Authentication Issues: New Apple Payment System Linked to Frauds

authentication issues

Sophocles is noted as saying that it is better to fail with honor than to succeed by fraud. Unfortunately, for Apple this philosophy isn’t shared by criminals within the Apple Payment System.

Relaxed authentication practices used by the banking institutions have led to fraud issues with the Apple Payment System. New exploits linked to Apple Pay are quickly proving how easy it is for crafty fraudsters to take advantage of even the most seemingly secure payment systems. The issue is tied to using shortcuts and that banks are accepting and verifying cards which are linked to iPhone for Apple Pay purchases.

“The problem apparently is linked not to a compromise of the mobile device’s security, but payments and security experts say fraud has resulted from some early Apple Pay transactions, although no banks contacted by Information Security Media Group would comment for attribution. One executive with a mid-tier institution on the West Coast that just launched Apple Pay last month, who asked to remain anonymous, says issuers have been talking about fraud levels as high as 6 percent – the equivalent to millions of dollars in fraudulent transactions.” – BankInfoSecurity.com

Banks relaxed approach towards verifying cards that are loaded to the iPhone is a departure from earlier reports concerning the amount of rigor the Apple Pay system has been built around. According to an earlier story by the Wall Street Journal, in an effort to ensure the owner of the card is the individual who is loading it into the phone, banks are making customers “jump through hoops.”

For example, the bank may send a one-time authorization code to the customer’s email or mobile phone that must be entered into the Apple Pay set-up. Other banks may ask the customer to call a toll-free number where a customer-service representative will try to verify the person’s identity with a series of questions about recent purchases or a home address. A few banks are taking the extra step of asking the customer to authorize their Apple Pay request by logging into their online bank account.

This level of attention creates a 6 percent fraud figure, which has also been cited by DROP Labs as more depressing. But just how bad is a six percent fraud? According to BankInfoSecurity.com, the average loss for fraudulent credit card transactions is typically less than 1 percent.

This issue with Apple Pay underscores the importance of proper authentication and highlights the dramatic results that authentication gaps can cause for an industry and consumers. But in the end, the same procedures ensure that you are not a victim of fraud remain always pay close attention to your statements to make sure that they aren’t being charged for purchases that you didn’t make.

This Blog was brought to you by Hypersocket Software and its CEO, Lee David Painter. With over 20 years of industry experience as a pioneer in IT Security, Lee developed the world’s first OpenSource browser-based SSL VPN (SSL-Explorer). Today, Lee runs Hypersocket Software, a leader in Password Self-Service solutions.
LogonBox Password Self Service

Like that? Check these out: