Apple Pay may have overreached it’s “coolness”, by making it easier for credit card fraud to occur within its payment system.
“Payment cards can be added to Apple Pay by taking a photo of the card, and allowing a device to run optical character recognition over the image to fill out the long card number, expiry dates and other details. These numbers can be entered manually, so physical access to a card is not needed.” (The Register)
Because the verification of the identity of the card owner is only based on the last four social security numbers, hackers are finding it easy to sneak in the side door to achieve major theft.
Journalist Charles Arthur reports that total losses are already running into millions of dollars, and are far higher than expected as about two million Americans using the payment system.
“The crooks have not broken the secure encryption around Apple Pay’s fingerprint-activated wireless payment mechanism. Instead, they are setting up new iPhones with stolen personal information, and then calling banks to ‘provision’ the victim’s card on the phone to use it to buy goods,” Arthur wrote in the pages of The Guardian.
So this time, biometrics has been circumvented entirely. No biometric security has been breached; fraudsters are simply using a more basic approach to scamming millions.