Recently, I’ve been having many conversations about the use of contactless payments, or Apple Pay. I was asked how secure it is while on vacation. Then it came up at my in-person FI meetup group. And most recently at a business networking event. I then asked the group, “Who uses Apple Pay?” and it’s like I asked who owns a pet badger. Not a single hand goes up. And I get the same looks. The polite smiles. The “I don’t really trust that” responses.
Meanwhile, I’m over here tapping my phone to pay for everything from coffee to concert tickets, and genuinely puzzled why more people aren’t doing the same. So let’s fix that. Today we’re breaking down what contactless payments actually are, how Apple Pay works, and why using it is actually safer than handing over your physical credit card. No bullshit.
First, What Even Is a “Contactless Payment”?
Contactless payment is exactly what it sounds like. You pay for something without physically swiping a card or handing cash to a cashier. You either tap a card, tap your phone, or tap your watch to a payment terminal, and the transaction goes through in about a second.
The most common way to do this in the US right now is through a digital wallet like Apple Pay, Google Pay, or Samsung Pay. But even your regular credit card probably has contactless built in. You know that little wifi-looking symbol on the front of your card? That’s the sign. That means your card can tap to pay too.
NFC technology powers over 95% of contactless transactions globally and is the dominant technology behind the tap-to-pay surge we’re seeing everywhere.
And we ARE seeing it everywhere. Global contactless payment transaction volumes hit $15.7 trillion in 2024, and over 80% of retailers now accept contactless payments. This isn’t a niche thing anymore. This is mainstream.
The Tech Behind the Tap (Simplified)
Okay, here’s where I’ll geek out for just a second. I promise I’ll keep it simple.
NFC: The Magic Radio Wave
NFC stands for Near Field Communication. It’s basically a tiny radio signal that only works when two devices are really close together. We’re talking like 1 inch apart. When you hold your phone near a payment terminal, those two devices have a tiny, super-short conversation that lasts less than a second.
Think of it like two people whispering a secret code to each other. They have to be nose-to-nose to hear each other, which means nobody standing across the room can eavesdrop. That’s basically NFC.
Tokenization: Your Fake Card Number
When you add your credit card to Apple Pay, your actual card number is never stored on your phone. Never. Instead, the system creates a Device Account Number (DAN), a tokenized credential tied specifically to that device. Instead of transmitting your real card number during purchases, it sends this token.
Let’s say you are at Target for example. When you tap to pay at Target, Target never sees your real Visa number. They get a fake number that only works in that exact context. If someone somehow intercepted that number, it would be completely useless.
Here’s another thing most people hardly ever think about. When you swipe your credit card at Target, Target knows exactly who you are, what you bought, when you bought it, and they tie all of that to your card number and build a profile on you over time. You’ve probably heard the stories. Retailers have entire data science teams dedicated to figuring out your buying habits from your transaction history.
Well, with Apple Pay for example, the merchant only receives that anonymous token we talked about. They don’t get your real card number, and depending on how the transaction is processed, they may have little to no ability to tie that purchase back to your identity. No name. No card on file. Just a one-time token that evaporates after the transaction. You bought what you bought and walked out the door like a ghost.
And, If you’ve ever wondered by Walmart doesn’t accept Android Pay or Apple Pay, and wants to keep you in their own Walmart Pay system using the mobile app, and QR code, it’s just that. Walmart is building a profile on you and your buying habits. They wanna know who you are, what you bought, and when you bought it.
The Secure Enclave: The Vault Inside Your Phone
Your iPhone has a tiny, dedicated chip inside it called the Secure Enclave. It’s basically a miniature vault. iPhones and Apple Watch devices have this Secure Element. Actually that is what it’s called on Android devices, the Secure Element. This is the only place where the payment token is stored, and it can only be accessed by the customer’s biometrics or passcode.
Your fingerprint or your face literally unlocks the payment. That’s it. No face, no payment.
One-Time Codes: The Secret That Expires Immediately
Here’s the last piece of the puzzle, and honestly the most impressive part. Each Apple Pay transaction includes a dynamic security code. This code is generated per transaction and cannot be reused. If someone intercepted the NFC signal, the data would not allow them to perform a second transaction. The cryptographic code is valid only for that specific moment and amount.
Put it all together and here’s what happens every single time you tap to pay:
- Your face or fingerprint unlocks the payment
- Your phone sends a fake card number (the token) via NFC
- A one-time secret code goes with it
- The payment processes, the code expires forever
- The merchant never sees your real card number
That whole process takes about one second. Pretty wild, right?
But Is It Actually Safe Though?
This is the number one objection I hear. And I get it. Handing over your card feels tangible. You know what you’re doing. Tapping your phone feels kinda like voodoo magic.
But here’s the honest truth, swiping your physical credit card is way riskier than most people realize.
In 2024, US consumers reported over $12.5 billion in total fraud losses to the FTC, up 25% from the previous year. Credit card fraud was the most commonly reported type of identity theft, with over 449,000 reports filed.
And here’s where it gets so cringe. Over 269 million stolen credit card records were posted on dark web forums in 2024 alone.
How does your card number end up on the dark web? A lot of ways. Data breaches at retailers. Card skimmers attached to ATMs or gas pumps. Phishing emails. Someone just writing your number down when you hand it to a waiter at a restaurant.
Think about the last time you handed your physical credit card to someone. Your full card number, expiration date, and security code were visible the whole time. If someone wanted to remember or write down those 16 digits, they had plenty of time and opportunity.
With Apple Pay? The merchant never receives the real card number. Instead, it processes the Device Account Number, which is useless outside the Apple Pay environment.
There’s nothing to steal or any number for a skimmer to capture. There’s no card number being passed over the internet to a merchant’s server that might someday get hacked.
Even if an attacker managed to infiltrate a merchant’s systems and gain access to used tokens, those tokens would be completely useless.
So Why Isn’t Everyone Using This?
Great question. Here’s what I think is going on.
People don’t trust what they don’t understand. That’s totally human. If you don’t know how something works, your gut says “danger.” But now you know how it works. It’s not magic. It’s actually pretty logical once you break it down.
Habits are hard to break. We’ve been swiping cards for decades. Muscle memory is real. But habits change when you see the upside, and the upside here is both security and convenience.
Some merchants still don’t accept it. This is a real issue, though it’s shrinking fast. 85% of US retailers now accept Apple Pay, and adoption has increased 41% between 2022 and 2024. Most major grocery stores, coffee shops, gas stations, and retail chains are on board. Your local cash-only hot dog stand might not be. That’s okay. You’ll survive.
People think they need to be tech-savvy. You don’t. If you can unlock your iPhone, you can use Apple Pay. That’s genuinely the whole skill requirement. So easy!
The Numbers Don’t Lie: Contactless Is Taking Over
Look, I’m not the only contactless evangelist out there. The data backs this up harrrrd.
According to a recent Mastercard poll, more than half of Americans choose a contactless payment method over other options at checkout. In July 2024 alone, 65% of US adults processed at least one transaction using a digital wallet.
Apple Pay had roughly 785 million active users globally by 2024, and in the US, it holds a 54% share of all in-store mobile wallet usage.
Apple Pay processed $8.5 trillion in payments in 2024 and is accepted at over 90% of US retailers.
That’s not a fringe thing. That’s a movement. And the people who haven’t jumped on yet are mostly just… waiting. For what, exactly? I’m not sure.
In Europe, nearly 85% of retail transactions are already contactless. The UK is even further along. The US is playing catch-up, but the gap is closing fast.
Setting Up Apple Pay: It Takes 3 Minutes
I know what you’re thinking. “Okay Chris, I’m convinced. Now what?”
Here’s the setup:
- Open the Wallet app on your iPhone (the one that looks like a folded card)
- Tap the little plus sign in the top right corner
- Follow the prompts to scan your credit or debit card
- Your bank will verify it, usually by sending a quick text or email
- Done
After that, paying in stores is just: double-click the side button (or home button on older models), glance at your phone or use your fingerprint, hold it near the terminal. That’s it. You’re done before the person behind you in line even found their wallet.
You can add multiple cards. You can set a default card. It works with your Apple Watch too, which is genuinely fun when you’re at a coffee shop and just tap your wrist like you’re in a spy movie. It’s also amazing when it’s cold as a witches tit outside have gloves on and wanna pay at the gas pump! Easy peasy!Â
What About the “What If I Lose My Phone?” Question
This one comes up every time. I get that. It’s a fair concern.
First, remember that Touch ID or Face ID is required for every payment. Someone who finds or steals your phone can’t use Apple Pay without YOUR biometrics. They literally need your face or your fingerprint. Good luck with that.
Second, if your phone is lost or stolen, keep in mind you can remotely disable Apple Pay from any browser by logging into iCloud.com. You can also remotely erase the entire device. Remember, your real card numbers were never on the phone anyway, so there’s nothing for a thief to grab from the payment side of things.
And before you go full Hollywood on me, no, a bad guy can’t just hold your phone up to your sleeping face or use a photo of you to unlock it. Face ID uses infrared sensors and projects over 30,000 invisible dots to map your face in three dimensions, and it requires your eyes to be open and alert. Touch ID reads the unique sub-dermal layers of your actual fingerprint, not just the surface. Blood actually needs to be flowing. You need to be conscious and present and if someone cuts off your finger it won’t work lol.
Compare that to losing your physical wallet. Your cards are right there. Anyone can swipe them at a gas station pump before you even know the wallet’s gone. Which scenario actually sounds scarier now?
Look, I’m not saying you need to throw your wallet in a lake. Keep your cards. Keep your cash if that’s your thing. But if you have an iPhone and you’re not using Apple Pay, you’re leaving a genuinely better, more secure option sitting on your home screen collecting dust.
But, the tech is solid. The security is real. The convenience is legitimately great. And you’ll get to do that very satisfying tap-and-walk-away thing at the checkout that makes you feel like you’re living in the future.
When I’m at the meetup group, or on a cruise, or at the networking breakfast, or buying merch at a concert and I’m the only one tapping to pay, I’m not trying to be the cool tech guy. I’m just trying to be the guy who isn’t unnecessarily handing his real credit card number to strangers and hoping for the best.
Bonus: Your ID Is Coming to Your Wallet Too
Okay, so we’ve covered how Apple Pay keeps your credit card number out of the wrong hands. But it doesn’t stop there. The same Wallet app that holds your cards is now starting to hold something even more personal! Your driver’s license and state ID!
Yes, really. Your phone might eventually replace your physical wallet entirely! Cards and ID, all in one place.
Here’s how it works and why it’s actually a bigger deal than most people realize. I’m looking forward to this so much!
What Is a Digital State ID?
A digital state ID (sometimes called a mobile driver’s license, or mDL depending where you are) is exactly what it sounds like. It’s a verified, government-issued digital version of your driver’s license or state ID stored right inside Apple Wallet on your iPhone or Apple Watch.
States like Arizona and Maryland were first to launch this feature back in 2022, and the list has been growing steadily since. As of mid-2025, states including California, Colorado, Georgia, Ohio, Connecticut, Utah, and others have come on board.
And if your state isn’t there yet, Apple recently made it even more accessible. As of November 2025, any US passport holder can now create a Digital ID in the Wallet app using their passport, regardless of what state they live in. That Digital ID works the same way as a state-issued one for supported use cases.
Where Can You Actually Use It?
This is the part people always ask first. The honest answer is it’s not quite “everywhere” yet, but it’s growing.
The biggest and most useful place right now? The airport. Apple Wallet IDs are accepted at TSA checkpoints in more than 250 airports across the US for domestic travel. You just double-click the side button, hold your phone or watch near the reader, and you’re through. No fumbling for your wallet in the security line. No handing your ID to a stranger.
Beyond that, some retailers allow digital IDs to verify age for purchasing alcohol, tobacco, or other restricted products. Maybe sex toys. Just saying. lol Some government agencies in select states accept them for benefits applications, and future uses could include things like renting a car, hotel check-ins, and more as the infrastructure keeps building out.
One important heads-up is most states still require you to carry a physical ID for now. For example, if law enforcement requests one. Your digital ID is not yet a legal replacement for your physical card in that specific situation yet. So don’t throw away your actual license just yet. But for everyday life use cases? It’s getting genuinely useful, fast.
Why Is This More Secure Than a Physical ID?
Here’s where it gets really good, and this is the part I love! Think about what happens every time you hand your physical driver’s license to someone. Maybe it’s a bouncer at a show. A bartender. The front desk at a hotel. The TSA agent. They’re holding a card that has ALL YOUR SHIT on it! Your full name, your home address, your date of birth, your license number, and your photo all printed right there in the open. Every single piece of that information is visible to whoever is holding it, and there’s nothing you can do about it.
However, with a digital ID in Apple Wallet, that changes completely. Apple Wallet ID is designed so that identity data is shared ONLY when explicitly approved. When presenting your ID, the system displays ONLY and EXACTLY the information that is being requested. For example, only your name or age verification, and you then approve only what’s needed before anything is transmitted. This selective disclosure approach limits unnecessary data exposure. FINALLY!Â
So, like, if a bar needs to verify you’re over 21, the system sends exactly one thing: “yes, this person is over 21.” Not your address. Not your license number, or even your birthday. Just the answer to the question being asked.
That’s a pretty massive privacy upgrade compared to handing a bouncer your full ID and hoping they don’t memorize your home address. So awesome!
And the digital ID data is encrypted and stored only on the device, and Apple itself cannot see when, where, or how your ID is used. Face ID or Touch ID ensures only the owner can present their ID, and users review exactly what information is shared before it’s sent. The data is stored in the Secure Enclave, that same tamper-resistant chip used for Apple Pay transactions. Remember this is isolated from the main operating system. Even Apple can’t access it.
So the same vault that protects your credit card information is protecting your identity information. Same chip. Same encryption. Same “nobody gets in without your face or fingerprint” security.
There’s also another layer here worth mentioning. You never hand your phone to anyone. To present a Digital ID in person, you hold your iPhone or Apple Watch near an identity reader, review what’s being requested, and authenticate with Face ID or Touch ID. There’s no need to unlock, show, or hand over the device. Another win! Compare that to physically handing your physical wallet card to a stranger and waiting for them to hand it back. Which one actually sounds more secure to you?
The Bottom Line on Digital IDs
We’re still in the early innings here. Not every state is on board yet, and acceptance isn’t universal outside of airports. But the direction is pretty clear that your phone is becoming your wallet, your ID, and eventually even your car key and your house key. This is already in place with some manufacturers!
The security architecture behind it is genuinely impressive, and the privacy benefits, particularly that selective disclosure piece where you share only what’s actually needed, are something your physical plastic card can never offer.
Keep your physical license in your back pocket for now. But the day is coming when “I forgot my wallet” might literally mean nothing. And honestly? That sounds pretty metal to me. \m/ \m/
You’ve got the knowledge now. Use it. Horns up. 🤘
Chris, I loved the bit about how Walmart specifically does not support Apple Pay and others because they want the data, and using contactless deprives them of it!