Unable to add cards to Apple Wallet on iPhone 16 Pro Max

This is not an Apple issue, but rather a bank, Payment Network Operator, or Token Service Provider  issue. Apple provides the same set of information to all banks that are attempting to add a payment method. 

“When a user adds a credit, debit or pre-paid card (including store cards) to Apple Wallet, Apple securely sends the card information, along with other information about the user’s account and device, to the card issuer or card issuer’s authorized service provider (usually the payment network). Using this information, the card issuer (or its service provider) determines whether to approve the user’s request to add the card to Apple Wallet.”

Card provisioning security overview - Apple Support

The banks need to establish the security of your device and the ownership. Apple provides the following information. 

“When you are adding a payment card like store, credit, debit, and prepaid cards to Apple Pay, information you provide about your card, and whether certain device settings are enabled may be sent to Apple in order to determine your eligibility to enable Apple Pay and its features. Your device may also evaluate device use patterns (for example, percent of time device is in motion, approximate number of calls per week) to help identify fraud. The information evaluated by your device is not shared with Apple in a way that can be linked to you.”

Apple literally does not know and cannot track any of the information back to you. The information your iPhone discloses to your bank would have to be shared by the bank to Apple. Even then, Apple can’t change the data your iPhone is reporting. 

“Information may also be provided by Apple to those entities to enable Apple Pay, determine card eligibility, set up your card with Apple Pay, and to prevent fraud, including:

• Your credit, debit, or prepaid card number
• The name and billing address associated with your Apple Account
• General information about your Apple Account activity (for example, whether you have a long history of transactions within iTunes)
• Information about your device and, if using Apple Watch, the paired iOS device (for example, a device identifier, phone number, and the name and model, for both your Apple Watch and paired iOS device)
• Location at the time you add your card (if you have Location Services enabled)
• Account or device history of adding payment cards
• Aggregated stats relating to the information from payment cards you’ve added or attempted to add to Apple Pay

Legal - Apple Pay & Privacy- Apple

Ask your bank if they are receiving data from the Payment Network Operator (Mastercard, Visa etc.)? Then ask the bank who their Token Service Provider is? Without that information, I doubt we can go any further.

They don’t know who the token service provider is because the bank doesn’t train and educate their support people to explain why they aren’t overriding the concerns of the PNO or TSP.

Actually, it perfectly lines up. Please review this material (my second request) and if you have questions please ask.

“Information may also be provided by Apple to those entities to enable Apple Pay, determine card eligibility, set up your card with Apple Pay, and to prevent fraud, including:

• Your credit, debit, or prepaid card number
• The name and billing address associated with your Apple Account
• General information about your Apple Account activity (for example, whether you have a long history of transactions within iTunes)
• Information about your device and, if using Apple Watch, the paired iOS device (for example, a device identifier, phone number, and the name and model, for both your Apple Watch and paired iOS device)
• Location at the time you add your card (if you have Location Services enabled)
• Account or device history of adding payment cards
• Aggregated stats relating to the information from payment cards you’ve added or attempted to add to Apple Pay

Legal - Apple Pay & Privacy- Apple

The help I have to offer is to explain the issues involved and direct you towards the entities that have the authority to make the necessary changes.

What happens when you attempt to add a card to your Wallet app? The information is sent in several rounds. The first is simple information like account number, expiration date (but not the CVV security code). It goes through a basic verification process, usually by the Payment Network Operator. If you put in the wrong card number you get an invalid card error. Note this is different from the Contact your Bank error.

Banks generally give you 5 tries to add your card. Any further attempts is an automatic 24 hour lockout of attempts. Continuing to try just adds to your frustration and banks, PNOs suspicion that it’s fraud.

If you correctly add the in formation the second round of verification happens. Information on your iPhone is encrypted on your iPhone and sent to who the bank is using for verification. This could be the bank an a few cases. For example Chase Bank does it themselves. Most banks use the PNO or a company specializing in credit card services. One such company is Marqeta. Usually these companies fulfill the role of Token Service Provider as well.

The information from your iPhone is decrypted and analyzed for accuracy and potential fraud risk. The analysis either forwards the request to your bank for final approval or you receive the Contact your bank error.

So, what does your iPhone send to the PNO or third party verifier?

“Information may also be provided by Apple to those entities to enable Apple Pay, determine card eligibility, set up your card with Apple Pay, and to prevent fraud, including:

• Your credit, debit, or prepaid card number
• The name and billing address associated with your Apple Account
• General information about your Apple Account activity (for example, whether you have a long history of transactions within iTunes)
• Information about your device and, if using Apple Watch, the paired iOS device (for example, a device identifier, phone number, and the name and model, for both your Apple Watch and paired iOS device)
• Location at the time you add your card (if you have Location Services enabled)
• Account or device history of adding payment cards
• Aggregated stats relating to the information from payment cards you’ve added or attempted to add to Apple Pay

Legal - Apple Pay & Privacy- Apple

Once one card is declined, that decline is a statistic stored on your iPhone. When the next card you try to add is analyzed, the PNO etc. sees the decline and that’s a red flag and don’t want the risk and decline the second card. Now you have two declines. Add to that the multiple attempts and soon your device has a 24 hour lockout in the statistics. It’s a snowballing issue and gets worse and worse with every added attempt. The final result is a lock on the adding of cards for 30 to 45 days.

Now, what help would you like, beyond the obvious of adding your cards.? The bank and their chosen service provider hold the key both literally and figuratively. The data is encrypted and Apple can’t see it even if they want to. That’s the privacy and security Apple provides through Apple Wallet and Apple Pay services.

I can lay out an action plan and suggest steps to correct maybe a few things, but for most people it’s too much work. Please let be know how you want to proceed. I can answer questions, provide areas for you to investigate and point you back to the bank. They can, in theory, see the issues. They can’t correct them, but they can decide to accept or decline the risk they think you present and that is something Apple just cannot do.

Sure, here’s your links,

Apple Pay component security - Apple Support

Paying with cards using Apple Pay - Apple Support

Apple Pay Wallet Terms and Conditions

Payment Platforms - Apple Pay - Apple Developer

Apple Pay component security - Apple Support

Paying with cards using Apple Pay - Apple Support

Apple Pay security and privacy overview - Apple Support

Not an Apple article, but a good primer to learn about tokenization.

https://www.aciworldwide.com/blog/a-primer-on-tokens-tokenization-payment-tokens-and-merchant-tokens#

Apple Pay | Apple Developer Documentation

Card provisioning security overview - Apple Support

https://developer.apple.com/apple-pay/Apple-Pay-Merchant-Integration-Guide.pdf

Legal - Apple Pay & Privacy- Apple

I also have information from former co-workers, friends, etc. that still work in the industry in various capacities. Some are at C level. In full disclosure, I’m a former Apple Retail Store manager, but that’s a relatively minor part of what I know and how it should (operative word) work.

Banks overriding concern is to reduce friction for consumers and at the same time reduce fraud. These are virtually diametrically opposed policies. This results in lower level support people not receiving adequate training and repeatedly blaming a party (Apple) that literally doesn’t know the issues.

Why doesn’t Apple know the difference? Because of consumers concern for privacy and confidentiality. Bank just says no problem, until you ask the wrong questions I’ve purposed, and the consumer learns they won’t reveal the truth.

Did you read what I wrote? Every bank says no problem until you ask the hard questions that they can’t answer or won’t answer.

What does only one device can’t add these cards mean? How did the cards get removed in the first place?

It’s not a consumer finance issue. CFPB has responsibility in regard to consumer lending violations. Not adding your card to an electronic wallet is not really their area of enforcement.

So, let me understand, the cards are on other devices? Are they your devices like an Apple Watch or iPad? Are they other iPhones like family or friends?

Great, since you work for a major bank, you should have no issue answering who the bank’s Token Service Provider is?

The bottom line is the Payment Network Operator (Mastercard, Visa etc), the issuing bank and the Token Service Provider can block your card. If the Token Service Provider doesn’t send the Token, your card can’t be added.

So, who’s the Token Service Provider? If the bank won’t tell you, why is that?