Apple Pay is Getting Blamed for Other Companies’ Bad/Lack of Security

When Tim Cook announced Apple Pay last fall it was pitched as a better and more secure way to make mobile payments, and so far that is proving to be true. It's months later and the only solid complaint against Apple Play is that Apple's business partners aren't using an adequate level of security.

Apple Pay is Getting Blamed for Other Companies' Bad/Lack of Security Apple

The security researchers at DropLabs reported on their blog yesterday that the banks and credit card companies who have signed up to support Apple Pay are seeing a high incidence of fraud - one as much as 60 times higher than the norm:

Credit card issuers in general have a good handle on fraud. They manage it under 10bps (i.e. losses of $0.10 or less per $100 of transactions) on transactions made with a dumb plastic card lacking any additional context. So Issuers wishing for Apple Pay fraud to fall between 2-3bps was not totally out of character, considering the protections in place by Apple and Networks to keep fraud away – including Issuer support during provisioning, NFC, Tokenization, a tamper proof Secure Element and TouchID. But fraud seems to have followed a different trajectory here. About a month post-launch, it seems like fraud has come to Apple Pay. (in one case – as high as 600bps for an issuer that I cannot name).

The problem here is that credit card fraudsters have caught on to the fact that the banks and credit card companies aren't using an appropriate level of security to confirm that the person setting up an Apple Pay account is actually the person who owns the account.

Had user info been lost when Apple Pay competitor CurrentC was hacked last fall, or when the US Office of Personnel Management (added fun: they do security background checks) was hacked, the criminals would be able to load the info into Apple Pay and con some banks into authorizing it.

And Apple is getting dinged for it.

Folks, as much as I would like to slap Apple around on this issue, I'm not sure why the blame for other companies neglecting to adopt secure procedures should be laid at the feet of Apple.

And that is exactly how some blogs, including Gizmodo and CultofMac, are reporting the story.

Sure, Apple is partly to blame, but in my mind they are less responsible for this than the financial institutions  who really should have know better.

Or did I miss something?

image by TheTruthAbout

About Nate Hoffelder (10081 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:"I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

1 Trackbacks & Pingbacks

  1. Apple Watch to Ship in April, Six Months After Apple Shipped Its Billionth iDevice ⋆ Ink, Bits, & Pixels

Leave a comment

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: