“Banks are clamping down on their verification processes for the Apple Pay mobile-payment system after crooks started loading stolen credit-card data onto phones and then making fraudulent purchases,” Robin Sidel reports for The Wall Street Journal.
“The banks are making customers jump through more hoops because they want to make sure that card really belongs to the person who is loading it into the phone,” Sidel reports. “As for the fraud that has emerged, it doesn’t affect customers who are using valid cards on the Apple Pay system.”
Read more in the full article here.
MacDailyNews Take: Should have been more stringent from the start, but better late than never!
Related article:
Banks, retailers ‘stung’ by fraud, Apple Pay still perfectly secure – March 6, 2015
As always garbage in fraud out. If there’s a will there’s a way and crooks will pursue every open avenue by hapless banks asleep at the switch.
The banks themselves should post giant ads saying this is all on them and not Apple Pay.
Asking with what I consider merely a reasonable question, wouldn”t Apple have known of such a simple way to gain false access and mandated a proper process? A simple Apple oversight, or completely a bank blunder?
This doesn’t deserve a flaming.
Apple did and it was part of the agreement with the banks. The banks were asleep at the switch, though. What’s new, anyway? US banks are a decade behind banking services in the rest of the world.
Apple is not privy to the bank’s method of verifying credit cards, that is the bank’s clear responsibility. I would think a word of warning may have been passed to the banks from Apple that they are still the weakest link in the chain that was summarily ignored or simply incompetently anticipated. This is the bank’s fault, not Apple’s, even though to the uninitiated who don’t know how Apple Pay works it may appear to be an Apple problem. But it’s exigent and crucial that the banks pay due diligence to ensure the security of the system, or it remains faulty with them soaking up all the liability. Something only they can do and have a vested interest in doing.
As I said “garbage in, fraud out” and no payment system is secure without the banks doing their job.
Man, I love when people can respond to what seems like a comment seemingly faulting Apple (when it’s not necessarily) and provide a reasonable, no-dumb-fan-boy response. Thank you.
Isn’t that a sad commentary, Ripabo, about comment boards everywhere.
The reality is…
How many banks do you think would have signed up for Apple Pay if Apple stated to the banks that Apple had the right to approve, and then have oversight over, their credit card sign up process? The answer is either “none” or ” *extremely* few”. The banks don’t want (and likely never will agree to) Apple having control over their internal processes.
Banks love the secure, one time token, process in Apple Pay. They just didn’t think (or arrogantly ignored) the fact that the banks’ own processes were, and still are, the weakest link in the entire chain of events.
This has nothing to do with Apple. This has everything to do with the bank’s security measures. Bank of America makes you call to verify information to get your card on Apple Pay. Apple isn’t going to access to your banking information to verify.
We discussed the potential for credit card fraud via Apple Pay on this forum, long before it actually occurred. Perhaps Apple and various industries ought to have a couple of people track this forum to take advantage of some good discussions and ideas.
Seems to me that when the card is first loaded onto the iPhone, the bank should require some kind of two step verification before it is even used the very first time. Once loaded and agreed to, it is entirely on them from that point on. If they tell Apple it is a go, it is not the fault of Apple or the merchant that it is fraudulent.
When I set up our visa debit card with our bank, I was required to call the bank after adding it to Passbook, they had us give them two payment amounts and where the purchases occurred (within the last two days) from the card as well as name on the account, social security number, and billing address. Also wanted the bank account number the debit was attached to. I was kind of annoyed with giving all of this info, but now looking at this problem I’m glad my bank is so vigilant. I was part of the Home depot compromised cards and was forced to change my card number immediately. I was sent a new card and told my old one in 10 days would become unusable. To bad apple pay was not available then and I would not have been part of the home depot mess at all.
ApplePay. So much promise, but little has come of it. Months after launch it’s nowhere to be found outside the US and now this fraud issue. MDN is eating crow right now… thought ApplePay was so good and secure didn’t you! Ha.
Have you bothered to read anything about what you’re talking about?
Apple Pay is as secure as ever, and more successful than the rest by far. I am seeing it everywhere in my neck of the words. And you seem to laughably minimize the U.S. market. Uhh, last I checked it’s a mighty big market and the only one supported so far. Apple Pay is not yet officially supported in other countries. Impatient much? Perhaps a little research is in order before appearing foolish about how Apple Pay works, where it works and how well it’s actually doing.
If the banks hand Apple, Google, Samsung or whoever fraudulent data the onus is all on the banking institutions. It is their job to verify the legitimacy of a user’s credit card, not Apple’s or any other pay service.
This will all be straightened out but you sound like the disingenuous type all too happy at the prospect of Apple failure. Sorry you will be summarily and inevitably grossly disappointed.
My bank just got Apple Pay, and “clamped down” on the verification process.
During the process of adding my card to my Passbook, a link came up to “Call xxx Bank” to verify. I touched the link, the call went through, and my bank made sure it was me.
It was totally problem-free.
The phrases “clamp down” and “jump through hoops” make it sound like Apple is Bad again. That’s complete bullshit. It took a short phone call, right from the setup process.
My credit union is working on making Apple Pay available to its members. A couple of weeks ago the CU pushed out a mobile update. The update had me use Touch ID on my iPhone 6 to begin the update. My 1st gen Mini retina received a different update.
The horse got out of the barn but it won’t take long before self-interest corrals the loophole and locks up those barn doors much more securely. (Let’s hope.) A little short term but painful learning lesson.
It is amazing they don’t seem to have thought of various scenarios that could have occurred. Is business THAT bereft of a little imagination? Maybe they need to hire some Hollywood screenwriters to think of the possibilities and dangers.
The local news broadcast here in Cleveland ran a side report in their “Technology” segment about ApplePay being “hacked”. Yes, they did use that word, and they actually warned people to be careful when using ApplePay to make purchases !?!?