When Tim Cook unveiled Apple Pay last year, the company hailed it as a simple contactless payment solution that also brings extra security to credit cards. Except according to one report, Apple Pay is actually making it easier for scammers to commit credit fraud.
Apple Pay’s security problem has nothing to do with Touch ID, NFC, Apple’s secure element, or stolen iPhones. All of that is locked down as tightly as Apple advertised. The problem, according to an unconfirmed report from DropLabs, is that Apple Pay is so easy to use, fraudsters don’t even have to create a physical fake card anymore.
According to Drop Labs’ report, scammers have gone with a much more low-tech way to take advantage of Apple Pay. Instead of hacking the hardware, fraudsters are just buying stolen consumer identities, complete with credit card info, and loading that into Apple Pay. This allows them to create a fake digital credit card without going through the hassle of printing it out on plastic to use in stores.
Stolen credit card data has been around long before Apple Pay, so there’s not much Apple can do about that. However, the problem is that banks aren’t taking all the necessary measures to ensure the actual credit card owner is the one using the credit card on Apple Pay.
Banks have the choice to authenticate Apple Pay cards with a two-factor code sent to the owner’s phone number. Apple also gives banks the option to have card holders phone into a call center to authenticate. The call-in authentication is much easier for fraudsters to pass, but most banks have gone with this option anyway.
Regular credit cards have an average fraud level of 1%, meaning $1 out of every $100 charged is fraudulent. But Drop Labs claims some Apple Pay banks have seen their fraud levels jumps up to 6%. Apple and its banking partners can easily fix this by dropping the call-in option altogether, and we expect fraud rates will drop soon. But this just proves even the strongest chain is only as good as its weakest link.