Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Crime Security The Almighty Buck Apple

Fraud Rampant In Apple Pay 269

PvtVoid writes with this report from the New York Times, excerpting: An industry consultant, Cherian Abraham, put the fraud rate [for Apple Pay] at 6 percent, compared with a traditional credit card fraud rate that is relatively minuscule, 10 cents for every $100 spent. [i.e. one tenth of one percent]. The vulnerability in Apple Pay is in the way that it — and card issuers — "onboard" new credit cards into the system. Because Apple wanted its system to have the simplicity for which it has become famous and wanted to make the sign-up process "frictionless," the company required little beyond basic credit card information about a user. Nor did it provide much information to the banks, like full phone numbers and addresses, that might help them detect fraud early. The banks, desperate to become their customers' default card on Apple Pay — most add only one to their iPhones — did little to build their own defenses or to push Apple to provide more detailed information about its customers. Some bank executives acknowledged that they were were so scared of Apple that they didn't speak up.
This discussion has been archived. No new comments can be posted.

Fraud Rampant In Apple Pay

Comments Filter:
  • by Galaga88 ( 148206 ) on Tuesday March 17, 2015 @09:31AM (#49274781)

    The story doesn't really indicate how this could be much of Apple's problem - it sounds like the cards that are getting used are already stolen?

    I guess what's happening is criminals are getting stolen CC info, and are then able to use it in a physical environment via Apple Pay where it previously would have required printing a forged card?

    The article mentions that it's easier to get away with fraud in person because the lack of shipping delay leaves less time to catch it, which shows why they'd be so eager to jump to a method like this.

    • by rgbscan ( 321794 ) on Tuesday March 17, 2015 @09:41AM (#49274877) Homepage

      This is exactly what it is. Already compromised cards being added as payment token. Banks are supposed to follow a protocol called "Yellow path" to prevent this fraud, but since everyone wants their ApplePay to work right away without having to call a call center, a lot of banks are lenient on the security checks. This is not a problem with Apple's technology, or the secure element on the phone, or the fingerprint reader. This is a bank allowing a card to be added to an ewallet, presumably because the party adding the card has all the relevant info (stolen identity) to make it work.

      • This sounds like some companies are fighting with Apple over who has to pay for the security checks. Since Apple is posting record profits, they see Apple as the one who needs to do it, even though the problem is clearly with how insecure credit cards always have been .

      • Re: (Score:2, Insightful)

        by Lumpy ( 12016 )

        American banks have ALWAYS sucked at security in the world of the credit card. that CCV number on the back of the card is the dumbest thing ever and offers zero security.

        • by doug141 ( 863552 )

          I've seen a 4-figure mail-order fraud fail to work because the crook couldn't give the CCV numbers over the phone.

        • I always assumed CCV was designed to offer basic protection against incidental photographs of the card being taken, and other situations where only one side of the card has been compromised.

          • I always assumed CCV was designed to offer basic protection against incidental photographs of the card being taken, and other situations where only one side of the card has been compromised.

            Not really - Amex puts its CCV on the front of the card. The real purpose is that the CCV isn't encoded in the magnetic strip, and isn't embossed, so theoretically, someone using a magnetic swiper to steal data or someone dumpster diving for those old carbon paper-imprint style records would get the numbers but not the CVV.

            But of course, the person who is stealing your credit card info is most likely your waiter, and they have a minute or two with your card over at the POS to copy down the CVV manually.

            • by Strider- ( 39683 ) on Tuesday March 17, 2015 @02:25PM (#49277343)

              But of course, the person who is stealing your credit card info is most likely your waiter, and they have a minute or two with your card over at the POS to copy down the CVV manually.

              And this is why the United States needs to move to EMV (Chip & Pin) like the rest of the world. Rather than the waiter taking your card away, they bring you a hand-held terminal, which you then take and perform the last portion of the contract yourself, with the card never leaving your hands.

              • But of course, the person who is stealing your credit card info is most likely your waiter, and they have a minute or two with your card over at the POS to copy down the CVV manually.

                And this is why the United States needs to move to EMV (Chip & Pin) like the rest of the world. Rather than the waiter taking your card away, they bring you a hand-held terminal, which you then take and perform the last portion of the contract yourself, with the card never leaving your hands.

                Yep. Great system, though a little awkward when tipping and they're standing over you staring as you go to push the 10- no, 15- no, [gulp] 20% button. Maybe that's why they don't tip much in Europe.

                That said, there's a reason why the US is moving to Chip & Signature cards, but not Chip & PIN. The banks will tell you it's because they don't want to confuse or scare their customers who can't learn new systems, but the real answer is that legally, if there's fraud on regular credit cards or chip & signature, the banks can charge it back to the merchant, who must have failed to verify the signature or ID of the purchaser. If there's fraud on chip & PIN cards, legally, the banks have to eat it. So they're not moving to that until they have to.

                • Re: (Score:3, Informative)

                  by Anonymous Coward

                  The reason why in Europe tipping is less "rampant" is that the tip is a tip and not a the service charge. In most European countries, the service is calculated into the price of the meal, so you are paying the tip to encourage above average service and not to make sure the waiter gets paid at all.

        • by dave420 ( 699308 ) on Tuesday March 17, 2015 @12:29PM (#49276405)
          You should probably read what the CCV is for before telling everyone you can't be bothered to and just making up your own explanation.
      • by AmiMoJo ( 196126 ) * <mojo@worl d 3 . net> on Tuesday March 17, 2015 @11:01AM (#49275581) Homepage

        ApplePay is part of the problem. Because it tries so hard to keep information away from banks and retailers it makes it harder to detect fraud. If Apple were providing things like names and phone numbers to the banks they could very easily see that a particular CC was not being used by the authorized owner or on a phone they had never used it with before.

        To be fair, banks could have demanded that information during sign up, but didn't. There is plenty of blame to go around. What I'd like to know is who pays for it. Usually it is the merchant, in which case I'd expect to see some of them refusing Apple Pay.

      • This is exactly what it is. Already compromised cards being added as payment token. Banks are supposed to follow a protocol called "Yellow path" to prevent this fraud, but since everyone wants their ApplePay to work right away without having to call a call center, a lot of banks are lenient on the security checks. This is not a problem with Apple's technology, or the secure element on the phone, or the fingerprint reader. This is a bank allowing a card to be added to an ewallet, presumably because the party adding the card has all the relevant info (stolen identity) to make it work.

        Here's what I don't understand. ApplePay is tied to a specific phone and has, or should have, access to user specific identification that it can share with the bank. If that doesn't match with the banks info, such as phone number on the account, then they could refuse ApplePay. They could send an email to the card holder or call an alternate phone number to verify the card is not compromised, or refuse to activate the card if a second phone with a spoofed phone number attempts to activate. They also have ac

    • by Ronin Developer ( 67677 ) on Tuesday March 17, 2015 @09:46AM (#49274911)

      I read another article on this. As the article tries to expose, the fault lies not in Apple Pay, but rather in (as the article suggests), the process by which cards are authorized for use with Apple Pay during the onboarding process. There are two paths, the Green Path and the Yellow Path when authorizing a card. The difference is the types of information collected and passed. Most cards go down the Green path. But, when a card has incomplete information, it goes down the Yellow path and is subject to less stringent and, sometimes, manual intervention. It is down this pathway where the fraud occurs.

      While a card is being approved during the Yellow pathway, the card can be used using the card number, expiration date and, not always, the security check value.

      It is up to the banks and card issuers to secure their onboarding process. Apple (via Apple Pay) is not responsible for ensuring this takes place. Thankfully, the fraud is easy to detect and remedy. Next year, when our cards all have chips in them, the exposure via the Yellow Path will all be eliminated.

      Apple supporters were right to call out Mr. Abraham - he is biased and attempting to create FUD against Apple and Apple Pay. The real fault and finger pointing needs to be directed to the banks and they need to get their houses in order.

      • by myowntrueself ( 607117 ) on Tuesday March 17, 2015 @10:19AM (#49275157)

        Apple supporters were right to call out Mr. Abraham - he is biased and attempting to create FUD against Apple and Apple Pay. The real fault and finger pointing needs to be directed to the banks and they need to get their houses in order.

        Indeed.

        If the banks had the courage to confront Apple and demand that Apple Pay include more information then this wouldn't have happened. Its entirely the banks fault for being scared of Apple (which probably has a larger war chest than all those banks combined).

      • by _xeno_ ( 155264 ) on Tuesday March 17, 2015 @11:14AM (#49275701) Homepage Journal

        It may not be Apple's fault (exactly), but it sure as hell is their problem. If more than 1 in 20 ApplePay transactions are fraudulent, what merchant in their right mind is going to accept it as a payment method? (Remember that fraud is paid by the merchants, not the banks.)

        Even if it isn't Apple's fault, it sure is their problem to solve.

    • by DogDude ( 805747 ) on Tuesday March 17, 2015 @09:48AM (#49274917) Homepage
      It's easier to punch stolen numbers into a phone than it is to print up an actual card. When chip + pin happens, all of the criminals will be using Apple Pay.
    • by Solandri ( 704621 ) on Tuesday March 17, 2015 @09:54AM (#49274971)
      When you use a credit card online or in the store, the merchant can use various information like your address, phone number, the security code printed on the card, your signature, to confirm the card is valid. (The U.S. is finally rolling out EMV smart card chips.) This is actually optional - the merchant doesn't have to do it. But if the cardholder issues a chargeback, the merchant's chances of successfully contesting the chargeback are much better if they've used these options. If you've ever wondered why the gas pump asks for your zip code when you use a credit card, this is why. It's not trying to collect marketing data, it's doing a rudimentary identity check to elevate the chances that you are the card's actual owner.

      Anyhow, allowing transactions using only the card numbers themselves is horribly flawed because anyone can just take a photo of a card to get its numbers. So the credit card companies have come up with these other methods to "verify" the card's authenticity. (I put it in quotes because it doesn't actually verify the card's authenticity, just reduces the chances the card is not authentic.) Apparently Apple refused to forward much if any of this information to the banks when a fresh card is first being loaded into Apple Pay, making it easy to load a stolen credit card - easier than actually using the card for a purchase. And the banks were too cowed to make an issue of it, landing them in the mess they're in.

      On the one hand it's the bank's fault for not speaking up and pressing a vital security issue. On the other hand it's Apple's fault for being an 800 pound gorilla which uses its market clout to force concessions from its partners. Stuff like this is why you always want at least two strong competitors in a given market - so if one makes unreasonable demands of a business partner, the partner is not afraid to tell them to go jump in a lake. It's the same reason we allow unions - because the hiring employer has a lot more clout than the individual employees.
      • On the one hand it's the bank's fault for not speaking up and pressing a vital security issue. On the other hand it's Apple's fault for being an 800 pound gorilla which uses its market clout to force concessions from its partners. Stuff like this is why you always want at least two strong competitors in a given market - so if one makes unreasonable demands of a business partner, the partner is not afraid to tell them to go jump in a lake.

        I like the looks of Apple Pay, and think it's a great move forward but even as an Apple fan, it seems bizarre for Apple to move forward on their own payment standard rather than the industry creating one. I mean, I know they did it so that they could skim profits off the top, and that they got away with it because they're worth 700 gazillion dollars and could probably make demands of the ocean, but I really wish this had come about via an industry standard.

        Of course then, it'd probably suck.

        • by znu ( 31198 )

          Apple Pay is built on top of standardized front-end payment infrastructure, and competing systems can be (and are being) built on that infrastructure as well. It's analogous to being able to visit, say, either Google or Bing from the same computer; the world doesn't need to agree on a single standard search engine if multiple search engines can be accessed via the same front-end (in that case, the web browser and user's Internet connection), and in fact user choice is better enabled if it doesn't.

        • I like the looks of Apple Pay, and think it's a great move forward but even as an Apple fan, it seems bizarre for Apple to move forward on their own payment standard rather than the industry creating one.

          ApplePay uses industry standard technology that was not created by Apple. Apparently you were not aware of this. Plenty of merchants already have the necessary tech to use ApplePay whether or not they elect to accept it. The only thing Apple did was to make setting up and using the whole thing FAR easier. I fully expect ApplePay to get copied in part or in whole by the Android and Windows ecosystems.

          • by DogDude ( 805747 )
            I fully expect ApplePay to get copied in part or in whole by the Android and Windows ecosystems.

            Nah, what's going to happen is Visa/Mastercard is going to do it themselves, and cut out all of the middlemen (Apple, Google, etc.)
            • by sjbe ( 173966 )

              Nah, what's going to happen is Visa/Mastercard is going to do it themselves, and cut out all of the middlemen (Apple, Google, etc.)

              Really? How are they going to get access to the phones without going through Apple, Google or Microsoft? Curious how you think that is going to happen. If you say they're going to do it through an app I'll laugh my ass off.

              • by DogDude ( 805747 )
                Yeah, nobody writes apps these days. That'd be crazy.
                • by gnupun ( 752725 )

                  But what if Apple, Microsoft and Google ban such apps from using NFC for payment or they have proprietary API not shared with app developers that you need to make an Apple Pay clone? After all, despite millions of apps, only 4 or 5 app stores exist in the mobile world and they belong to Apple, Google, Microsoft and other mobile OS vendors.

                  • by DogDude ( 805747 )
                    They could, but they'd shoot themselves in the leg because nobody would want a phone where you couldn't make standard Visa/MC transactions. Visa/MC are much larger and more influential than Google, Apple, and Microsoft combined, when it comes to payments. You can pay for shit without Google, Apple, or Microsoft, but you can't without Visa/MC.
        • I like the looks of Apple Pay, and think it's a great move forward but even as an Apple fan, it seems bizarre for Apple to move forward on their own payment standard rather than the industry creating one. I mean, I know they did it so that they could skim profits off the top, and that they got away with it because they're worth 700 gazillion dollars and could probably make demands of the ocean, but I really wish this had come about via an industry standard.

          You don't get to be first to market by waiting for an industry standard. In fact, if you wait for that to happen you probably won't even get into the market. You build it out as fast as you can using as much existing infrastructure as you can, then pivot if and when the industry gets around to creating a standard. In the meantime you build a leading market share and can even leverage that during the standards creation process.

        • I know they did it so that they could skim profits off the top...

          You claim to be an "Apple fan"; yet you make a tell-tale comment like that?

          Apple supposedly receives something like .00018% of aggregate transaction fees from each member bank (sorry, I can't find where I read that right now); but, according to what I read, has no way of checking nor enforcing such fees; so it doesn't look like they designed the system with that as an important monetization feature; but rather as a general-purpose fund to help offset the administration costs of the setup procedure, of whi

        • Apple is just one of the many vendors supporting the global NFC standard. Cognizant of all those stories coming out of Europe about wallet-brushing skimming devices, Apple Pay is just a more secure implementation of the standard.

    • by jellomizer ( 103300 ) on Tuesday March 17, 2015 @10:10AM (#49275101)

      So if you use Apple Pay, you have less of a chance of getting YOUR credit card data stolen... However if your credit card had already been stolen, Apple Pay means there is a higher chance of it getting used. Because you won't need to face someone who may question your identity.

  • Apple Pay is simply going to get too expensive for all but the most clueless merchants to use, both from the fraud and from Apple's eventual fees. It was a bad idea to begin with, and it's a bad idea now.
    • Except that you could switch out "Apple Pay" for the upcoming "Samsung Pay" or "Google Wallet" or "Contactless Payments" and still have the same problem.

      This is not fraud happening because someone has cracked Apple Pay - this is bad people doing what they would have done before, only using stolen credentials and information on an iPhone.

      Also, I love the meaningless statistic at the top of the summary - a 6% fraud rate, out of how many transactions? And that 0.1% fraud rate on traditional magswipe transacti

      • by DogDude ( 805747 )
        Except that you could switch out "Apple Pay" for the upcoming "Samsung Pay" or "Google Wallet" or "Contactless Payments" and still have the same problem.

        Absolutely. Contactless is pointless and expensive as fuck for merchants. I can't imagine many businesses where the "neat-o" factor from a few phone enthusiasts to be able to pay with their phones is going to outweigh the costs.
        • Contactless is pointless and expensive as fuck for merchants.

          If your customers like it then it is not pointless. Furthermore most merchants either already have the tech or will have it within the next year. The costs get passed on to customers anyway so the only relevant comparison is if one merchant is getting a better deal than another merchant. If both accept the same methods of payment then there is effectively no cost to the merchant at all. You need to familiarize yourself with the concept of Incidence of Payment.

          I can't imagine many businesses where the "neat-o" factor from a few phone enthusiasts to be able to pay with their phones is going to outweigh the costs.

          Because it won't be just a few phone enthusi

          • by DogDude ( 805747 )
            If your customers like it then it is not pointless. Furthermore most merchants either already have the tech or will have it within the next year. The costs get passed on to customers anyway so the only relevant comparison is if one merchant is getting a better deal than another merchant. If both accept the same methods of payment then there is effectively no cost to the merchant at all. You need to familiarize yourself with the concept of Incidence of Payment.

            Or the ones that don't accept the payment are
        • Absolutely. Contactless is pointless and expensive as fuck for merchants. I can't imagine many businesses where the "neat-o" factor from a few phone enthusiasts to be able to pay with their phones is going to outweigh the costs.

          You do realize that newer EMV cards support contactless payments as well, right? No phone needed. You get the convenience of "tap and go" with the added security that EMV provides.

    • Apple Pay is simply going to get too expensive for all but the most clueless merchants to use, both from the fraud and from Apple's eventual fees.

      Anything Apple might charge will be a rounding error compared to the 3-5% the credit card companies charge merchants. Furthermore those fees get passed on to the customers so merchants only give a shit if their competition doesn't have to pay the same fees.

      Regarding the fraud, it sounds like the banks aren't following their own security procedures which results in... duh, fraud.

      It was a bad idea to begin with, and it's a bad idea now.

      I could not disagree more. I'm not an Apple fanboi but I've used ApplePay and it's fantastic for customers. It's easily the best

      • Apple Pay is simply going to get too expensive for all but the most clueless merchants to use, both from the fraud and from Apple's eventual fees.

        Anything Apple might charge will be a rounding error compared to the 3-5% the credit card companies charge merchants. Furthermore those fees get passed on to the customers so merchants only give a shit if their competition doesn't have to pay the same fees.

        Regarding the fraud, it sounds like the banks aren't following their own security procedures which results in... duh, fraud.

        Apple will probably charge 30%

      • by DogDude ( 805747 )
        Anything Apple might charge will be a rounding error compared to the 3-5% the credit card companies charge merchants.

        90% of sales in brick and mortar stores are card-based (as opposed to cash). No sane merchant is going to give up 0.5%-1% of total sales or whatever Apple ends up charging so their customers can have a "gee whiz neato" moment at check out.

        And no, it's not 3-5%. It's closer to 2-2.5% for medium and large sized merchants.
      • Anything Apple might charge will be a rounding error compared to the 3-5% the credit card companies charge merchants. Furthermore those fees get passed on to the customers so merchants only give a shit if their competition doesn't have to pay the same fees.

        Apple doesn't charge Merchants; it charges BANKS. And the fees are "aggregated" and VERY small (like around a thousandth of a percent). So "rounding error", indeed.

        • by DogDude ( 805747 )
          Apple doesn't charge Merchants; it charges BANKS.

          Oh, and I'm sure the banks are doing it for free and won't change the rate on Apple Pay payments like they constantly raise the rates on regular cards. I love how banks are always giving away free things!!
  • Come on... (Score:2, Interesting)

    I could see the big bad CEOs being scared when Jobs was in charge, but Cook?

    God, bankers are even bigger pussies than I thought.

    • I could see the big bad CEOs being scared when Jobs was in charge, but Cook?

      God, bankers are even bigger pussies than I thought.

      Are you saying that gay guys can't be scheming sociopaths? Remember, Jobs chose him as his replacement.

  • For credit cards, frauds are nothing to banks. They just pay it from their profits, and the customer doesn't have to worry. Maybe it is the same here? Perhaps it still pays off for the banks and Apple to do that extra business, and it works out in their calculation.

    • Re:Calculated risk (Score:5, Informative)

      by DogDude ( 805747 ) on Tuesday March 17, 2015 @09:36AM (#49274827) Homepage
      . They just pay it from their profits, and the customer doesn't have to worry.

      No, they charge the merchant all different rates based on the risk of that particular transaction. There are hundreds of categories of cards, swiped vs non-swiped, address info vs no address info, etc. Apple Pay is going to be absurdly expensive for the merchants dumb enough to take it.
      • Re: (Score:2, Informative)

        by Anonymous Coward

        they charge the merchant all different rates based on the risk

        And then on top of that, when fraud is caught they just take the money back out of the merchant's account.

        In no way do they ever "pay it from their profits".

        • by DogDude ( 805747 )
          Actually, some laws were recently passed that puts even more liability on the merchant and less on the processors. Any smart merchant is going to run from Apple Pay and everything else that isn't chip + pin (come this October).
        • And then on top of that, when fraud is caught [the banks] just take the money back out of the merchant's account. In no way do they ever "pay it from their profits".

          This. A hundred times this.

          I don't know if it's changed recently, but from reading Internet discussions on credit card fraud etc., it was always clear that people thought that- despite a notoriously sloppy and too-lazy-to-fix-the-obvious-flaws attitude towards security, the party paying for the banks' apparent fecklessness was the banks themselves.

          Except, it isn't- it's the merchants. If there's a fraud, the money gets yanked back from the merchant, and that's the last he'll see of it. (No, you *won't

      • Except that Apple Pay is at contractually negotiated rates, below the "card not present" rates that online retailers already happily pay.

      • . They just pay it from their profits, and the customer doesn't have to worry. No, they charge the merchant all different rates based on the risk of that particular transaction. There are hundreds of categories of cards, swiped vs non-swiped, address info vs no address info, etc. Apple Pay is going to be absurdly expensive for the merchants dumb enough to take it.

        Hey fucktard! APPLE DOESN'T CHARGE MERCHANTS [digitaltransactions.net]

        Learn to READ.

    • Re:Calculated risk (Score:4, Interesting)

      by ShanghaiBill ( 739463 ) on Tuesday March 17, 2015 @09:54AM (#49274965)

      For credit cards, frauds are nothing to banks. They just pay it from their profits

      No. Nearly all the cost of fraud is pushed onto the merchants, who pass it on to consumers in the form of higher prices. So you are paying for credit card fraud even if you pay cash.

      This is the problem with credit card fraud. The banks are in the best position to fix the problem, but have little incentive to do so, since they don't bear the cost.

  • Both of the banks and the on CC card I have on ApplePay required I read an email, click a link and login to my account and explicitly authorize the use of the card before it was usable.

    You mean there are companies NOT doing this?!

    • Both of the banks and the on CC card I have on ApplePay required I read an email, click a link and login to my account and explicitly authorize the use of the card before it was usable.

      You mean there are companies NOT doing this?

      I could swear I read this exact article some time ago, before the NYT published it so maybe the "toughened standards" banks talk about were already enacted quite a while back and we're just now hearing about the problem?

  • Some bank executives acknowledged that they were were so scared of Apple that they didn't speak up.

    And such officials are still employed? In my opinion, such employees are good candidates for immediate termination.

    But wait! We're gonna hear about the usual vitriol from these banks. I will go something like this:

    "We take [the] security of our operations and clients' accounts with us very seriously."

    "We process in excess of several billion transactions daily and although fraud is part of our industry, it constitutes less than 0.1% of our business." "Our bank is committed to providing the best security t

    • No, that 's not it. You see, these people get paid the big bucks to make the tough decisions. They are our best and brightest, just like the folks on Wall Street, so whatever they do, you cannot question them. After all, they know what they're doing.

  • by DigitAl56K ( 805623 ) on Tuesday March 17, 2015 @09:42AM (#49274891)

    .. I had to electronically send in a picture of a government-issued photo ID and a recent utility bill showing my home address.

    Short story: Retailers should probably trust Google's platform more when it comes to fraud.

    • Right until Google drops the axe on it. They're already well into phase one: ignoring it's existence.

    • .. I had to electronically send in a picture of a government-issued photo ID and a recent utility bill showing my home address.

      Google can kiss my shiny-white-hiney if they think I'm going to share any of that with them. They already know too much about me. My bank has more than adequate information to confirm my identity to Apple or Google. They don't need more than they already have.

      Short story: Retailers should probably trust Google's platform more when it comes to fraud.

      Right because it would be so hard to forge a picture of a government photo ID and utility bill...

      • Right because it would be so hard to forge a picture of a government photo ID and utility bill...

        It's pretty difficult to do for each one of a file full of CC numbers you bought from a Russian hacker.

        Actually, though, I should point out that the photo ID, etc. aren't part of the normal Google Wallet onboarding flow. Google Wallet does request information about name, address etc. which are cross-checked with the bank to confirm your identity. I'm not sure why the GP had to go further. Likely something triggered a fraud risk alert, which invoked the need for stronger verification. Note that I said "str

  • Simplicity? (Score:5, Informative)

    by serviscope_minor ( 664417 ) on Tuesday March 17, 2015 @09:54AM (#49274969) Journal

    How on earth does Apple Pay have more simplicity than a credit card? Here's how it works with a credit card:

    1. Touch card or even whole wallet on reader.
    2. Done!

    And for more expensive transactions (over 20GBP, soon to be 30):

    1. Insert card.
    2. Enter PIN.
    3. Done.

    It doesn't get much simpler than the first one, really. I don't even have to extract my card.

    • by bondsbw ( 888959 )

      In the states, we current use magnetic stripe for physical transactions. The "security" offered is in signature. I hate it, it's dumb, it's getting fixed supposedly, but it is what it is for now.

      For us, Apple Pay means not having to extract a card, and with Touch ID it offers a somewhat real level of physical security as well.

      • by bondsbw ( 888959 )

        Another thing, Apple Pay provides a different card number to merchants than your regular card. That way if something looks fishy, you can disable that card number on Apple Pay and re-enroll with a new number, rather than having to deal with canceling your main card.

        That said, I wish they took it one step further and provided a one-time-use CC number for every transaction. This way anyone who manages to steal that information would not be able to use it again.

        • by wbo ( 1172247 )

          That said, I wish they took it one step further and provided a one-time-use CC number for every transaction. This way anyone who manages to steal that information would not be able to use it again.

          Actually that is exactly what Apple Pay does. and is precisely why I have begun using Apple Pay as much as possible The phone generates a new one-time use credit card number for each transaction. So even if the number given to the merchant is compromised somehow, it will be rejected if someone tries to make a

    • Here's how it gets easier. No cards to carry. I don't know about you but I carry four credit cards with me. Heck I could even imagine no wallet. One less thing to carry. Touch phone to reader... done. Works for other things too... unlike your credit card. Hotel door room, electronic key for your car/house, airline boarding passes, movie passes. (Yes, I mixing the two... but that shows the simplicity of it.) One phone to rule them all! (small print: "And in the darkness bind them.") :D
      • by rkww ( 675767 )

        I think you've missed out the bit where your credit card contains a contactless chip. At which point it can facilitate all the things you describe, without your having to give a percentage to Apple.

        You could even tape the card to your phone :-)

    • In terms of convenience, ApplePay is about as easy as a contactless credit card. It takes me about 3 seconds to pay with ApplePay and at least for me it's faster than even a contactless card because I keep my phone in a more accessible pocket than I do my wallet.

      More importantly, ApplePay is significantly easier to use than chip-and-pin or traditional cards, which is where its competition really is (because that is what most people use in the U.S. who are just now starting to migrate). And also significan

  • Suppose the industry banded together and said not just no but "Hell. No!" to measures to water down security in the name of convenience. Then they'd be accused of anti-competitive tactics and trying to protect their business model by many of Apple's supporters.

    • by znu ( 31198 )

      There was no need for them to "band together," as Apple Pay allows each card issuer to individually choose how much verification to do.

  • While I'm sure there is fraud, and maybe it is rampant, Abraham's 600bps statement is backed by no source. He might as well pulled out the old, "some people say" line to use with it.

  • by nimbius ( 983462 ) on Tuesday March 17, 2015 @10:28AM (#49275233) Homepage
    Mastercard and Visa are the only two companies that handle credit card transactions at the end of the day, and theyve often admitted theyre effectively the same company. Apple is acting as a credit card processor, and affording nothing more than a luxurious API to developers and consumers at a premium that includes the credit card processing fee assessed by the only credit card processing monopoly in america. Its why credit card companies compete with, but ultimately dont care about, apple pay.they control the VAN (Value added networks) through which credit and debit cards get processed.

    What Apple should be worried about here is fraud, for which credit card companies have zero tolerance outside their own fuckups. Screw up too many times and your processing fees go up and banks flag you for fraud analysis. screw up way too many times and they revoke your processing capability entirely.
    • by Chrisq ( 894406 )

      Mastercard and Visa are the only two companies that handle credit card transactions at the end of the day, and theyve often admitted theyre effectively the same company.

      Don't American Express handle their own too?

      • by DogDude ( 805747 )
        No, American Express goes through the same network. That's why it's more expensive than Visa/MC. When you get a merchant account, you get another American Express merchant number that you plug into wherever you're processing Visa/MC.
    • Mastercard and Visa are the only two companies that handle credit card transactions at the end of the day

      Actually, Mastercard and Visa aren't even companies. They're associations of banks. There are incorporated entities under those names (many of them, actually, one per country, plus Mastercard International and Visa International, which themselves have many national subsidiaries), but they don't issue credit cards, and only operate some pieces of the transaction processing networks.

      theyve often admitted theyre effectively the same company.

      As someone who regularly meets with representatives from both, discussing areas where the competitors are trying to collaborate

    • Apple is acting as a credit card processor

      You're confusing Apple Pay with Google Wallet and Current-C.

      By design, Apple is specifically not in the CC processing business. Once set up, Apple has absolutely zero visibility into individual transactions. That remains strictly the purview of the Banks and Merchants. Apple simply isn't involved, period .

      Got it?

  • by koan ( 80826 )

    At this point Apple has become synonymous with "insecure".

  • by worldthinker ( 536300 ) on Tuesday March 17, 2015 @01:44PM (#49277027)

    When I added an AMEX Business card to my ApplePay, it required me to contact AMEX and then be put through the ringer of answering a bunch of obscure questions including responding as to whether I lived at the addresses they proffered. Some from decades ago. It's pretty freaky that a credit card company would know all that about you. There was probably little question that the card I was adding to ApplePay was assigned to me.

Failure is more frequently from want of energy than want of capital.

Working...