Scam of the day – March 6, 2015 – Security problems with Apple Pay

In the wake the massive data breaches in recent years from Target, Home Depot and others in which credit card numbers of millions of consumers were stolen, many people were very enthusiastic about the launch of Apple Pay in October of 2014.  Apple Pay was represented to be a safer and simpler way to make credit card purchases and it is.   The Apple Pay system permits you to tie your credit card to your iPhone and make payments using your phone and a fingerprint activated payment mechanism.   But nothing is fool proof and we should never underestimate the power of a fool or a hacker.  Lately, there have been increased reports of credit card fraud involving credit cards that are used through the Apple Pay system.  What is occurring is that identity thieves are stealing credit card information and then connecting those stolen credit cards to the identity thieves’ own phones.  They then use the cards through the Apple Pay system to purchase expensive goods that they can then sell for cash.  Ironically, much of the fraudulent credit card use is going on at Apple stores.

The flaw is in the process by which a credit card is tied to the Apple Pay system.  Credit cards are added to Apple Pay when the credit card issuing bank electronically sends to the customer’s smartphone an encrypted version of the credit card.  The bank does this only after confirming that the person requesting their card be added to their phone is the legitimate card owner and this is where the problem is found.  Some banks are merely approving the request to add a credit card to a particular phone without confirming the identity of the person making the request while other banks require that the customer confirm his or her identity merely by providing the final four digits of the customer’s Social Security number.  Identity thieves who are able to obtain both the Social Security number and credit card number of their victims, which is not particularly difficult in many instances, are then able to get the stolen cards tied to the identity thief’s phone and the fraud begins.

TIPS

There is not much that we as consumers can do to totally stop this kind of fraud, but there definitely are steps you can take to reduce your chances of becoming a victim of this type of fraud.  First and foremost, we should all do our best to protect the physical security of our credit cards.  You should also not leave your credit card on record when shopping online at a store which you regularly frequent because this makes you susceptible to identity theft in the event of a data breach at that vendor.  In addition, you should limit, as much as possible, the places that have your Social Security number because you are only as secure as the places with the worst security that hold your personal information.  Many companies still ask for your Social Security number as an identifier and you should refuse to provide this whenever possible.  Finally, if you are going to use Apple Pay, you should confirm with your card issuing bank that they use strong verification procedures when authorizing your cards use through Apple Pay.

Leave a Reply

Your email address will not be published. Required fields are marked *