't have a record of the transaction, the store just doesn't get anything more than the auth code.
  3. Applejuiced macrumors Westmere


    Apr 16, 2008
    At the iPhone hacks section.
    My guess is just as you use the phone to charge your card you would use it the same way to return an item and credit back your account.
    Touch less scan with nfc.
  4. HXGuyAZ thread starter macrumors 6502

    Sep 3, 2014
    Maybe I misunderstood it than, I thought it generated the number once and then discarded it. But it seems like it does generate it once, and is transaction specific, and can't be used again...but it's not discarded so it could probably be used to reverse a transaction.
  5. FunkyTang macrumors 6502a

    Sep 16, 2008
    The merchant uses the same token to send you a credit to your account. You give the token to the merchant again using your phone.
  6. dontwalkhand macrumors 601


    Jul 5, 2007
    Phoenix, AZ
    Its a fallacy, they can process a return to any card, you can either hand them your card, or you can tap your phone again.
  7. AppleFan360, Oct 20, 2014
    Last edited: Oct 20, 2014

    AppleFan360 macrumors 68020

    Jan 26, 2008
    This. Everything basically just works in reverse.

    Also, as a side note, when I used :apple:Pay today at Walgreens, the printed receipt had the last four of the device number and NOT the last four of the credit card.
  8. Supermallet macrumors 65816


    Sep 19, 2014
    It's helpful to remember that Apple Pay is just a payment processor. It's not Apple giving us all a line of credit and telling us we can only use that credit on our phones. These are our regular credit cards that we use every day, and in everything except the mode of transmission (NFC instead of swiping), transactions will be the same as with the credit card in hand.
  9. scaredpoet macrumors 604


    Apr 6, 2007
    This isn't actually true. There is a separate number generated (the device account number) but it's kept. What's generated randomly is a cipher that is used WITH the device account number to authenticate the purchase.

    So if a return has to happen, the device account number will still be valid, and the refund will go through fine.
  10. rorschach macrumors 68020


    Jul 27, 2003
    The Device Account Number is what replaces your real card number, and that doesn't number change.

    What you're thinking of is the one-time dynamic security code, which is randomly generated for each transaction and used alongside the Device Account Number (think CVV -- sort of).

    So returns are not a problem.
  11. evilrt macrumors regular


    Oct 7, 2011
    New Jersey USA
    There's always a paper trail. It will go back to the card.
  12. deeddawg macrumors 604

    Jun 14, 2010
    While it may be helpful, it isn't really exactly correct. The above implies the payments go through Apple instead of the normal card processing chain when they don't. What Apple provides is tokenization on the origination end (and token authentication to the payment processor) in exchange for a per-transaction fee from the bank.

    You're forgetting a KEY benefit -- the transaction is NOT the same because your credit card number is not being sent through the networks or stored with the merchant where it's then subject to later breaches. Since the tokenization is a one-time transaction it also precludes any "skimmer" or "sniffer" technology from netting anything useful to hackers.


    Yeah, they're not going to be an issue. Just another transaction performed as a credit instead of a debit.

    I really doubt that nobody in the payment card industry who were involved in creating the EMV Tokenization standard ever thought about how to do a return/refund... :D

    Here's a good read: EMV Payment Tokenisation Specification - Technical Framework

Share This Page