UCF STIG Viewer Logo

Apple iOS must not store any payment data in Apple Pay.


Finding ID Version Rule ID IA Controls Severity
V-54313 AIOS-05-080104 SV-68559r1_rule Medium
Apple Pay is a mobile payment technology that enables users to make purchases with their iOS devices, provided that the vendor supports the required Near Field Communications (NFC) interface to Apple Pay. If the payment system is vulnerable to breach, a user's charge cards may be used for unauthorized payments, including charges to government-issued cards. Disabling or avoiding use of Apple Pay mitigates this risk. SFR ID: FMT_SMF.1.1 #42
Apple iOS 8 Interim Security Configuration Guide 2014-09-16


Check Text ( C-54949r1_chk )
Review configuration settings to confirm that Apple Pay is disabled or not in use.

Note: This check procedure is not applicable on iOS devices that do not support Apple Pay. As of the publication of this ISCG, iPhone 6 and iPhone 6 Plus are the only iOS devices that support Apple Pay.

If there is a mechanism for disabling Apple Pay, verify Apple Pay is disabled. Potential mechanisms to disable Apple Pay include disabling the NFC radio or disabling the Apple Pay service. The settings for these features are expected to be found in the Settings app.

If there is not a mechanism to disable Apple Pay, verify that no payment information (e.g., a charge card) is associated with Apple Pay. The configuration of Apple Pay is expected to be found either in a App associated with Apple Pay or in the Settings app.

If there is any payment information configured for Apple pay, this is a finding.
Fix Text (F-59167r1_fix)
The user must remove payment information from Apple Pay or disable the feature.