Apple Pay fraud stems from retailer data breaches, Apple Store purchases account for 80% of unauthor
According to a report on Thursday, fraudsters are using credit card information gleaned from recent high-profile retail chain data to create Apple Pay accounts, while Apple Stores themselves account for 80 percent of unauthorized transactions.
Citing sources familiar with the matter, The Wall Street Journal reports criminals are purchasing big-ticket items at Apple Stores using fraudulent Apple Pay accounts created in part with credit card data stolen from Home Depot and Target. With the iPhone 6's NFC capabilities, the physical card may not be required for such purchases.
Apple Pay itself has not been breached, meaning customers who have provisioned cards with Apple's service are safe. The bank-side systems on which Apple Pay security is partially reliant, however, is apparently being gamed.
When Apple Pay users first opt to add a credit or debit card, the issuing bank can use a "green path," which immediately provisions the card, or a "yellow path" that requires additional steps to verify a user's identity. A study found the yellow path to be somewhat lenient, with banks asking for information that in some cases are relatively easy to attain, such as the last four digits of a user's social security number.
Methods of authentication vary from bank-to-bank, but some institutions require cardholders verify account details, log into online accounts or speak to a customer service representative. The publication said some banks send out a confirmation text message to a customer's phone, a technique often used by Web-based two-step authentication services.
The report echoes previous claims that Apple Pay bank partners are "scrambling" to stem the tide of fraudulent activity related to supposedly lax cardholder verification procedures. It is unclear what changes are being made on the backend, but it can be assumed that cardholders will soon see more stringent authentication protocols.
Citing sources familiar with the matter, The Wall Street Journal reports criminals are purchasing big-ticket items at Apple Stores using fraudulent Apple Pay accounts created in part with credit card data stolen from Home Depot and Target. With the iPhone 6's NFC capabilities, the physical card may not be required for such purchases.
Apple Pay itself has not been breached, meaning customers who have provisioned cards with Apple's service are safe. The bank-side systems on which Apple Pay security is partially reliant, however, is apparently being gamed.
When Apple Pay users first opt to add a credit or debit card, the issuing bank can use a "green path," which immediately provisions the card, or a "yellow path" that requires additional steps to verify a user's identity. A study found the yellow path to be somewhat lenient, with banks asking for information that in some cases are relatively easy to attain, such as the last four digits of a user's social security number.
Methods of authentication vary from bank-to-bank, but some institutions require cardholders verify account details, log into online accounts or speak to a customer service representative. The publication said some banks send out a confirmation text message to a customer's phone, a technique often used by Web-based two-step authentication services.
The report echoes previous claims that Apple Pay bank partners are "scrambling" to stem the tide of fraudulent activity related to supposedly lax cardholder verification procedures. It is unclear what changes are being made on the backend, but it can be assumed that cardholders will soon see more stringent authentication protocols.
Comments
Criminals are everywhere. People have no respect. They cheat, lie, steal, drive over the speed limit with expired plates, drunk and no insurance. It really pisses me off. Then there is Putin and ISIS. Assholes all.
EDIT: This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end.
This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end.
Yeah, and get billions of people with existing banks and credit cards to switch to their bank. Piece of cake.
Yeah, and get billions of people with existing banks and credit cards to switch to their bank. Piece of cake.
Yeah I know but I look at it like when Apple let Motorola have the iTunes for their Rokr. How easy would it be now to just offer an Apple credit card? You want REAL security, then sign up now. We've talked about it for years on the forum.
Sure, anyone can get hacked, that is the reality of the internet, but honestly, I would trust Apple more than any bank at this point.
Indeed.
This was always the flaw in Apple's approach. In the end, they are the middleman and have only limited control over the whole process. Ideally, they would have made iBank and bypassed Visa, the banks and everyone.
At least these teething problems are being worked out before it arrives the other side of the pond.
This isn't anything to do with ?PAY, but rather EVERYTHING to do with stupid banks with their shitty identity checks and verification policies!
Why is it sites are trying to make it sound like it's an ?PAY issue? This kind of bullshit just pisses me off! I'm up in Canada, and the moment I get my 6S in the fall when I upgrade, I intend to IMMEDIATELY start using ?PAY!
It's not known exactly how many numbers were taken. People get lulled into thinking that their card numbers are safe because they weren't used right away, so those numbers are never changed.
So let me get this straight, thieves are using the credit card information stolen from Target and Home Depot from MONTHS ago??? Wouldn't all of these numbers have been cancelled by the banks by now, rendering them useless?
Surprisingly, no. The bank only replaces the card if you notify them that there has been an unauthorized charge, loss of the card or theft, or if they detect an obvious fraud. The criminal will typically test the card. That might mean going to the neighborhood of the stolen card and trying a small purchase. If it works, they head to the Apple Store.
Criminals are everywhere. People have no respect. They cheat, lie, steal, drive over the speed limit with expired plates, drunk and no insurance. It really pisses me off. Then there is Putin and ISIS. Assholes all.
no. this is what happens when your leaders in government, wall street, corporations and your banks are mostly crooks & liars and they lead by example.
no. this is what happens when your leaders in government, wall street, corporations and your banks are mostly crooks & liars and they lead by example.
has anything changed since biblical times?
If the US banks don't follow this type of process, then they shouldn't be in business as banks, period, because they obviously don't give a rat's ass about protecting the identity and credit rating of their customers!
The footwear is much better now
Come to think of it, I think it took me a while (more than a week) to get Wells Fargo credit card enrolled passbook, I was never sure that I got it or not by downloading a separate Wells Fargo app. All other credit cards are way too easy to set up.
Probably because it was used in a fraud. They don't tell what happened.
It is the same in the US. The banks took a loss on the fraud but replacing your card was not exactly proactive.
Banks need to have better verification systems -- e.g., texting or emailing the user -- to agree to a CC being added to ApplePay. Some of them did.
That said, Apple could have worked with them to design systems to accomplish that. (It's also possible that Apple did, and the banks did not listen).
Criminals are everywhere. People have no respect. They cheat, lie, steal, drive over the speed limit with expired plates, drunk and no insurance. It really pisses me off. Then there is Putin and ISIS. Assholes all.
EDIT: This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end.
If Apple started its own bank, and even with its superb reputation, it's just not possible to say that their security never can be breached. In an uncertain world, though, it probably would be as certain a thing as you can find.
DC replaced my card without any action by me. They also sent me a letter indicating no fraud detected but it was replaced as a precaution. I also check my statements so no unauthorized purchases there either.
Yeah same with me however BoA doesn't comment on why they replaced it just that it needed to be done. Happened twice so far, but I never saw any charges on my statement. I've heard that credit cards are better than debit cards for protection, but both times my card was breeched it was my debit card. Particularly inconvenient when you are out of the country and depend on ATM for operating expenses. As my wife says that's a whole 'nother Oprah. We have money locally but because of US Fed if we keep more than $10K in a foreign bank the bank charges us a fee for reporting it to the US for money laundering issues. Such are the inconveniences of dual citizenship although the pros outweigh the cons.