Apple Pay fraud not quite what it seems

image Bank of America Apple Pay ad

Apple Pay may be just four months old, but already, 6 percent of its transactions are fraudulent, according to one payment expert. It’s easy to blame Apple for that, but it seems that an underlying problem at the banks is what’s really at fault.

In an article entitled “Fraud Comes to Apple Pay,” The Wall Street Journal this week detailed the increasing trend in fraudulent Apple Pay transactions.

Cherian Abraham, a payment expert who works with banks on mobile-payment strategies, says the issue is “growing like a weed,” and adds that banks are struggling to combat it.

Around 6 percent of transactions made through Apple’s mobile payment service are fraudulent, which compares to a rate of about 0.1 percent for traditional retail purchases using a plastic card. And yet, Apple Pay was supposed to be the most secure payment method so far.

Apple certainly has the measures in place to ensure security; not only does it encrypt the data on your iOS device so that it cannot be accessed, but it doesn’t send any of it to the cloud, or share it with retailers. Instead, transactions are authorized using a one-time code.

Apple Pay is also secured with your fingerprint, so even if your iPhone is stolen, thieves are unable to make purchases using your credit card data.

But it seems Apple Pay isn’t the problem here. Trusteev, a blog about anti-fraud technology, explains the real issue is with the banks, and that “it’s on them, not Apple to solve this issue.”

You see, the root of the issue is stolen credit card data, and how easy it is for that to be added to Apple Pay. Fraudsters can buy stolen credit card details online, then authenticate them far too easily, enabling them to make as many purchases as they wish until the card in canceled.

But the banks don’t make it too difficult for fraudsters, Abraham says. They’re all so eager to support Apple Pay that they want to make the process as simple as possible and reduce friction, which can mean authorizing credit card data that might otherwise be questioned.

If data added to Apply Pay doesn’t match that of the iPhone owner’s held by Apple, banks should be asking users to call in to provide more information for security. But according to one source speaking to The Journal, that’s not always happening.

“The banks are the ones footing the bill here, and taking huge losses in the land rush to be everyone’s default credit card for Apple Pay,” writes Rurik Bradbury of Trusteev.

While the headlines suggest Apple Pay is the problem, then, that’s just to make a credit card fraud story seem more interesting. But the root of the problem isn’t Apple’s service, it’s stolen credit card data that is too easy to authorize with the banks.

[via Trusteev]