Digital Wallets and Per-Merchant Card Numbers

Matt Birchler, writing at Birchtree:

It’s notable that it’s called a DPAN and not “the Apple Pay number” — it’s a generic term, and that’s because this is a standard feature of digital wallets everywhere, not just Apple Pay. Google Pay and Samsung Pay are the biggest other digital wallets in the U.S. and they both do exactly the same thing. While it’s not technically using a DPAN since the payment runs through different companies, Amazon Pay and Shop Pay buttons also obscure the actual FPAN (full card number) from merchants.

I feel like this comes up a lot, but I can not stress enough to you how little merchants want to ever ever ever handle your actual credit card number. It adds so much risk on their end and modern payment acceptance tools make it easy to collect payment details in a way that makes sure as few people as possible have access to the real card info.

Gruber mentions banks absolutely not wanting to use DPANs themselves, but we actually don’t need to speculate about this, we have this info already. Numerous banks from Walls Fargo to Chase to Bank of America have (or had) digital wallets, all of which used DPANs to protect your plain text account number. Paze is what a few big U.S. banks use today and it of course uses DPANs as well. In fact the top reason they give for why you should use Paze is, “Paze does not share your actual card number with the merchant.”

Saturday, 23 March 2024