Apple Pay, Google Pay and the Credit Ban

Loading...

Author: Max Cookson Last updated: June 2026 Reading time : 11 min

The myth that wallets quietly skirt the ban

I lost count somewhere around the thirtieth message. Each one had the same hopeful framing: “Apple Pay still uses my credit card, but the bookmaker doesn’t know that, right?” The assumption was that tokenisation puts a layer of plausible deniability between the wallet and the underlying card, and that this layer survives contact with Australia’s credit ban. It does not. The tokenisation layer was built for security, not for circumventing regulation, and the wagering operators figured out how to read through it within weeks of the rules taking effect.

The bigger problem is that the misunderstanding isn’t just costing punters a failed deposit. It’s costing them confidence in payment rails they’d otherwise use without thinking. People are now refusing to use Apple Pay for bets at all because they can’t tell which configurations work and which don’t. So this piece is a clean separation: when a digital wallet is fine for an Australian bookmaker deposit, when it isn’t, and how to tell which side of the line your wallet sits on before you tap.

Modern payment guides on this portal.

How tokenisation works and why it doesn’t hide the funding source

When you add a card to Apple Pay, Google Pay or Samsung Wallet, the wallet doesn’t actually store your card number. It stores a token – a unique sixteen-digit string issued by the card scheme that maps back to your real card number on the scheme’s servers. Every time you tap to pay, the token gets sent to the merchant instead of the PAN, and the scheme handles the lookup. From a security standpoint this is brilliant: a leaked token only works for that specific device and that specific merchant relationship.

What the token doesn’t do is hide the underlying card type. The first four digits of the token (the equivalent of a BIN) tell the scheme – and any merchant who asks – whether the card behind it is credit, debit or prepaid. The merchant doesn’t see the consumer’s PAN, but they can see the funding-source classification before authorisation completes. That’s how supermarkets distinguish credit from debit for their own routing decisions, and it’s exactly the same channel licensed Australian bookmakers now use to enforce the ban.

From the bookmaker’s perspective, an Apple Pay deposit funded by a credit card looks identical to a direct credit-card deposit. The wallet wrapper changes nothing about what the operator can refuse. So the rule isn’t “Apple Pay is banned” or “Apple Pay is fine” – it’s “the funding source behind your wallet is what matters”, and the wallet itself is incidental.

The actual text of the credit-related products clause

The legislation behind all this is the Interactive Gambling Amendment (Credit and Other Measures) Act 2023, which came into force on 11 June 2024. The phrasing the regulators settled on isn’t “credit cards” – it’s “credit and credit-related products”. That second word does most of the heavy lifting. It captures any payment instrument whose underlying mechanism extends credit to the consumer, regardless of how the instrument is presented at the point of sale.

“Australians should not be gambling with money they do not have,” is how the Minister for Communications framed the policy when the rules took effect. That framing is the interpretive lens the ACMA has been using ever since. If the funding source represents money the punter doesn’t currently have but is borrowing – whether through a revolving credit line, a buy-now-pay-later instalment plan or a credit-linked overdraft – it’s caught by the ban.

The penalty isn’t theoretical. Operators face fines of up to AU$247,500 per breach, and the ACMA’s compliance reports show it’s been actively chasing the edges. In a desktop review during March 2025, the regulator identified fifty licensed operators whose terms still mentioned credit cards or cryptocurrency as accepted methods, and required all of them to update their disclosures by 30 June 2025. The point is that the regulator is reading every layer of the deposit funnel – including wallet configurations – to enforce the rule.

Wallets with debit versus wallets with credit

The clean test for whether your wallet works at an Australian bookmaker is to look at which card you have set as the default funding source for that wallet at the moment you tap.

If the default is a Visa Debit, Mastercard Debit or eftpos card, the deposit is allowed. The wallet is essentially acting as a more convenient interface for the same debit transaction you could have made by typing the card number into the form. Tokenisation, biometric authentication and one-tap convenience are layered on top, but the underlying transaction is debit-funded and stays inside the law.

If the default is a credit card – even one with a generous balance, even one you’ve been using for years, even one branded with the same logo as your debit card – the deposit will fail. The bookmaker reads the funding-source flag, sees credit, and refuses the authorisation. Your wallet may still let you complete the tap on the device side, but the transaction will be rejected at the merchant. You’ll see an error that often looks like a generic decline, which is part of why people misread the situation as “Apple Pay doesn’t work here” rather than “my wallet’s default funding source isn’t allowed for wagering”.

The grey area is wallets that hold both card types. iPhones in particular let users keep multiple cards in Apple Wallet and choose which one to use at the moment of payment. If you have a credit card set as default and a debit card available as a secondary option, you have to actively switch before tapping. The wallet won’t switch for you because it doesn’t know the merchant is a bookmaker. Make the switch in the wallet interface, not at the point-of-sale, before you initiate the deposit.

What the ACMA’s 2024 to 2025 checks actually caught

For all the noise about whether digital wallets really get scrutinised, the ACMA’s compliance reporting has been remarkably specific about the gaps it’s been closing. Across the 2024 to 2025 financial year the regulator opened ten new investigations and closed ten, with one operator – Betchoice – fined AU$1 million plus a mandatory two-year independent review. The infringements weren’t always about wallet routing directly, but several involved the broader question of how operators surface payment options to customers.

What that tells you is that the regulator isn’t relying solely on bookmaker self-attestation. It’s reading the actual checkout flows, looking for routes a customer could take to fund a deposit with credit-related capital, and treating the existence of those routes as a breach even if no individual customer used them. A wallet that defaults to a credit card and isn’t intercepted before authorisation is exactly the kind of routing the ACMA has been catching.

From the consumer side the practical effect is that the operators have been getting more aggressive about wallet handling, not less. Where you might have slipped through with a credit-funded Apple Pay tap in late 2024, the same attempt in 2026 is far more likely to be caught at the merchant before it ever reaches your bank.

The pre-deposit test that takes ten seconds

Before you tap, open the wallet and check the active card. If it shows “credit” anywhere – in the card name, in the small text under the logo, in the type field if you tap into details – assume the deposit will fail and switch to a debit-funded card. Don’t trust your memory of how you set the wallet up six months ago, because banks reissue cards, defaults can change after software updates, and tokenisation occasionally re-binds.

The same test applies to Buy Now Pay Later wrappers. If your wallet shows an Afterpay, Zip or PayPal Pay-in-4 option, treat that as credit-related under the ban. The fact that BNPL technology piggybacks on a debit-style transaction at the merchant doesn’t change its classification – the underlying capital is borrowed against future repayments, which is precisely what the legislation targets. The detailed treatment of BNPL specifically is in the analysis of where Afterpay, Zip and Klarna stand for Australian wagering.

If you’re funding through a wallet linked to a transaction account at a major bank, the chances are high that you’re already on a debit rail and the deposit will go through. Where I see people stumble most often is on premium card products that look like debit but include an embedded credit feature – the so-called “all-in-one” cards some neobanks issue. Read the fine print before you save the card to a wallet.

Habits worth keeping after you sort the wallet out

Once you’ve cleaned up which card sits behind your wallet for betting purposes, the rest of the experience is genuinely smooth. Apple Pay and Google Pay deposits funded by Visa Debit clear in seconds, get the same fraud protections as a manual card entry, and bypass the awkward business of typing a card number on a phone screen at a pub. The wallet experience was never the problem – only the mistaken belief that it provided cover for credit funding.

Understand the risks of using offshore bookmakers with Visa.

The cleanest discipline is to keep a separate “betting card” inside the wallet, which is always a debit instrument from a bank account you’ve earmarked for the purpose. That removes the moment-of-tap decision and removes any risk of accidentally tapping with the wrong card. It also keeps your bookmaker statement traffic isolated, which is useful both for personal tracking and for any conversation you might have with the ATO down the line about gambling activity.