Skip to main content

There's a Way To Scam Apple Pay And Identity Thieves Are Starting To Use It - Mashable

March 3, 2015

There's a Way To Scam Apple Pay And Identity Thieves Are Starting To Use It - Mashable

Mashable, by Rex Santus

Apple Pay has been touted as perhaps the most-secure method of payment available. But scammers have still found a way around the platform's strong encryption and biometrics, according to a report from The Guardian.

Instead of breaking Apple Pay's built-in security, identity thieves are taking advantage of lax rules for card activation from banks. In other words, crooks are loading stolen banking information on new iPhones and then using Apple Pay to purchase high-price items, according to the report.

Banks are supposed to verify all cards that are loaded onto Apple Pay. But some provision card use simply by confirming the last four digits of social security numbers, for example.

In particular, Apple Stores are being targeted. They, of course, accept Apple Pay and offer high-value, in-demand Apple products. The Guardian charts total losses from Apple Pay as "already running into the millions," citing "industry sources."

Apple Pay works using near-field communication at payment terminals. Its transactions utilize more-secure tokenized payments, and buyers have to verify their purchases with Apple's Touch ID fingerprint sensor. The combination of encrypted payments and biological verification is supposed to offer a good deal more security than typical magnetic strips — 

Apple is standing its ground, saying that Apple Pay itself is extremely secure — it is the banks' verification methods that are being called into question. It is not an Apple-exclusive problem, either, since this sort of verification rests in the hands of banks. .

"Apple Pay is designed to be extremely secure and protect a user’s personal information," an Apple spokesperson told Mashable. "During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”

Apple's mobile payment competitors face the same problem, according to mobile payments blog Drop Labs

Two big problems with cybersecurity are authentication and the "false sense of security" that comes with strong cryptography, Patrick Nielsen, senior security researcher at Kaspersky Lab, told Mashable. Apple Pay's security is strong, but thieves can find other, weaker links involved in the process, such as the banks. Read more.

There's a Way To Scam Apple Pay And Identity Thieves Are Starting To Use It - Mashable

There's a Way To Scam Apple Pay And Identity Thieves Are Starting To Use It - Mashable
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases