The headlines for Apple have been rough this week, following a report from a researcher at Drop Labs that indicated that fraud is running “rampant” on Apple Pay.
Particularly at issue is how cards are provisioned into the the Apple Pay service. The high-tech end of Apple’s security protocol is working as designed – as a strong trifecta of tokenization, biometric authentication and secure element storage – which means that once the data is stored there it is fairly safe.
The problems have been vouching for the data before it is put on the phone. Thieves, instead of trying to hack Apple Pay, are instead detouring around its security technology by entering stolen cards into the system, thus allowing them to essentially port card-not-present fraud into the world of card present transactions.
The chain seems to break down on what is known as the “yellow path” for card provisioning, wherein banks verify that the person adding a card to an Apple account is a legit card holder. Different banks vary on what additional steps they take to verify account details. Some ask customers to enter additional data to confirm their identities, and a small number require customers to log into their online accounts to authorize the Apple Pay service. Sometimes, customers are asked to call customer-service representatives to set up cards.
For their part, banks claim to be working to address the issues.
“Our member banks are reacting as quickly as possible to ensure their verification processes are adequate to thwart this new kind of fraud,” Vice President and Senior Counsel at the Consumer Bankers Association David Pommerehn told The Wall Street Journal.
The other issue at hand is the source of the cards. After 14 months of data breaches happening everywhere, the market is now saturated with stolen credit card numbers from the Target breach and all the others that followed.
“There is a trail of fraudulent activity as a result of these larger breaches and our job is to catch that in the process,” said Jeff Siekman, director of payments and commerce solutions products at Fifth Third Bancorp, a large regional bank that is based in Cincinnati.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More