Fraud with Apple Pay rampant, What is the way of surprise that I did not expect it?

Settlement service which Apple started in October 2014 "Apple Pay"Is a system that allows you to securely pay credit with one touch in conjunction with Touch ID of fingerprint authentication, but new fraud using Apple Pay in the US is increasing.

Apple Pay: a new frontier for scammers | Technology | The Guardian
http://www.theguardian.com/technology/2015/mar/02/apple-pay-mobile-payment-system-scammers

Apple Pay is a service that registers credit cards and debit cards of banks for the same service and makes payment, users can make one-touch payment with iPhone's Touch ID or pay using a dedicated application became.


To use this service, you first need to register card information on the device that owns it. Apple encrypts the registered card information and the data on the iTunes account of the registrant and the owning device and sends it to the bank or card company. The bank checks the data sent from Apple and approves the registration.

When encrypting the card information of a registered user and sending it to the bank, Apple classifies the user's reliability into two types, green and yellow. The bank that received the data from Apple approves the application if the reliability is green, checks whether the credit is yellow if the reliability is yellow, approves the application, registration is completed.


This is a rough flow when you register with Apple Pay, but the card number registered in the device is replaced with a different number called "token" and it is stored, and in the case of the settlement procedure it is A token is used without it. In other words, even if the card information leaks, Apple Pay uses the token, so you can not shop with leaked card information.

What was aimed for by the fraud rampant is the authentication procedure done by the bank or the card company when registering the card information in the device. In the case where it is judged that "identity verification is necessary" in the authentication procedure, the method of confirmation by the bank or the card company may be confirmed by phone or e-mail, the last 4 digits of the social security number and the application You may also be asked to log in. In other words, there is a possibility that if you have someone else's card information or personal information, you can register another person's credit card in the device.

ByHenry chilcott

The problem is how to obtain card information and personal information of others, but it is easy to obtain by fraudsters belonging to the criminal group. Even if credit cards can be registered on the device, they can shop at Apple Pay compatible shops and Apple Store and cash products they purchase.

Many of the scams are occurring in the Apple Store that supports Apple Pay and sells expensive products. Early response is required before the damage increases.