A hot and heavy headline at the Wall Street Journal, “Fraud Comes
to Apple Pay,” gives the impression of some kind of security
weakness in Apple’s new payment system, but it’s not justified.
What has happened is that Apple Pay itself is basically
fraud-proof, so fraudsters have turned their attention to the
next weakest link: credit cards before they’re added to an
Apple Pay wallet.
This is classic fraud via social engineering. Criminals use stolen
credit card details (which can easily and cheaply be bought on
sites like Rescator.cm) and then trick banks into allowing them to
be loaded onto an iPhone. Once loaded onto a phone, they can make
purchases until the card is canceled.
Anything to get “Apple” into a headline at the WSJ.