March 3, 2015 -
U.S. criminals have been using stolen identities and credentials to purchase high-value goods through the Apple Pay mobile payment system, according to a report by The Guardian.
Many U.S. banks have been seeing a growing level of fraud, and some of these institutions have implemented better verification systems to combat this issue head on.
Since launching in the U.S. last October, Apple Pay – which is controlled by a fingerprint wireless payment mechanism available on iPhone 6 and 6 Plus phones — has rapidly grown to approximately two million users.
The criminals are activating new iPhones with stolen personal data, and then calling banks to “provision” the stolen card on the phone to use it to purchase products.
The crooks seem to be hitting Apple Stores in particular since they accept Apple Pay and carry high-value products, which the criminals can then privately resell.
A credit or debit card can only be activated to work with Apple Pay when its issuing bank transmits an encrypted version of the card holder’s credentials to store on the phone.
U,S. banks use a “green path” for cards they automatically approve for previously authorized data, while the “yellow path” is reserved for cards that require more checks.
However, some banks have made the identification verification process far too easy by asking callers to simply state the last four digits of their social security number.
A spokesperson for Apple emphasized that the secure mechanism for purchasing with card details stored on the phone had not been compromised.
“Apple Pay is designed to be extremely secure and protect a user’s personal information,” said the spokesperson. “During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”