Weak Bank Verification Resulting in Credit Card Fraud, Not Apple Pay
Despite its recent and limited launch (October 2014), Apple Pay is already used by nearly 2 million Americans: In January, the Bank of America announced more than 800,000 customers, and recently JP Morgan Chase said it had more than a million customers using the iPhone 6. However, there are challenges that need to be solved, and fraud – yes, you read it right – is one of them.
It came as a surprise to everyone involved in the game, and it was first publicly highlighted by Cherian Abraham, a mobile-payments specialist who is a consultant to US finance groups, on his blog.
While it’s easy to tweak things to blame Apple for not creating a secure platform, the root problem is the blooming identity theft and the weak security systems implemented by banks. Apple has its share of the problem: It could have done a better job of forcing banks to choose the yellow path when a customer adds a credit/debit card to Apple Pay.
Banks perform two types of checks when someone adds a card to Apple Pay: “US banks are using a “green path” for cards they approve straight away on such data, and a “yellow path” for cards requiring more checks. But some banks have made the task too simple by asking callers to verify their identity with the last four digits of their social security number (SSN). Though meant to be secret, SSNs are commonly stolen in identity theft,” writes the Guardian.
Apple’s official statement:
“Apple Pay is designed to be extremely secure and protect a user’s personal information,” the spokesman said. “During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”
Canada and Europe have had the advantage of using the Chip and PIN method for years now, so it’s the US banking system that needs some work. We don’t exactly know how Canadian banks will perform checks when Apple Pay launches here, but we do know that in Europe banks will follow the yellow path. We hope Canadians will do the same.