AppleInsider Staff
Banks are instituting more stringent credit and debit card authorization policies for Apple Pay users after criminals took advantage of previously lax security protocols to provision new accounts using stolen card data.
The Wall Street Journal said on Friday that banks are adding extra steps to Apple Pay's card provisioning process to stem a recent tide of fraudulent purchasing activity.
It came to light earlier this week that fraudsters were using stolen credit cards to buy big-ticket items in Apple Stores and other retailers supporting Apple Pay's NFC-based touchless mobile payments system. Criminals reportedly provisioned new Apple Pay accounts using card data harvested from the recent Home Depot and Target data breaches, the publication said.
According to the report, banks are now employing a variety of verification protocols to stop fraudsters from adding illegitimate accounts. For example, with Apple Pay, banks can choose to go employ a so-called "yellow path" activation routine and send one-time authorization codes via email or text to a registered address or phone number.
Other methods include challenge questions about recent purchases, a user's address or other specific details only a cardholder would know. Some banks may also require new Apple Pay users to call a customer service representative for person-to-person verification.
On the other hand, the report said that users who already have a card registered with iTunes may "sail through" the provisioning process. Criminals attempting to create a new account will likely have trouble without a physical card, however, as Apple Pay requires specific card information — including the card verification value (CVV) — to enroll.
It should be noted that Apple Pay itself has not been breached, meaning existing user information is secure.
Malcolm Owen
Oliver Haslam
Andrew O'Hara
Wesley Hilliard
William Gallagher
Christine McKee
50 Comments
Is there any business (or even person) out there who likes banks, who trusts them? Morons. When something goes wrong they take the hit because, drumroll, "It's not their (personal) money." These could not run their own business for very long without going broke. Who allowed this kind of lax behavior to happen?
Good. Apple can't afford negative press against ?Pay right now. Even though this has nothing to do with ?Pay.
Good. Apple can't afford negative press against ?Pay right now.
Even though this has nothing to do with ?Pay.
Banks and CC companies can't afford negative press against ?Pay either, since they're also the ones benefitting from it.
As expected, this report was sensational, has nothing to do with ?Pay , and any issues will be addressed by the banks in short order.
I couldn't believe that one of my cards had no authorization system in place when I added it to ?Pay. I hope their shortsightedness has been corrected, but I don't understand why they felt it was OK to announce their system was ready when they failed to have a basic system in place. They could have even made it as simple as calling their help desk to have a CSR verify your identity with challenge questions before authorizing the card for payments.
Banks are instituting more stringent credit and debit card authorization policies for Apple Pay users after criminals took advantage of previously lax security protocols to provision new accounts using stolen card data.
The Wall Street Journal said on Friday that banks are adding extra steps to Apple Pay's card provisioning process to stem a recent tide of fraudulent purchasing activity.
It came to light earlier this week that fraudsters were using stolen credit cards to buy big-ticket items in Apple Stores and other retailers supporting Apple Pay's NFC-based touchless mobile payments system. Criminals reportedly provisioned new Apple Pay accounts using card data harvested from the recent Home Depot and Target data breaches, the publication said.
According to the report, banks are now employing a variety of verification protocols to stop fraudsters from adding illegitimate accounts. For example, with Apple Pay, banks can choose to go employ a so-called "yellow path" activation routine and send one-time authorization codes via email or text to a registered address or phone number.
Other methods include challenge questions about recent purchases, a user's address or other specific details only a cardholder would know. Some banks may also require new Apple Pay users to call a customer service representative for person-to-person verification.
On the other hand, the report said that users who already have a card registered with iTunes may "sail through" the provisioning process. Criminals attempting to create a new account will likely have trouble without a physical card, however, as Apple Pay requires specific card information -- including the card verification value (CVV) -- to enroll.
It should be noted that Apple Pay itself has not been breached, meaning existing user information is secure.
Another "news" which points to "a report", what report?
Doubt any bank said anything to anyone.
WTH is that journalism! from the Wall Street Journal of all places.
Imagine the Watergate break-in beign sourced that way...
Man, they would have been destroyed.
Also, what the hell banks are they talking about? Should be easy to tell us shouldn't it?
Most banks already had security in place.
This FUD on grand scale.
Not using "some", instead of the generic "banks", not listing them, and then putting Apple in there is getting to be just too easy for lazy modern pseudo journalists. I'm not just talking about this story, or even just those with Apple in the title. Journalism these days is pathetic.