Banks reportedly clamp down on Apple Pay card provisioning in wake of fraud
Banks are instituting more stringent credit and debit card authorization policies for Apple Pay users after criminals took advantage of previously lax security protocols to provision new accounts using stolen card data.
The Wall Street Journal said on Friday that banks are adding extra steps to Apple Pay's card provisioning process to stem a recent tide of fraudulent purchasing activity.
It came to light earlier this week that fraudsters were using stolen credit cards to buy big-ticket items in Apple Stores and other retailers supporting Apple Pay's NFC-based touchless mobile payments system. Criminals reportedly provisioned new Apple Pay accounts using card data harvested from the recent Home Depot and Target data breaches, the publication said.
According to the report, banks are now employing a variety of verification protocols to stop fraudsters from adding illegitimate accounts. For example, with Apple Pay, banks can choose to go employ a so-called "yellow path" activation routine and send one-time authorization codes via email or text to a registered address or phone number.
Other methods include challenge questions about recent purchases, a user's address or other specific details only a cardholder would know. Some banks may also require new Apple Pay users to call a customer service representative for person-to-person verification.
On the other hand, the report said that users who already have a card registered with iTunes may "sail through" the provisioning process. Criminals attempting to create a new account will likely have trouble without a physical card, however, as Apple Pay requires specific card information — including the card verification value (CVV) — to enroll.
It should be noted that Apple Pay itself has not been breached, meaning existing user information is secure.