Banks reportedly clamp down on Apple Pay card provisioning in wake of fraud

13»

Comments

  • Reply 41 of 50
    solipsismysolipsismy Posts: 5,099member

    I don't believe you are correct. As I understand it, the fingerprint data on the phone is not accessible, Apple does not have your fingerprints -- the fingerprint data on the iPhone cannot be read or dumped. It's a one-way cypher. The iPhone merely determines if the last touchID finger image matches the stored data. 

    And even if Apple (or someone else) were to get ahold of the data in the Secure Enclave it still wouldn't translate to an image of your fingerprint.
     0Likes 0Dislikes 0Informatives
  • Reply 42 of 50
    I am glad that this happened on the ApplePay and not something else.
    At least you have an industry leader known for their quality and their pursuit of perfection and I am sure that Apple (if there is really a problem) will step up and lead to find a solution.

    Can you imagine if this happened on a non-iOS product?? who would have taken the lead on that, the banks or the phone manufacturer or the OS provider or the payment networks?

    It would take forever to get all of these parties to even agree on what the problem is and how to solve.

    Go Apple, you are doing the right thing. If you were not, no one would have cared to read or comment
     0Likes 0Dislikes 0Informatives
  • Reply 43 of 50
    habihabi Posts: 317member
    Quote:

    Originally Posted by SolipsismY View Post





    You can use a fingerprint, but the print of a finger is not required. You can use most parts of your body, your pet's paw, or pretty anything else that that has also has some electrical resonance to it. The only think that seems to really be a requirement is touch. I don't understand this question and comment.



    Consider this...

     

    -All credit cards have detailed information about the cardholder. They have names and billing addresses. These information have to be also when registering an appleid? If this information is not the same then it cant be anything other than a scam attempt?! And there are other aspects regarding security checks that can be used to sort out scammers.

     

    Eg.

    Can the same card be registered to several itunes accounts?

    What country the card is registered in?

    What kind of appleid account is it (old creditcard or some kind of bogus giftcard account?) And if you think about this REALLY... HOW hard is it to track down this device that was used for the scam purchace??? It involves nothing more than to track the device and give its location to police and so on... To me this sounds nothing more than a low IQ common criminal.

     0Likes 0Dislikes 0Informatives
  • Reply 44 of 50
    Quote:

    Originally Posted by SolipsismY View Post





    Sure, but we're talking about very little effort to create a great deal more security that will result in less costs to the bank (or the insurance company they pay for fraud claims which they then have to pay into with each renewed contract), as well other issues that can hurt a bank's brand. It's clearly about money for not investing in that little bit of extra work, but it's the shortsightedness I mention.



    Security that is not just band-aids takes much more than a little effort. I think it was Linus Torvalds (or maybe Edsgar Dijkstra) who was quoted as saying (though I haven't found the quote) that the biggest security problem is code with bugs. 

     0Likes 0Dislikes 0Informatives
  • Reply 45 of 50
    solipsismysolipsismy Posts: 5,099member

    Security that is not just band-aids takes much more than a little effort. I think it was Linus Torvalds (or maybe Edsgar Dijkstra) who was quoted as saying (though I haven't found the quote) that the biggest security problem is code with bugs. 

    Again, it's not a Band-Aid to call to have a CSR verify answers to challenge questions before making ?Pay work for that card. Your incessant defense of banks not having the time, money, or aptitude to have a customer call up a help desk with a supplied phone number is as abhorrent as it is ridiculous.

    As for mentioning bugs in code, I have no idea what the **** that is referring to since we're talking about authorizing a user's card, not about designing an encryption method.
     0Likes 0Dislikes 0Informatives
  • Reply 46 of 50
    charlitunacharlituna Posts: 7,217member
    habi wrote: »
    To me this whole thing seems just so idiotic. Why would someone be so STUPID to try something like that? Apple has your fingerprint and your phone ID and your other credentials. Why pair other peoples credit cards to your phone? Seems just like a shure way to get cought and get your ass jailed??? Man, its like making a burglary and leaving your drivers license on the floor?!?!

    Because it worked. You can hand type all the info which would be easy to get with a smart phone camera and a few seconds with the card (like you might have at a restaurant where they take your card away to swipe it rather than do it in front of you. The banks weren't doing anything to verify its you

    And Apple doesn't have your fingerprint. That is encoded into the secure element and never leaves the phone. It isn't backed up etc. or you can use your passcode for Apple Pay
     0Likes 0Dislikes 0Informatives
  • Reply 47 of 50
    charlitunacharlituna Posts: 7,217member
    xixo wrote: »
    Between Apple and the issuing banks, someone certainly dropped the ball

    There's no 'between'. Apple was never the issue. They provided the means for the banks to have verification if the bank chose to do it. The banks didn't all do it.
     0Likes 0Dislikes 0Informatives
  • Reply 48 of 50
    charlitunacharlituna Posts: 7,217member
    mstone wrote: »
    This an interesting point. Since the merchant can't see the CC data, they have no way to compare the drivers license. Many places require the card to be present along with photo ID. The post office is one that I know off hand.

    In violation of basically all card merchant agreements. They all say that you can't ask to see an id to take a card. If it is presented you check that it's signed. If yes, take it. If no, it's not valid so refuse it. I believe it's Discover that lets you ask for ID, demand the card is signed and then you can take it.

    Smart card thieves know this and will use it to raise a fuss. I remember one guy actually had copies of the merchant agreements on him. My manager used it against him to refuse the cards because they weren't signed when first presented. We only found out later that the guy had been in several stories buying tons of stuff and they had fraud charge backs. It was a high end mall so the companies reviewed camera tape to find who was rung up after a comment at a mall meeting made them realize they had all encountered the same guy.
     0Likes 0Dislikes 0Informatives
  • Reply 49 of 50
    habihabi Posts: 317member
    Quote:

    Originally Posted by charlituna View Post





    Because it worked. You can hand type all the info which would be easy to get with a smart phone camera and a few seconds with the card (like you might have at a restaurant where they take your card away to swipe it rather than do it in front of you. The banks weren't doing anything to verify its you



    And Apple doesn't have your fingerprint. That is encoded into the secure element and never leaves the phone. It isn't backed up etc. or you can use your passcode for Apple Pay



    If you buy with REGULAR Visa vard here in Finland its certainly made clear that the merhant takes the risk of loosing transaction credit if they don't do verification of id. This is also the case on buying online with creditcard. If the delivery address is NOT the same as on the order as the card billing address then the payment wont be accepted.

     

    But in THIS case you cant/shouldnt check these in the store? Its the BANKS problem if it fails to identify phone owner with card ownership. And the only one to blame is the bank. The merchant cant do much if you cant check card user/payment details vs user id?

     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.