Apple Pay not immune to fraud

Apple Pay has opened up a whole new world for scammers.

The Guardian reports that some crooks are setting up Apple Pay on their phones with others’ personal information and then going on costly shopping sprees. Startled by the level of fraud, banks are scrambling to fortify their systems, the newspaper reports.

Apple has touted security as one of the main selling points of its mobile payment system, which lets people with the latest iPhones make purchases by waving their gadgets at the register, rather than swiping their credit cards. Instead of transmitting a user’s credit card number, Apple Pay shares a unique token with the retailer. That helps protect Apple Pay users from the massive breaches that have hit stores like Target and Home Depot, where hackers made off with thousands of credit card numbers.

The Apple Pay schemes perpetrated by hackers so far have been a far cry from those breaches, but they still pose problems for Apple as it tries to sell consumers on a new way to make purchases, said James Wester, a research director at IDC.

“It still feeds into the perception that mobile payments might not be as secure,” he said.

Apple has also talked up the convenience of its system, arguing it is easier for consumers to reach for their iPhones than to fumble for the right credit card. But companies must always strike a balance between security and convenience as many of the best security practices are tedious, Wester said.

“When you start making things as easy as possible, that almost by definition means you cant make it as secure as possible,” he said. “This makes me wonder whether they may have erred on the side of making it too convenient.”

A spokesman for Apple stressed to the Guardian that its system for shielding credit card information had not been compromised.

“Apple Pay is designed to be extremely secure and protect a user’s personal information,” the spokesman told the Guardian. “During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”

The criminals behind the schemes have focused on Apple Stores as they accept the mobile payment system and sell pricey items, according to the Guardian.

Above: Apple Pay has been abused by hackers (Bryan Thomas/Getty Images).



Tags: , ,


Share this Post

  • Douglas

    Apple Pay probably allows a higher spend limit than other card-not-present transaction and so is being used as a vehicle for crooks to use cards stolen by some unrelated method. The banks themselves will need to tighten the processes that allow someone to add a card to their iPhone.

    • USN_RET

      Does Apple Pay even impose a limit, or is it simply the limit you already have on your card?

      • Douglas

        It might be a combination of Bank Limit and Merchant Limit. Some articles suggest that Apple Stores allow purchase of high value items via Apple Pay. I read that as inference that some stores will decide on their own Apple Pay spend limit. Over a certain limit you may also need to enter a pin.

        Actually crooks are probably using Apple Pay because it saves them having to print a physical card.

        • Charles Franklin

          Why speak of what you do not know?

          At least seek out an expert! Not an analyst, but rather a Subject Matter Expert(SME)—someone who has SUCCESSFULLY configured such a system.

  • These are the banks that use Winxp on their machines.

  • Jeff Meredith

    There was not a single bank identified in this article or the Guardian article. Having provisioned multiple cards, the banks have been getting much tougher as they are learning their lesson.

    What is in the customer and merchant’s responsibility is secure. There has not been a single report of any compromised Apple Pay NFC transaction.

    80 million Social Security Numbers were compromised in the Anthem breach. So knowing a Social Security Number means nothing right now.

    Yes banks have to do their job which is verify identity. But that is not my job, that is theirs.

    I have made over a 100 Apple Pay transactions personally and have complete confidence in tokenization and the Apple Pay transaction. It has actually spurred European Visa to adopt, first time I have felt ahead of Europe in this regard.

  • MADG33k

    I am very disappointed in this news piece as it gets the essential problem WRONG! The problem is not with Apple Pay, the problem is with the banks not taking correct steps to differentiate between their customer and a scammer when authorizing a phone to be able to use Apple Pay to make charges on that credit card.

    Since the bank is the one actually AUTHORIZING the phone to make the credit change on the scammers phone how is this an Apple Pay issue (or Google Pay and so on)?

    The issue is not that Apple Pay makes charging on an iPhone too convenient, it is that the Banks make it too convenient for people to authorize phones with the banks credit card without doing proper diligence to make sure they are talking to their customer and not a scammer.

    This type of poor reporting will only make this site known for “click-baiting” rather than a factual news site.

  • thompson_97

    The banks will fix their initial authorization process. This process is necessary for every pay system that is coming our way… not specific to ApplePay.

  • Roxy Balboa

    What BS!! How’s  Pay supposed to stop someone stealing a credit card and using stolen personal information? You should ashamed of misleading people with your post title.

  • WAM

    Y is the stock so stalled and done?

  • fstein

    Fools rush in…. Greed.. Issuers are taking short cuts because they are too eager to get what they think is a primo Apple customer. The author and Guardian don’t tell us how much fraud, what %, nor how this compares to everyday ID theft, which is all this is…everyday ID theft.