Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple Pay fraud stems from retailer data breaches, Apple Store purchases account for 80% of unauthorized buys

Last updated

According to a report on Thursday, fraudsters are using credit card information gleaned from recent high-profile retail chain data to create Apple Pay accounts, while Apple Stores themselves account for 80 percent of unauthorized transactions.

Citing sources familiar with the matter, The Wall Street Journal reports criminals are purchasing big-ticket items at Apple Stores using fraudulent Apple Pay accounts created in part with credit card data stolen from Home Depot and Target. With the iPhone 6's NFC capabilities, the physical card may not be required for such purchases.

Apple Pay itself has not been breached, meaning customers who have provisioned cards with Apple's service are safe. The bank-side systems on which Apple Pay security is partially reliant, however, is apparently being gamed.

When Apple Pay users first opt to add a credit or debit card, the issuing bank can use a "green path," which immediately provisions the card, or a "yellow path" that requires additional steps to verify a user's identity. A study found the yellow path to be somewhat lenient, with banks asking for information that in some cases are relatively easy to attain, such as the last four digits of a user's social security number.

Methods of authentication vary from bank-to-bank, but some institutions require cardholders verify account details, log into online accounts or speak to a customer service representative. The publication said some banks send out a confirmation text message to a customer's phone, a technique often used by Web-based two-step authentication services.

The report echoes previous claims that Apple Pay bank partners are "scrambling" to stem the tide of fraudulent activity related to supposedly lax cardholder verification procedures. It is unclear what changes are being made on the backend, but it can be assumed that cardholders will soon see more stringent authentication protocols.



38 Comments

mstone 18 Years · 11503 comments

Criminals are everywhere. People have no respect. They cheat, lie, steal, drive over the speed limit with expired plates, drunk and no insurance. It really pisses me off. Then there is Putin and ISIS. Assholes all.

 

EDIT: This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end.

🎁
slurpy 15 Years · 5390 comments

Quote:
Originally Posted by mstone 

 

This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end.

 

Yeah, and get billions of people with existing banks and credit cards to switch to their bank. Piece of cake. 

🎁
mstone 18 Years · 11503 comments

Quote:
Originally Posted by Slurpy 
 
 

Yeah, and get billions of people with existing banks and credit cards to switch to their bank. Piece of cake. 

Yeah I know but I look at it like when Apple let Motorola have the iTunes for their Rokr. How easy would it be now to just offer an Apple credit card? You want REAL security, then sign up now. We've talked about it for years on the forum. 

 

Sure, anyone can get hacked, that is the reality of the internet, but honestly, I would trust Apple more than any bank at this point.

🍪
benjamin frost 11 Years · 7198 comments

[quote name="mstone" url="/t/185077/apple-pay-fraud-stems-from-retailer-data-breaches-apple-store-purchases-account-for-80-of-unauthorized-buys#post_2686386"]Criminals are everywhere. People have no respect. They cheat, lie, steal, drive over the speed limit with expired plates, drunk and no insurance. It really pisses me off. Then there is Putin and ISIS. Assholes all. This what happens when Apple partners with some other organization. They should have started their own bank and handled the transaction end to end. [/quote] Indeed. This was always the flaw in Apple's approach. In the end, they are the middleman and have only limited control over the whole process. Ideally, they would have made iBank and bypassed Visa, the banks and everyone. At least these teething problems are being worked out before it arrives the other side of the pond.