Apple Pay security scam nets fraudsters millions of dollars
The big names in tech are falling over themselves to get new payment systems out of the door at the moment. At MWC, Sundar Pichai confirmed Android Pay is on its way, and we've also learned about Samsung Pay from the Barcelona event. The convenience of paying with a smartphone is undeniable, but there are unavoidable security concerns.
Having been adopted by millions of Americans -- and with plans to expand into Europe and beyond -- Apple Pay is serving to highlight important security problems. Lax verification systems used by banks coupled with criminals exploiting stolen credit cards and IDs mean Apple Pay is used to make millions of dollars worth of fraudulent purchases. So how does it work?
The Guardian reports that insufficient security checks are performed by banks when connecting a credit card to an iPhone. In order for a customer to use Apple Pay with their iPhone 6, their bank needs to transmit a digital version of their card to it. In some instances, using information from Apple accounts such as transaction history, banks may automatically approve the addition of a card. Others require additional checks to be performed and, strangely, this is where the problem arises.
Some banks ask for nothing more than the last few digits of a social security number as a means of confirming identity. As social security numbers are often targeted by criminals, this is information that criminals are likely to have, making it all too simple to fraudulently add a credit card to an Apple Pay account and use it to purchase high-value goods... even from Apple stores.
Those executing the scam are careful to take steps to minimize the risk of raising suspicions. A bank might well be wary of authorizing the addition of a credit card when it is being used on the other side of the country to where it's normal activity is centered. By phoning banks ahead of time to let them know of a make-believe vacation or business trip, fraud triggers that would ordinarily be set off when Bob from Detroit suddenly buys a MacBook Air in LA are effectively bypassed.
While this is not a problem with Apple Pay's security per se, it serves to highlight some of the considerations that need to be made before making the switch to such forms of electronic payment. Banks are now taking steps to put additional security measures in place, and Google and Samsung will be paying close attention to how things pan out. Until the problem is addressed, Apple Pay will continue to be an unwitting accomplice to the growing problem of fraud in the US.