There were some initial security concerns with Apple Pay due to lax standards in bank authorizations. Fraudsters used previously stolen credit card data, and banks were authorizing cards without question. Now, any card that's added to Apple Pay requires a multi-step verification process, including authorization using the apps of issuing banks, and, in many cases, speaking to a live rep and answering security questions.
In stores, Apple Pay relies on the contact-less payment Near Field Communication (NFC) capabilities built into new iPhones. As long as the phone is not turned off, it will recognize a nearby NFC-compatible terminal and instantly display your default card. To authenticate the transaction, Apple Pay uses the iPhone's Touch ID fingerprint scanner. Here is Apple Pay in action.
Requiring Touch ID means no one who isn't already authorized to use your iPhone can buy anything; any attempts to do so will be thwarted.
Apple Pay gains ground
Apple launched the service with six major card-issuing banks and the three major networks as partners: American Express, Mastercard and Visa. They account for 83% of all U.S. credit card purchases. At launch, 220,000 locations already had the necessary hardware in place. (I first used it with my iPhone 6 at a McDonald's.) During Apple's Spring Forward event on Monday, Apple CEO Tim Cook noted that 2,500 banks now support Apple Pay, as well as nearly 700,000 locations, including some vending machines.
With that level of reach, it makes sense for Apple Watch to arrive with Apple Pay support. But the watch lacks the iPhone's Touch ID sensor, which until now was necessary for the system to work.
This brings us to the original question: How does Apple Pay work on the Watch? The secret involves a four-digit passcode, NFC and the Watch's Secure Enclave technology working in concert with built-in sensors.
How it works on the Watch
To enable Apple Pay on the watch, you first create a four-digit passcode using the companion Apple Watch app (which is part of iOS 8.2). The passcode is used to authorize Apple Pay when you put the watch on your wrist, and it's smart enough to know when the Watch has been taken off. (It will prompt you to enter the passcode the next time you put it back on to help prevent someone from snatching your watch and using it to make payments.)
Once that's done, you have to add your cards again, even if you already have them on your iPhone. The reason is security; remember, the information in the iPhone's Secure Enclave is exclusive to that device. To associate a card with the watch, you must use the Watch app on a supported iPhone (which includes the iPhone 5, 5S, 5C, 6, and 6 Plus). The app allows you to add cards to Passbook and Apple Pay. As on the iPhone, cards on the Watch are verified by the bank and then issued an encrypted ID number, which is then stored in the Watch's Security Enclave chip.
Sign up for CIO Asia eNewsletters.