Yoni Heisler has an in-depth overview of Apple Pay at TUAW today:
Remember that merchants in an Apple Pay transaction never have access to user credit card information and, as a result, users never have to worry about their information being compromised in a security breach. Further, security at the device level is effectively impenetrable as tokens, along with the encrypted keys responsible for the cryptogram, are all securely stored in the Secure Element.
And as an extra security precaution, iPhone owners will have the ability to unlink or temporarily suspend a token connected to a stolen device, thereby rendering Apple Pay inoperable until the device is retrieved.
I may be skeptical about Apple Pay in Europe, but the way it’s been built and will operate is fascinating. (I’m even more curious to know if integration with Safari will happen for web payments eventually).