Slashdot Mirror


Fraud Rampant In Apple Pay

PvtVoid writes with this report from the New York Times, excerpting: An industry consultant, Cherian Abraham, put the fraud rate [for Apple Pay] at 6 percent, compared with a traditional credit card fraud rate that is relatively minuscule, 10 cents for every $100 spent. [i.e. one tenth of one percent]. The vulnerability in Apple Pay is in the way that it — and card issuers — "onboard" new credit cards into the system. Because Apple wanted its system to have the simplicity for which it has become famous and wanted to make the sign-up process "frictionless," the company required little beyond basic credit card information about a user. Nor did it provide much information to the banks, like full phone numbers and addresses, that might help them detect fraud early. The banks, desperate to become their customers' default card on Apple Pay — most add only one to their iPhones — did little to build their own defenses or to push Apple to provide more detailed information about its customers. Some bank executives acknowledged that they were were so scared of Apple that they didn't speak up.

2 of 269 comments (clear)

  1. Aren't these already compromised cards? by Galaga88 · · Score: 5, Interesting

    The story doesn't really indicate how this could be much of Apple's problem - it sounds like the cards that are getting used are already stolen?

    I guess what's happening is criminals are getting stolen CC info, and are then able to use it in a physical environment via Apple Pay where it previously would have required printing a forged card?

    The article mentions that it's easier to get away with fraud in person because the lack of shipping delay leaves less time to catch it, which shows why they'd be so eager to jump to a method like this.

    1. Re:Aren't these already compromised cards? by rgbscan · · Score: 5, Interesting

      This is exactly what it is. Already compromised cards being added as payment token. Banks are supposed to follow a protocol called "Yellow path" to prevent this fraud, but since everyone wants their ApplePay to work right away without having to call a call center, a lot of banks are lenient on the security checks. This is not a problem with Apple's technology, or the secure element on the phone, or the fingerprint reader. This is a bank allowing a card to be added to an ewallet, presumably because the party adding the card has all the relevant info (stolen identity) to make it work.