Apple Pay has been hit by relatively low tech fraudsters according to the Wall Street Journal. It’s not Apple Pay’s security that’s been broken, but it appears that the banks are less than secure.
Crooks appear to be using stolen card details, adding then to an Apple Pay account and then spending money in physical stores in the US. Somewhat amusingly Apple Stores are the biggest target as their high ticket items are worth more on the resale market than product from other retailers who have signed up to accept Apple Pay.
Apple say that when you add a card to your Apple Pay account, they send “the encrypted data, along with other information about your iTunes account activity and device (such as the name of your device, its current location, or if you have a long history of transactions within iTunes) to your bank“. From then on it’s down to your bank to decide whether to approve your card for use with Apple Pay and this appears to be where the issue lies.
Doubtless the banks will scramble to increase their security procedures, but it’s a bit of a set back for the fledgling new payment system. Hopefully by the time Apple Pay is launched in the UK they’ll have sorted out the security glitches and banks will become accustomed to more rigorous verification before authorising cards.