Banks, retailers ‘stung’ by fraud, Apple Pay still perfectly secure

“Earlier this week we debunked sensational headlines mislabeling bank fraud as Apple Pay fraud. Now those same headlines are being repeated, but with a new twist,” Rene Ritchie reports for iMore. “This time Apple Pay has apparently been ‘stung’ by people using false credit card numbers obtained from last year’s Target and Home Depot breaches. Sadly, these headlines are just as inaccurate. Banks and retailers may have been ‘stung,’ but Apple Pay is still as secure as ever.”

Apple Inc.’s new mobile-payment system has been hit by a wave of fraudulent transactions using credit-card data stolen in recent breaches of big retailers, including Home Depot Inc. and Target Corp., people familiar with the matter said.The Wall Street Journal, March 5, 2015

“Apple Pay security actually prevents just that kind of data from being stored by retailers. It uses one-time numbers instead of the actual card number, so if anything is stolen, it has no value,” Ritchie reports. “In other words, it will keep customers, banks, and stores safer. By spreading fear, uncertainty, and doubt (FUD) about Apple Pay, it actively hurts rather than helps transactional security.”

Ritchie asks, “What rates Apple Pay getting this much of this kind of attention from these kinds of outlets this week?”

Read more in the full article here.

MacDailyNews Take:  “What rates Apple Pay getting this much of this kind of attention from these kinds of outlets this week?” Apple Watch’s impending launch, of course.

Apple Pay is a major, if not the major, initial selling point of Apple Watch.

We’ve seen this far, far too many times. These reports are not misunderstandings. They are not born of ignorance. The fix is in. (But, it won’t work this time, either.)

As always, approach all large media outlets as if they are corrupt. Make them prove to you what they are reporting with facts (not “expert” opinions or obtusely worded disinformation) or disregard.

[Thanks to MacDailyNews Reader “Dan K.” for the heads up.]


  1. I did say that the credit cards came from the retailers themselves. Although Apple Pay is being used to help facilitate fraud, Apple Pay also will make such future theft of credit card data, impossible.

    This is an ongoing crime, which Apple his stepping into the fire, to help put it out. Just because there are flames all around them, does not mean they started the blaze.

    1. brilliant analogy
      Apples footprint is large enough to put this out, or at least slow it down
      banks need to find out who has been compromized and block apple pay for cards that have been stolen, guess that did not happen this time, bad on you banks, bad on tar-get and bad on home cheapo

    2. I would have thought all of those stolen card numbers would have been cancelled. If so, wouldn’t they reject when the Apple Pay payment is processed back to the issuer. Af not anyone could load a number in an iphone and steal. More of an issue than the stolen numbers are a par or restaurant employee taking a photo of a valid credit card by a non Apple pay user and then loading it on a phone.

      1. I suspect they haven’t been canceled. I know, in my case, they were canceled. My bank, a credit union, is very responsive to replacing cards from retailer slip-ups. It would be nice to know which cards were used in the fraud. We would know, then who is not doing their job.

  2. To be 100% clear for the people that won’t read the details. Apple Pay HAS NOT been hacked.
    Identity thieves have been adding stolen credit card numbers and using Apple Pay, no different than buying stuffs any other way except perhaps less chance of getting busted… (No I.D. Prompt, no mismatched, etc.)

  3. Perhaps a related question. Once you start using Apple pay with a merchant, is there any way to request or require the merchant to purge your credit card information from their system. If you used your credit just once before you started using Apple pay or once after you started using apple pay with a merchant, don’t they have your credit card information?

    1. Regarding the specifics of Apple Pay, that retailer will have no way to associate the Apple Pay purchase with the previous credit card purchase, they don’t have enough info to make that match. They don’t have the card number used for the Apple Pay transaction.

      The other question of them purging is separate and likely only to happen after a hack that exposes that data, Not before. They kinda like being able to track you, another reason to only shop merchants that accept Apple Pay.

  4. Basically it’s just what I call “Apple – Bad” clickbait. If there’s anything bad, just put Apple in the headline and idiots will click on it.

    FWIW, my bank just got Apple Pay. During the setup on my phone, one of the steps was to call my bank to confirm the setup. There was even a link – “Call xxx Bank to Confirm.”

    I touched the link, the call went through, and my bank confirmed the setup and Boom, done. Maybe some banks aren’t doing that yet.

  5. WSJ, like the NY Times, is in a death spiral to irrelevance. These hit pieces are not “corruption” per se; they’re willful attempts to drum up site traffic by misrepresenting – or at least under-reporting – the facts.

    Attention is today’s currency. More valuable and usually sexier than honest-to-god, fact-checked content, it’s an appeal to the baser instincts, facilitated by traffic peddlers like Google. Soon we’ll be communicating using only grunts, incapable of making anything except sensationalized depictions of other peoples’ lives.

  6. ∑ = Many banks aren’t ready for secure payment systems. THEY are the weakest link. They’re paying for it.

    What they have to do: Design, implement and verify a locked down system of verifying the identities of those applying for Apple Pay. Apparently, a lot of banks aren’t used to verifying real people’s identities. Go figure. (o_O)

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.