“Apple Pay is vulnerable to fraud due to the fact that someone could steal a credit card, enter it into a phone and then use the phone without any identification to purchase Apple merchandise,” Grant Cardone, CEO of eConsumerServices, said. “Think thousands of dollars worth of merchandise stolen at the blink of an eye. When the cardholder goes to dispute the fraudulent activity, Apple loses the most.”
Apple Pay is a mobile payment and digital wallet service that lets users make payments using iPhone 6, iPhone 6 Plus, Apple Watch-compatible devices (iPhone 5 and later models), iPad Air 2 and iPad Mini 3. Apple Pay does not require Apple-specific contactless payment terminals and works with Visa's PayWave, MasterCard's PayPass and American Express' ExpressPay terminals.
With Apple Pay technology, consumers can hold their phones near card readers to enable transactions using near field communication chips embedded in compatible Apple devices. By using Apple’s Touch ID sensor, consumers are no longer required to enter a PIN to verify their identity.
When a consumer sets up Apple Pay, the financial institution associated with his or her payment card must verify that the card is compatible with Apple Pay. With each Apple Pay transaction, Apple generates the equivalent of a new credit card number, and the merchant never sees the consumer's information.
“Until there is a database validating every single cardholder's fingerprint and digital identity, EMV will outpace Apple Pay in terms of security,” Cardone said. “With EMV, buying patterns and spending habits are analyzed in a split second in order to detect suspicious activity.”
Consumers do have recourse if a fraudulent purchase is made using their Apple Pay account – they may file a chargeback.
“Chargebacks can be a double edged sword,” Cardone explained, however. “Although filing a chargeback looks like a quick and effective solution to the problem of a fraudulent charge, it could ultimately harm the consumer in the long run.”
One industry analyst suggested that as many as 6% of Apple Pay transactions were completed using stolen credit card numbers.
“The credit card data is not stolen from Apple Pay; credit card data stolen from other channels is loaded into unauthorized Apple devices for these fraudulent transactions,” Amit Sethi, principal consultant at the Dulles, Va.-based security firm Cigital, said. “The problem generally lies with some banks that do not adequately verify who is loading a credit card into Apple Pay. Apple Pay does provide attackers with another mechanism with which they can use stolen credit card data – which is what we’re seeing with the 6% of Apple Pay transactions made with stolen credit cards.”
~ Roy Urrico
No comments:
Post a Comment