There were a lot of major retail hacks last year, and that trend doesn't appear to be stopping anytime soon. So, what are hackers doing with all those stolen credit card numbers? It looks like some of them are using Apple's popular Apple Pay feature to store the numbers and buy stuff.
Apple Pay makes it too easy for bad guys to add stolen credit card numbers to their gadgets. But, it might not be Apple's fault. According to payment expert Cherian Abraham, participating banks haven't perfected their credit card authorization techniques and it's allowing hackers to use stolen cards.
However, the weakness identified by Abraham occurs at an earlier stage, when a user is adding a credit card to Apple Pay. When a user adds a card, Apple says it sends information such as the type of phone, the last four digits of the user’s phone number and the user’s general location to the issuing bank, which decides whether to provision the card for Apple Pay.
The problem is banks aren't always doing their best to verify the card owner's identity before authorizing the card's use on Apple Pay. Banks can ask for additional information, but that doesn't always help. In some cases, the banks ask for the user's Social Security number, but that won't always work because hackers often have access to that information.
Banks partnering with Apple Pay have to juggle security and efficiency. They want to make it easy for their customers to sign up and use the service, but they also need to do a better job focusing on verifying credit card numbers, because fraud is a major issue.
Card issuers have been eager to join Apple Pay, and it’s possible that some didn’t provide enough training to customer-service representatives who handle authentication questions, one of the people familiar with the matter said.
Fraud can make up around 6% of purchases on Apple Pay. Fraud only accounts for roughly 0.1% of swiped credit card purchases. And, Apple likely isn't alone. Abraham said that other similar payment methods could be open to this type of fraudulent activity.
Apple Pay has plenty of security steps in place to protect the credit cards you store on your own gadget. Apple uses an iPhone's fingerprint scanner to make sure no one else can access your data. It even encrypts all of your payment information and stores it securely and separate from the rest of the data on your phone.