Apple Pay fraud stems from retailer data breaches, Apple Store purchases account for 80% of unauthor

Posted:
in iPhone edited March 2015
According to a report on Thursday, fraudsters are using credit card information gleaned from recent high-profile retail chain data to create Apple Pay accounts, while Apple Stores themselves account for 80 percent of unauthorized transactions.



Citing sources familiar with the matter, The Wall Street Journal reports criminals are purchasing big-ticket items at Apple Stores using fraudulent Apple Pay accounts created in part with credit card data stolen from Home Depot and Target. With the iPhone 6's NFC capabilities, the physical card may not be required for such purchases.

Apple Pay itself has not been breached, meaning customers who have provisioned cards with Apple's service are safe. The bank-side systems on which Apple Pay security is partially reliant, however, is apparently being gamed.

When Apple Pay users first opt to add a credit or debit card, the issuing bank can use a "green path," which immediately provisions the card, or a "yellow path" that requires additional steps to verify a user's identity. A study found the yellow path to be somewhat lenient, with banks asking for information that in some cases are relatively easy to attain, such as the last four digits of a user's social security number.

Methods of authentication vary from bank-to-bank, but some institutions require cardholders verify account details, log into online accounts or speak to a customer service representative. The publication said some banks send out a confirmation text message to a customer's phone, a technique often used by Web-based two-step authentication services.

The report echoes previous claims that Apple Pay bank partners are "scrambling" to stem the tide of fraudulent activity related to supposedly lax cardholder verification procedures. It is unclear what changes are being made on the backend, but it can be assumed that cardholders will soon see more stringent authentication protocols.
«1

Comments

  • Reply 1 of 38
    mstonemstone Posts: 11,510member

    Criminals are everywhere. People have no respect. They cheat, lie, steal, drive over the speed limit with expired plates, drunk and no insurance. It really pisses me off. Then there is Putin and ISIS. Assholes all.

     

    EDIT: This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end.

  • Reply 2 of 38
    MacProMacPro Posts: 19,339member
    At least the thieves have good taste.
  • Reply 3 of 38
    slurpyslurpy Posts: 5,316member
    Quote:

    Originally Posted by mstone View Post

     

    This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end.


     

    Yeah, and get billions of people with existing banks and credit cards to switch to their bank. Piece of cake. 

  • Reply 4 of 38
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by Slurpy View Post

     
     

    Yeah, and get billions of people with existing banks and credit cards to switch to their bank. Piece of cake. 


    Yeah I know but I look at it like when Apple let Motorola have the iTunes for their Rokr. How easy would it be now to just offer an Apple credit card? You want REAL security, then sign up now. We've talked about it for years on the forum. 

     

    Sure, anyone can get hacked, that is the reality of the internet, but honestly, I would trust Apple more than any bank at this point.

  • Reply 5 of 38
    mstone wrote: »
    Criminals are everywhere. People have no respect. They cheat, lie, steal, drive over the speed limit with expired plates, drunk and no insurance. It really pisses me off. Then there is Putin and ISIS. Assholes all.

    This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end.

    Indeed.

    This was always the flaw in Apple's approach. In the end, they are the middleman and have only limited control over the whole process. Ideally, they would have made iBank and bypassed Visa, the banks and everyone.

    At least these teething problems are being worked out before it arrives the other side of the pond.
  • Reply 6 of 38
    magman1979magman1979 Posts: 1,212member
    So let me get this straight, thieves are using the credit card information stolen from Target and Home Depot from MONTHS ago??? Wouldn't all of these numbers have been cancelled by the banks by now, rendering them useless?

    This isn't anything to do with ?PAY, but rather EVERYTHING to do with stupid banks with their shitty identity checks and verification policies!

    Why is it sites are trying to make it sound like it's an ?PAY issue? This kind of bullshit just pisses me off! I'm up in Canada, and the moment I get my 6S in the fall when I upgrade, I intend to IMMEDIATELY start using ?PAY!
  • Reply 7 of 38
    dasanman69dasanman69 Posts: 13,001member
    magman1979 wrote: »
    So let me get this straight, thieves are using the credit card information stolen from Target and Home Depot from MONTHS ago??? Wouldn't all of these numbers have been cancelled by the banks by now, rendering them useless?

    This isn't anything to do with ?PAY, but rather EVERYTHING to do with stupid banks with their shitty identity checks and verification policies!

    Why is it sites are trying to make it sound like it's an ?PAY issue? This kind of bullshit just pisses me off! I'm up in Canada, and the moment I get my 6S in the fall when I upgrade, I intend to IMMEDIATELY start using ?PAY!

    It's not known exactly how many numbers were taken. People get lulled into thinking that their card numbers are safe because they weren't used right away, so those numbers are never changed.
  • Reply 8 of 38
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by MagMan1979 View Post



    So let me get this straight, thieves are using the credit card information stolen from Target and Home Depot from MONTHS ago??? Wouldn't all of these numbers have been cancelled by the banks by now, rendering them useless?

    Surprisingly, no. The bank only replaces the card if you notify them that there has been an unauthorized charge, loss of the card or theft, or if they detect an obvious fraud. The criminal will typically test the card. That might mean going to the neighborhood of the stolen card and trying a small purchase. If it works, they head to the Apple Store.

  • Reply 9 of 38
    mac_dogmac_dog Posts: 902member
    Quote:
    Originally Posted by mstone View Post

    Criminals are everywhere. People have no respect. They cheat, lie, steal, drive over the speed limit with expired plates, drunk and no insurance. It really pisses me off. Then there is Putin and ISIS. Assholes all.

     



    no. this is what happens when your leaders in government, wall street, corporations and your banks are mostly crooks & liars and they lead by example.
  • Reply 10 of 38
    mstone wrote: »
    Surprisingly, no. The bank only replaces the card if you notify them that there has been an unauthorized charge, loss of the card or theft, or if they detect an obvious fraud.
    That depends upon the bank in question. I was one of those at risk in the Target breach and my bank automatically issues me a new card with no input from me.
  • Reply 11 of 38
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by mac_dog View Post

     


    no. this is what happens when your leaders in government, wall street, corporations and your banks are mostly crooks & liars and they lead by example.

     

    has anything changed since biblical times?

  • Reply 12 of 38
    magman1979magman1979 Posts: 1,212member
    mstone wrote: »
    Surprisingly, no. The bank only replaces the card if you notify them that there has been an unauthorized charge, loss of the card or theft, or if they detect an obvious fraud. The criminal will typically test the card. That might mean going to the neighborhood of the stolen card and trying a small purchase. If it works, they head to the Apple Store.
    That's really pathetic... I had two of my credit cards breached during the last 10 years, and each time, not only was I proactively informed by my bank, the cards were canceled, and the replacement cards had new numbers, rendering the stolen ones useless.

    If the US banks don't follow this type of process, then they shouldn't be in business as banks, period, because they obviously don't give a rat's ass about protecting the identity and credit rating of their customers!
  • Reply 13 of 38
    dasanman69dasanman69 Posts: 13,001member
    mstone wrote: »
    has anything changed since biblical times?

    The footwear is much better now :lol:
  • Reply 14 of 38
    getvoxoagetvoxoa Posts: 83member

    Come to think of it, I think it took me a while (more than a week) to get Wells Fargo credit card enrolled passbook, I was never sure that I got it or not by downloading a separate Wells Fargo app. All other credit cards are way too easy to set up. 

  • Reply 15 of 38
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by Buckeyestar View Post

     
    That depends upon the bank in question. I was one of those at risk in the Target breach and my bank automatically issues me a new card with no input from me.


    Probably because it was used in a fraud. They don't tell what happened.

  • Reply 16 of 38
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by MagMan1979 View Post

     
     and each time, not only was I proactively informed by my bank, the cards were canceled, and the replacement cards had new numbers, rendering the stolen ones useless.


    It is the same in the US. The banks took a loss on the fraud but replacing your card was not exactly proactive.

  • Reply 17 of 38
    anantksundaramanantksundaram Posts: 20,185member

    Banks need to have better verification systems -- e.g., texting or emailing the user -- to agree to a CC being added to ApplePay. Some of them did.

     

    That said, Apple could have worked with them to design systems to accomplish that. (It's also possible that Apple did, and the banks did not listen).

  • Reply 18 of 38
    jungmarkjungmark Posts: 6,835member
    mstone wrote: »
    It is the same in the US. The banks took a loss on the fraud but replacing your card was not exactly proactive.
    DC replaced my card without any action by me. They also sent me a letter indicating no fraud detected but it was replaced as a precaution. I also check my statements so no unauthorized purchases there either.
  • Reply 19 of 38
    kibitzerkibitzer Posts: 1,114member
    Quote:

    Originally Posted by mstone View Post

     

    Criminals are everywhere. People have no respect. They cheat, lie, steal, drive over the speed limit with expired plates, drunk and no insurance. It really pisses me off. Then there is Putin and ISIS. Assholes all.

     

    EDIT: This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end.




    If Apple started its own bank, and even with its superb reputation, it's just not possible to say that their security never can be breached. In an uncertain world, though, it probably would be as certain a thing as you can find.

  • Reply 20 of 38
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by jungmark View Post



    DC replaced my card without any action by me. They also sent me a letter indicating no fraud detected but it was replaced as a precaution. I also check my statements so no unauthorized purchases there either.

    Yeah same with me however BoA doesn't comment on why they replaced it just that it needed to be done. Happened twice so far, but I never saw any charges on my statement. I've heard that credit cards are better than debit cards for protection, but both times my card was breeched it was my debit card. Particularly inconvenient when you are out of the country and depend on ATM for operating expenses. As my wife says that's a whole 'nother Oprah. We have money locally but because of US Fed if we keep more than $10K in a foreign bank the bank charges us a fee for reporting it to the US for money laundering issues. Such are the inconveniences of dual citizenship although the pros outweigh the cons.

Sign In or Register to comment.