Banks Find Fraud Abounds in Apple Pay

Banks Find Fraud Abounds in Apple Pay
Advertisement
When Apple was planning its Apple Pay electronic payment system last summer for its iPhones, the nation's banks raced to be included among the first credit card issuers associated with the new technology.

Apple's news release announcing Apple Pay had gushing quotes from Jamie Dimon of JPMorgan Chase, Brian Moynihan of Bank of America and Kenneth Chenault of American Express, along with a list of other companies as launch partners, including Wells Fargo, Citigroup and Capital One.

Marianne Lake, JPMorgan's chief financial officer, said at the time of the introduction of Apple Pay, "It's the future, so it's great."

Six months later, some of the nation's banks are privately complaining that Apple Pay may not be so great after all.

But the banks may largely have themselves to blame.

A raft of headlines over the last week about unusually high fraud rates from thieves using stolen credit numbers on Apple Pay has exposed what many of the banks privately acknowledge they have been trying to fix for months.

An industry consultant, Cherian Abraham, put the fraud rate at 6 percent, compared with a traditional credit card fraud rate that is relatively minuscule, 10 cents for every $100 spent. Abraham wrote in a blog post, one of the first to spotlight the issue, that the Apple Pay fraud "is growing like a weed, and the bank is unable to tell friend from foe. No one is bold enough to call the emperor naked."

It is not clear, however, that Apple is the naked emperor. More likely it is at least as much the banks' fault, if not more.

Apple Pay itself should, in theory, cut down on fraud because it makes stealing credit card information almost impossible. Each time a transaction takes place, Apple generates the equivalent of a new credit card number so the merchant never actually sees a customer's information.

The vulnerability in Apple Pay is in the way that it - and card issuers - "onboard" new credit cards into the system. Because Apple wanted its system to have the simplicity for which it has become famous and wanted to make the sign-up process "frictionless," the company required little beyond basic credit card information about a user. Nor did it provide much information to the banks, like phone numbers and addresses, that would help them detect fraud early.

The banks, desperate to become their customers' default card on Apple Pay - most add only one to their iPhones - did little to build their own defenses or to push Apple to provide more detailed information about its customers. Some bank executives acknowledged that they were so scared of Apple that they didn't speak up. The banks didn't press the company for fear that they would not be included among the initial issuers on Apple Pay. Within weeks of Apple Pay's introduction, a second set of banks joined: Barclays, Navy Federal Credit Union, PNC Bank, USAA and U.S. Bank.

It also appears that banks set up a flawed process to deal with the credit cards that it did flag. Affected users were directed to a customer care phone center, not a fraud prevention center. A customer care center's mission is to help customers use their cards, leading more fraudulent cards to be approved for use on Apple Pay.

"Call centers are a poor approach for two reasons," Abraham wrote. "One - fraudsters are better at social engineering than call center reps are at sniffing out fraud. In some cases, fraudsters are calling the call center themselves to 'alert the bank about a trip out of town' so that fraud rules looking for transaction anomalies (like a customer living in California and transacting in Miami) do not trip them up."

Some Apple supporters have sought to discredit Abraham based on his affiliation as an adviser to a company that is based on Apple's main competitor, Android. While he may indeed be conflicted, he has rightfully raised an important security issue that all sides have acknowledged is a problem, though perhaps not to the extent he has contended.

All of this has led to a thriving black market in which thieves enter stolen credit card numbers into iPhones, essentially turning the devices into physical credit cards, which they in turn take to stores and walk out with merchandise. Thieves have even used Apple Pay at Apple Stores.

In a statement, Apple put the problem squarely on the shoulders of the banks: "During setup, Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank."

Apple has now begun providing additional information to the banks that should help deter some of the fraud. The banks, which are responsible for the costs of the frauds, have toughened standards to review customer sign-ups on Apple Pay. No bank executive would speak with me on the record for fear of upsetting their company's relationship with Apple.

If you're asking yourself, "Why are criminals more inclined to use Apple Pay than just use stolen credit cards at an online retailer?" it's a good question. It is apparently much easier for banks to catch thieves using stolen credit cards with online retailers because of the delay in shipping a product - it can often take days - as well as the extra information that every online retailer requires, like an address where the product is to be shipped.

First-mover advantage is often crucial when it comes to the rapidly changing and rabidly competitive world of technology, but that can quickly turn to disadvantage when companies rush headlong into trouble.

© 2015 New York Times News Service

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Apple, Apple Pay, Internet, Mobiles, Werables
Apple in Talks to Launch Online TV Service: Report
Uber's Chief Financial Officer to Leave Company
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »