Dive Brief:
-
Apple Pay is being hit by multiple fraudulent transactions using stolen identities and payment credentials, according to the Wall Street Journal.
-
The good news for Apple Pay is that its fingerprint encryption hasn’t been breached, but thieves are creating a work-around by setting up new iPhones with stolen data and calling banks to verify details. In a little twist of fate, thieves are apparently targeting Apple stores in particular because they’re guaranteed to accept the mobile payment system, not to mention stock the iPhones needed to further the scam.
-
But after initial reports that the problem was alarmingly widespread have been tempered, the discovery reveals a critical flaw in the system, with the problem resting largely with banks.
Dive Insight:
The Guardian’s initial report earlier this week on fraud troubles with Apple Pay spread like wildfire in the last couple of days. But not only is the problem less widespread than what seemed true at first, it’s also become clear that this is a verification problem at banks and not with Apple Pay’s mobile encryption.
Retailers, banks, and credit card companies have to realize that thieves will find the weak spot in any system. It’s the dark side of “omnichannel” — on or offline, including mobile, if there’s a way to take advantage, criminals will take it.
"We should see Google, Samsung, PayPal, Amazon, and many others [offering mobile payment solutions] in the near future,” mobile payments specialist Cherian Abraham told the Verge. “If so, it quickly becomes clear that a call center-oriented approach does not scale, when I have a need to add my card to the latest ‘thing.’ The preferred approach will be one that is scalable and secure, without being inconvenient. So even though we realized this is an issue through Apple Pay, the fix has to be bigger than that. The response has to be one that accounts for an exponential increase in entities like Apple Pay."
