A new Apple tech note explains the details of the Consumer Device Cardholder Verification Method (CDCVM). The document is intended primarily at merchants, but could come in handy for consumers wishing to understand in more detail how their card issuer handles Apple Pay and contactless payments.
For additional background on Apple Pay, see Kelly Guimont's "How Apple Pay Mitigates Breach Fatigue."
The CCDVM is a verification method used by the card network to assess a transaction originating from mobile networks. The Apple document explains:
With Apple Pay, Touch ID or the device passcode can be used as the consumer device verification method, instead of the more traditional methods of PIN, signature for transactions in stores, or 3D Secure for transactions within apps.
For Apple Pay contactless EMV transactions, CDCVM is performed and verified entirely on the iOS device (e.g. iPhone 6 and Apple Watch). During the transaction, no additional customer action is required on the payment terminal or paper receipt to verify the customer, such as a signature or PIN.
There are reasons why a merchant should support CDCVM. First, it enables contactless payments, merchants won't carry liability under the EMV liability shift, the throughput is faster and customers will have a better transaction experience.
The section entitled "Do card issuers still bear liability for CDCVM transactions?" will be of interest and provides details where liability lies for fraudulent transactions.
There are many more details about the CDCVM system that will be of interest to merchants, and any merchant who accepts payment cards should be well read on this document.
Apple has announced that Apple Pay will be coming to the UK in July. In a related document, "About Apple Pay for merchants in the UK.," Apple provides details for UK merchants on how to start accepting payments. Also, details are provided on how to accept payments over £20.