Comment by BillinghamJ
2 years ago
Although you're right that Apple Pay is cryptographically verified, you may be surprised to know these two things:
1. you can charge any amount - the amount shown in the Apple Pay UI is arbitrary
2. you can make multiple charges, also of any amount (e.g. for a subscription)
It is tokenized, but practically it's just a card number you can charge like any other card number. It's also typically linked back to the original PAN, so multiple payments can be correlated together with ease
Your payment processor and the network has to trust you if you're reusing the Apple Pay cryptogram for a subscription payment. You _can_ do anything (e.g. you can represent yourself as an open loop transit network reader and get a card number without any authentication from express mode cards!), but the network will not allow you to succeed doing that for very long, if at all.