Banks have been caught by surprise by the amount of fraud that has arisen following the launch of Apple Pay.
According to an article on The Guardian, criminals in the US are provisioning Apple Pay with stolen identities and credit card details and then purchasing expensive consumer goods (often from Apple Stores) before the banks can do anything.
Apparently, it’s already caused millions of dollars in stolen funds.
The problem doesn’t rest in Apple’s technology – the secure encryption around Pay’s fingerprint-activated wireless payment mechanism has not been broken, but stolen details are being entered.
Pay works by having banks ‘provision’ a user details. Apple notes on its support pages that: “When you add a credit or debit card to Apple Pay… Apple sends the encrypted data, along with other information about your iTunes account activity and device (such as the name of your device, its current location, or if you have a long history of transactions within iTunes) to your bank. Using this information, your bank will determine whether to approve adding your card to Apple Pay.”
However, criminals are taking advantage of this and calling banks to provision the cards so they can then use the stolen details to make purchases.
It’s becoming clear that the banks have made this provisioning too simple and often only require a user to call and verify with just the last four digits of their social security number, which are often stolen as a result of identity theft.
A spokesman for Apple reiterated that the secure mechanism for paying with card details stored on the phone had not been breached.
“Apple Pay is designed to be extremely secure and protect a user’s personal information,” the spokesman said. “During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”
It’s understood that US banks are working on a more robust method of verification.
Apple Pay was launched last year – present on the iPhone 6 and 6 Plus, the technology enables users to pay using NFC payment systems, alongside TouchID confirmation.