“The blog of Drop Labs, a mobile commerce advisory firm, has a good (if technical) post on how Apple Pay security does — and doesn’t — work,” Chris Mills reports for Gizmodo UK. “In essence, the hardcore tech stuff for Apple Pay works just fine: no one is breaking Touch ID, stealing iPhones to pay for stuff, or hacking the NFC transmission protocol. Rather, the flaw lies in credit cards themselves.”
“According to Drop Labs, people are buying credit-card numbers online, then loading those same numbers into Apple Pay, in essence making themselves a handy fake credit card, without going to the trouble of making a physical fake,” Mills reports. “And it’s not a small problem: Drop Labs claims that for some issuers, fraud levels are as high as 6% (meaning $6 of every $100 is being spent fraudulently in the US). That’s bad even when compared to regular credit cards, whose fraud rate averages out at under 1%.”
Mills reports, “What this data really tells us is that while credit cards and their stupid unencrypted magnetic strips continue to exist, no system — not even one that uses fingerprints and special super-secure chips — can prevent nefarious hackers running up Supermarket Sweep-style consumer binges with your credit card.
Read more in the full article here.
MacDailyNews Take: Physical credit cards with unencrypted magnetic strips must die.