Strong security of Apple Pay exposes weakness in banking system
The security built into Apple Pay is so resistant to tampering, reports the UK newpaper The Guardian, that criminals are focusing more than ever on traditional bank weaknesses surrounding common fraud and identity theft techniques, exploiting the lax identity requirements some banks employ for users who are adding credit cards to Passbook, which stores the data so that Apple Pay can later utilize it. So far, the fraud has racked up millions of dollars from stolen credit cards added to Apple Pay.
Some banks, it has been discovered, immediately accept cards added by a user with no verification process -- what the newspaper refers to as a "green path" -- while some use information gathered by Apple at the time of the card being added --such as the identity of the device being used to add the card, the device's location, and some information about how long the user has been an iTunes customer and whether they've been an active purchaser. This information is only available to the banks during the card-addition process. Some banks, however, are not stringent about checking the identity of the user adding the (often stolen) credit card.
