Apple's new mobile payment service, Apple Pay, offers great convenience to users, by allowing them to make payments at stores using their mobile phones. But a lack of proper verification measures by banks has allowed criminals to use the service to make unauthorized payments, totaling in the millions of dollars.
Apple Pay lets you swipe your phone, as you would a credit card, at participating stores. In order for this to work, users must verify their identity to their bank in order to add a credit card to their Apple Pay account. This is where the problem comes in. Apple Pay itself uses encryption, which is still secure, to transmit information to and from the bank. The problem is with banks adding credit cards to fraudulent accounts.
Scammers would buy new phones and set up an Apple Pay account with the details of the person they are trying to impersonate. The specific authentication procedures varied from bank to bank, but some banks only required the last 4 digits of a person's social security number to verify their identity, and then they will add all of their credit cards to the account. While SSNs are usually kept secret, over 11 million Americans are victims of identity theft yearly, and SSNs are commonly stolen in cases of identity theft.
Reports say that some cases of Apple Pay fraud are being carried out by organized gangs, who are incredibly savvy in their operations. They would call up banks claiming to be on a trip out of town, so their unusual purchases would not set off the banks' fraud detection. They particularly liked to make fraudulent purchases at Apple Stores, because they accepted Apple Pay and had many high value items which could be resold for cash.
There is very little Apple can do to address this problem, but banks are working on stronger authentication methods before adding cards to accounts. They believe that once the proper authentication procedure is worked out, Apple Pay fraud will plummet.
Do you think banks will come up with a secure authentication method to prevent fraud? Leave your comment below.