Apple Pay Fraud Cases Caused by Sloppy Bank Credit Card Tracking
NEWS ANALYSIS: The recently reported Apple Pay fraud cases aren't due to security flaws, but to lax bank credit account tracking and approval procedures.The story that Apple Pay had been breached and was being used to commit fraud surged like lighting through Web news pages and social networks. But like many stories that go viral on the Web, the early accounts were less than fully accurate. Apple Pay and its security are just fine. Unfortunately, the same thing can't be said about the banks that are working with Apple Pay. What happened is that the card-verification process that some banks use to approve adding a credit or debit card to Apple Pay is very lax at some banks. In fact, the verification process is so sloppy that, in some cases, credit card numbers stolen during the Target breach nearly a year and a half ago are still being approved because a few banks don't even check the list of stolen cards. To understand how this weakness came about, it's worth taking time to talk about how Apple Pay's approval process works. The normal process for adding a payment card to Apple Pay is to load the card information into an iPhone 6 or 6 Plus using the phone's camera to grab a photo of the card. That photo is then examined by the Apple Passbook software, which extracts the account owner's name and the card expiration date.
Apple Pay encrypts and transmits that data to Apple. Once Apple receives the data, it checks to see if the card is already on file in iTunes and if the phone matches the one in iTunes. If that's the case, the card is approved and added to the Passbook where it can be used for Apple Pay transactions.