Apple Pay Not As Safe As Apple Claims

It’s no secret that Apple has dominated the mobile wallet market since the release of the Apple Pay app in October 2014. Apple Pay had a winning selling point. As previously reported by the Inquisitr, the primary reason Apple Pay has performed so well in comparison to Paypal and Square is customer’s perception that Apple Pay is a more secure option than its competitors. Apple Pay’s security is the narrative on which Apple based their marketing strategy.

At the September 2014 launch event, Apple executive Eddy Cue summed up Apple Pay with a catchy phrase, “It’s easy, it’s secure, and it’s private.”

Now it seems that perception is far from reality.

The Los Angeles Times reports that cyber fraud has hit Apple Pay. One security expert estimates that the Apple Pay fraud rate may be as high as $6 per $100 of transactions. According to the Los Angeles Times, the interactions between consumers and retailers are secure chiefly because consumer credit card information doesn’t pass to the retailer. The breaches are happening when consumers add credit cards to their Apple Pay accounts. When a credit card is added to an Apple Pay account, it must be verified, but Apple assigns that responsibility to the bank who issued the card. Apple calls this process “provisioning,” and it’s where the process fails.

According to the report, banks typically complete Apple Pay provisioning by asking customers for personal information. The information is designed to be easily provided, so honest consumers aren’t bogged down by the process. Sometimes, however, the information is so easily provided that cyber thieves already have access to it. After answering a few simple questions, a cyber thief could easily create an account with a stolen credit card and shop at any of Apple’s many Apple Pay retail partners.

So while data is safe at the moment a consumer uses Apple Pay at a retailer, their information may still be stolen from another store and used to create a fraudulent Apple Pay account. Several major retail outlets, including Target, Neimen Marcus, P.F. Chang’s China Bistro, Home Depot, and Goodwill, announced in 2014 that their systems had been hacked and consumer credit and debit information compromised. Hackers brought down Xbox Live and the Playstation Network over Christmas with a DDoS attack they claimed was designed to draw attention to the poor security of both systems. A major hacking scandal essentially shut down Sony Picture Entertainment in December 2014.

For now, and the foreseeable future, the safest option is still cash.