During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.
Abraham, in his blog, provided additional details about the process from his insider knowledge: Apple has two paths of approval, "Green Path" and "Yellow Path." If one of several signs on Apple's side are off, such as a recent change to one's Apple ID or no activity on the account for a year, Apple requires banks to use the Yellow Path approach, which is a higher standard of validation. Abraham writes that Green Path enrollments, about 60 percent of the total, have an exceedingly low fraud rate.
With Yellow Path, banks are required to use a higher standard to ensure that the card is being legitimately added to Apple Pay, up to requiring a phone call to a service center, which obtains additional information--and is subject to social engineering. (In activating six cards across four banks, the most I've experienced is a delay of under a day. In some cases, I was surprised to not be asked for more validation.)
This is a similar or identical process that banks go through whether you receive a physical card in the mail, use another mobile payment system, or enroll with Apple Pay. Abraham throws Apple under the bus, which is his prerogative, as he says banks weren't given enough time to ramp up their customer service staff and training, and thus it's clear that representatives are being fooled. As with most things involving Apple, partners (like cellular carriers) plan for low volume, even when the prediction is high. Remember multiple waves of failure with activation servers for iPhones?
So let's be clear. This "Apple Pay fraud":
- Does not put your iPhone at risk.
- Does not affect Apple Pay transactions.
- Does not let your credit cards be siphoned from an iPhone and used elsewhere.
What the fraud truly is? Identity theft involving a hole in bank security procedures that will rapidly close as training and other processes improve.
If you find that one of your credit cards is used fraudulently with Apple Pay, it's because the card number was stolen from a merchant, large (like Target) or small, and then added to an iPhone through identity theft or social engineering. People who never used Apple Pay may find their cards misused, as a result.
Monitor fraud with Apple Pay
We can't control whether our cards are misused with Apple Pay or any mobile or other payment system. That's a problem right now in terms of retailers--brick and mortar as well as online--properly adhering to existing standards set by the major credit-card issuers, like Visa and American Express. But we can add more vigilance without driving ourselves crazy.
Sign up for MIS Asia eNewsletters.