It was only a matter of time before someone found a flaw in Apple Pay. Even if it’s one that’s not technically in Apple Pay.
Hey, if it can be somehow remotely tied to Apple Pay, it’s a flaw in Apple Pay, OK?
Writing for the LA Times, Michael Hiltzik declares “So much for the claim that Apple Pay would be ‘secure'” (tip o’ the antlers to Andrew Stack)
Apple Pay not secure?! Stop the presses! Literally, because we actually still print this crap out.
One of Apple’s big selling points — perhaps the biggest — for Apple Pay was that this sharp new payment-processing system it unveiled last September would be all but immune from fraud.
We observed that although the iPhones carrying the Apple Pay app might be as secure as the company claimed, “the risk will reside somewhere.”
We told you so.
In other words, we told you that Apple Pay would be secure. And it is. What we didn’t tell you is that our headlines are written by angry howler monkeys. Who can read and write but never read or attempt to comprehend the articles.
They’re jerks, basically.
Reports have surfaced over the last week that fraudsters have found the soft underbelly of Apple Pay — as one would expect — and are exploiting it gleefully, with one security expert estimating the fraud rate at a stupendous $6 per $100 of transactions.
The soft underbelly of Apple Pay that is not in Apple Pay itself but is basically just stealing credit card numbers the old fashioned way, but you wouldn’t have read this story if we had just said that so, well… here we are.
And there’s no way this guy’s estimate could be off because he’s an expert. Experts are never wrong about anything ever.
Fraud rings are simply adding stolen credit card numbers to Apple Pay accounts, then buying merchandise using iPhones provisioned with the stolen numbers.
What is the sound of one table flipping? The Macalope does not know for he has flipped every table.
So, the “vulnerability” is that is doesn’t fix inherent vulnerabilities in the existing credit card system. And it’s not like the thieves could use the already stolen credit card numbers outside of Apple Pay to buy things oh, wait, they totally could.
Let’s take a journey through the dark, tortured soul of Hiltzik’s example exploit of this “vulnerability”.
A criminal who acquired stolen Target credit card numbers through a massive hack of that retail chain’s data system in 2013 could use them via Apple Pay to buy merchandise from, well, Target. (The chain allows Apple Pay purchases online, though not at its stores.)
You know what else Target allows you to use to make purchases online? Credit cards.
Hiltzik’s imaginary villain: “I should like to acquire goods without, in fact, paying for said goods! I have stolen a credit card which I could just use directly to buy stuff on the site of this major retailer, however, I believe I shall put it into Apple Pay first because… I simply love technology? Honestly, my character and motivations are very thinly defined.”
Does Apple deserve some blame for the use of fraudulent credit cards on its system? The answer is yes. The company left it to the banks to determine when they wished to require additional verification, and by what means, before greenlighting a card for Apple Pay.
So, who deserves the blame again? The customers don’t pay for these fraudulent purchase and Apple doesn’t pay for them. The banks do. Someone done screwed up. If it didn’t occur to them that stolen cards could be added to Apple Pay if they weren’t validated or if they jumped the gun on getting their validation process set up, that’s on them. Sorry Apple didn’t pick up the slack but that doesn’t make Apple Pay “vulnerable” to already stolen credit cards.
Sorry, but not really that sorry.