There have been numerous news of theft concerning Apple Pay. The vulnerable elements in the Pay process have been exploited by criminals, fake identities and credit card thieves, putting the matter to a much serious notation. However, there is no loophole in the encryption process by Apple, fraudulent issues arise when criminals and the guilty exploit a narrow path in the verification process. The stolen credit card numbers are being used to create fake Apple Pay ID's which is first reported by The Guardian and the sources which are insightful with the situation.
The fault has more to with banking industry than Apple because the vulnerabilities are breached in the verification process. There are no proofs of the verification of credit card numbers to belong to the card holder. However, the frauds are not as widespread as the reports suggest but a question arises whether banks have any control over the issue?
Its More To Do With The Banking Industry Than Mobile Payment System
When the card number is encrypted and sent to the bank for verification along with other purchase history like iTunes, some banks have the ability to cross check the person, but other banks pass the 'green path' process without authentication. This is where the fraud arises and criminals seem to take advantage of it. According to Apple iOS Security Guide, it emphasizes the loophole in this manner,
''A bank can decide whether a credit or debit card requires additional verification. Depending on what is offered by the card issuer, the user may be able to choose between different options for additional verification, such as a text message, email, customer service call, or a method in an approved third-party app to complete the verification. ''
Any card can be verified via green path which is enough to get the card authenticated but the next step, 'The Yellow Path', is where the theft occurs. Usually, the yellow path involves customer service call where it asks the last four digits of the social security number. When the criminal steals your identity and credit card information, there's not much required to get to the other side. There's not much required actually, the theft process becomes simple if banks opt customer service calls to fulfill the yellow path process.
Is Apple To Be Blamed?
Apple has gone far enough to secure Apple Pay and designed special elements in recent iPhones that enable quick encryption of secret or private information. iPhone users use the Touch ID to make secure payments so merchants do not see the code credentials. Hence, Banks might need to foresee what future loopholes can be blocked to enable secure payments and transactions.
When transactions and payments are considered, Google's Android appoints the use of SimplyTapp which uses the host card emulation technology so that contact-less transactions can be made. Apple receives 0.15 percent of every transaction from the bank as they convinced the financial institutions that their Apple Pay is much more secure than the traditional methods like credit card swipe.
There are no loopholes from Apple's side however banks need to reconsider their authentication policies and provide a secure verification system to the credit card number and its beholder. This is all for now guys, let us know in the comments if you think there is another major loophole in the verification and how should the vulnerabilities be tackled to prevent criminal activity.