Ever since its launch in 2015, Apple Pay has dominated the mobile contactless payment arena ahead of its nearest competitors which include Samsung Pay, Android Pay and other NFC payment systems offered by high street banks. A recent report by Bloomberg states the service has more than 12 million active users—but are these ‘digital wallets’ safe from fraud?
The Internet of Things (IoT) is dramatically evolving the way consumers use technology, with everything from smart fridges and watches to remotely-controlled heating systems now commonly available. A key part of this new wave of technology is smart payment systems—such as Apple Pay—which have increased the frequency in which people are using a ‘digital wallet’. However, some experts have highlighted the flaws—not in the technology behind Apple Pay but in the way in which the service is being used.
As fraud prevention and digital security firm Easy Solutions highlights: “The primary concern is not the Apple technology itself, but rather the way Apple Pay and banks are verifying payment and authenticating users. For example, an attacker can easily register their phone with another user’s credentials, since Touch ID serves only as a local validation of the fingerprint.”
An article by technology website The Next Web states that fraud accounts for approximately six per cent of all transactions made using Apple Pay, compared with 0.1 per cent of transactions using traditional plastic bank cards. Despite the fact that Apple Pay’s security features—which include fingerprint identification and a tokenisation system—ensure that users card details are never stored or given to a merchant and that the system is secure from sophisticated fraudulent attacks, scammers are using more low-tech techniques to commit crimes.
Fraudsters and criminal gangs may be unable to break the secure encryption around Apple Pay’s fingerprint-activated wireless payment system, but they are instead uploading stolen credit card details onto new iPhones and creating accounts in their victim’s names. Once the banks have verified this information fraudsters have unlimited access to consumers accounts. With Apple Pay transactions in the UK largely limited to £20, it can often be some time before users realise they have been victims of fraud.
American mobile payments specialist Cherian Abraham says, “At this point, every issuer bank in Apple Pay has seen significant on-going provisioning fraud via customer account takeover. In some cases, fraudsters are calling the bank’s call centre themselves to ‘alert them to a trip out of town’ so that fraud rules looking for transaction anomalies—such as a customer living in California and transacting in Miami— do not trip up as fraudulent transactions.”
Much of the recorded fraudulent activity has taken place in the United States where scammers are capitalising on the flaws in poor banking authentication processes. With more than 11.5 million Americans victims of identify fraud every year, it poses a significant threat to the future of NFC mobile payment systems. According to the latest report from research firm First Annapolis there has been a noticeable slow-down in the number of consumers using Apple Pay, with figures showing a 22 per cent decrease since 2015.
Despite this, Apple is pressing ahead and expanding its mobile payment system to enable customers to draw money from ATM’s in the hope it will decrease the risk of people falling victim to other common frauds such as card-skimming and ‘shoulder-surfing’.
Fraudsters will continue to find new ways of accessing private information for their own monetary gain; consumers must remain vigilant to protect themselves from falling victim to such scams. With mobile payments set to exceed $142 billion per year by 2019 many companies are investing in technology to capitalise on this growing market, but as the issues surrounding Apple Pay continue to persist consumers need to be aware that even digital wallets can be picked.