A recent rise in fraudulent Apple Pay transactions raises concerns among security analysts that the service’s simplicity may be a major weakness.
Users only have to open the app on smartphones and enter a credit card number, the
expiration date, and the verification code, and then Apple scores those users as safe or risky according to buying habits.
The card-issuing bank or company is informed and decides whether to accept or reject the user. “The issuers were probably so eager to be involved that they kind of forgot best practices and sidestepped some procedures they normally would’ve had [in order] to accept Apple Pay,” says Euromonitor analyst Michelle Evans.
Analysts say Apple Pay does far less than traditional credit cards to filter out bad consumers, easing fraudsters’ ability to deceive financial firms into approving stolen cards. Meanwhile, a more intensive application process for Apple Pay, or permitting banks to produce a host of procedures, would likely slow down signups or put off consumers.
Consultant Amitabh Saxena says concerns over Apple Pay could grow as Apple and other mobile payment services providers target online payments, because merchants are liable for such fraud instead of banks. Still, security blogger Brian Krebs thinks the issue with Apple Pay is more about implementation than the technology, and will ultimately be a minor inconvenience for Apple.