It apparently hasn’t taken very long for scammers to figure out ways to commit fraud with Apple Pay. The Guardian’s Charles Arthur writes that some banks are “scrambling” to fix Apple Pay-related problems on their end that have allowed criminals to use the platform to buy goods with stolen identities and credit card information.
“The crooks have not broken the secure encryption around Apple Pay’s fingerprint-activated wireless payment mechanism,” Arthur writes. “Instead, they are setting up new iPhones with stolen personal information, and then calling banks to ‘provision’ the victim’s card on the phone to use it to buy goods. Criminals with the stolen IDs are understood to have targeted Apple Stores in particular because they both accept Apple Pay and offer high-value items, which can then be sold on for cash.”
iMore’s Rene Ritchie, however, writes that “there’s absolutely no way banks have been ‘caught by surprise’ by any of this” since “these are the same old social engineering attacks being used in the same old way.”
Apple, for its part, tells The Guardian that this is really a problem on the banks’ end since “during setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay.”
Given this, it really is the banks’ responsibility to make sure they aren’t approving fraudulent cards for Apple Pay. We’ll be interested to see how banks crack down on these kinds of practices moving forward, although we’re sure that scammers will figure out new ways to buy things with stolen credit card information even if their methods for using Apple Pay are blocked.