Identity thieves have found a route around Apple Pay's tokenisation and biometric security and banks are concerned, according to a leading security blogger.Writing on his blog, Cherian Abraham, a mobile-payments specialist who is a consultant to US finance groups, has said that customer account takeover is a weak point that is leading to fraud.Puiblicised in a Guardian report, the vulnerability is created when criminals set up new iPhones with stolen personal information, and then call banks to “provision” the victim's card on the phone to use it to buy goods.”At this point, every issuer [bank] in Apple Pay has seen significant ongoing provisioning fraud via customer account takeover,” said Abraham.Abraham said that organised gangs are calling the bank's call centre themselves to alert them to fake trips outside of normal location areas, so fraud barriers aren't triggered.”Prepaid cards unsurprisingly are a tool of choice as they can be quickly converted to cash or goods – and subsequently, untraceable. What was surprising to hear was how many times Apple stores themselves popped up as the store of choice for the fraudster – and yet unsurprising, due to its nature as a luxury retailer.”The blogger takes aim at both banks' and Apple's approach to dealing with fraud:”While we are trying to plug these significant gapsߪ Let's not pretend the whole wall to be secure; because somewhere is taller.”
Identity thieves exploiting Apple Pay security gap: Report
