Slashdot Mirror
Fraud Rampant In Apple Pay
PvtVoid writes with this report from the New York Times, excerpting: An industry consultant, Cherian Abraham, put the fraud rate [for Apple Pay] at 6 percent, compared with a traditional credit card fraud rate that is relatively minuscule, 10 cents for every $100 spent. [i.e. one tenth of one percent]. The vulnerability in Apple Pay is in the way that it — and card issuers — "onboard" new credit cards into the system. Because Apple wanted its system to have the simplicity for which it has become famous and wanted to make the sign-up process "frictionless," the company required little beyond basic credit card information about a user. Nor did it provide much information to the banks, like full phone numbers and addresses, that might help them detect fraud early. The banks, desperate to become their customers' default card on Apple Pay — most add only one to their iPhones — did little to build their own defenses or to push Apple to provide more detailed information about its customers. Some bank executives acknowledged that they were were so scared of Apple that they didn't speak up.
It's easier to punch stolen numbers into a phone than it is to print up an actual card. When chip + pin happens, all of the criminals will be using Apple Pay.
I don't respond to AC's.
So if you use Apple Pay, you have less of a chance of getting YOUR credit card data stolen... However if your credit card had already been stolen, Apple Pay means there is a higher chance of it getting used. Because you won't need to face someone who may question your identity.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Apple supporters were right to call out Mr. Abraham - he is biased and attempting to create FUD against Apple and Apple Pay. The real fault and finger pointing needs to be directed to the banks and they need to get their houses in order.
Indeed.
If the banks had the courage to confront Apple and demand that Apple Pay include more information then this wouldn't have happened. Its entirely the banks fault for being scared of Apple (which probably has a larger war chest than all those banks combined).
In the free world the media isn't government run; the government is media run.
In fairess, it doesn't sound like there's a problem with Apple's implementation - it may well be perfectly(hah!) secure. But security is only as good as the weakest link, and if the banks aren't doing their job of verifying that the CC account being bonded to the Apple-Pay account is actually legit - well then there's a giant F'ing hole in the security that theives will enter by the busload. Nothing Apple can do about that, technologically at least - though if they're pressuring banks to provide a "painless" bonding experience, well then they do bear some responsibility.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
American banks have ALWAYS sucked at security in the world of the credit card. that CCV number on the back of the card is the dumbest thing ever and offers zero security.
Do not look at laser with remaining good eye.
ApplePay is part of the problem. Because it tries so hard to keep information away from banks and retailers it makes it harder to detect fraud. If Apple were providing things like names and phone numbers to the banks they could very easily see that a particular CC was not being used by the authorized owner or on a phone they had never used it with before.
To be fair, banks could have demanded that information during sign up, but didn't. There is plenty of blame to go around. What I'd like to know is who pays for it. Usually it is the merchant, in which case I'd expect to see some of them refusing Apple Pay.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
You should probably read what the CCV is for before telling everyone you can't be bothered to and just making up your own explanation.
But of course, the person who is stealing your credit card info is most likely your waiter, and they have a minute or two with your card over at the POS to copy down the CVV manually.
And this is why the United States needs to move to EMV (Chip & Pin) like the rest of the world. Rather than the waiter taking your card away, they bring you a hand-held terminal, which you then take and perform the last portion of the contract yourself, with the card never leaving your hands.
...si hoc legere nimium eruditionis habes...