Hi,
Somebody knows how to decode / decrypt emvData on Apple Pay e-commerce when paymentDataType=EMV?
Thanks.
Hi @sonic182,
You wrote:
[...] Somebody knows how to decode / decrypt emvData on Apple Pay e-commerce when paymentDataType=EMV? [...]
I won't go into technical details of this cryptogram decryption process, as it's described in the documentation below:
Payment token format reference
To decrypt the emvData in the Apple Pay payment token for merchant transactions, follow these steps:
- Verify Signatures: Validate Apple Pay's signature and the payment data using the Apple Root Certificate to ensure the payment request was originated securely.
- Retrieve Keys: Use the
publicKeyHashin the payment token to identify which merchant private key is required. - Restore Symmetric Key: Use the private key and your merchant certificate to restore the symmetric key embedding in the Apple Pay payload.
- Decrypt Data: Use the restored symmetric key to decrypt the payload, exposing the
paymentDatadictionary (which contains the EMV cryptogram, ECI (optional), and dynamic data). - Parse EMV Tags: From the
emvDatafield, parse the BER-TLV bytes to extract the individual EMV tags. - Send to Processor: Submit the decrypted card data and cryptogram to your payment processor exactly as you would with a standard card-present or 3D Secure (3DS) transaction.
The most common mistakes merchants make when decrypting is skipping the signature verification in Step 1 (a security risk), or getting the key derivation formula slightly wrong in Step 2 (causes decryption to fail silently). Everything else should be fairly straightforward once those two steps are correct.
Important: Never decrypt on the client. Private keys should never be embedded in your iOS or web app. Always perform decryption on your secure backend server. In addition, handling decrypted DPANs and cryptograms requires complicate with PCI-DSS standards.
Cheers,
Paris X Pinkney | WWDR | DTS Engineer
