One of the reasons why everyone is getting on board Apple Pay is the big improvement in terms of security that the apple company’s payment platform represents compared to traditional magnetic stripe credit cards, so popular even across the pond.
However, Host Card Emulation (HCE) expert Cherian Abraham claims that the very person who is being the Achilles’ heel of Apple Pay when it comes to fighting card fraud by making things even easier for criminals is none other than banks. No, there is no problem with Touch ID authentication, the NFC protocol or the Secure Element of the A6 chip. It all starts the moment we add a card to our iPhone 6…
Apple Pay captures the card details with the camera and sends a request to our bank to confirm that we are indeed the rightful holder of the card. This is called the “Yellow Path” , a verification that was initially optional but that Apple made mandatory one month before the launch when it detected that banks were not taking this step seriously enough and could find people adding other people’s cards to use as their own.
Until now, those who wanted to take advantage of the system had to buy a stolen credit card number along with their personal data and take the trouble to physically forge a card in order to pay with it. As you can see, with Apple Pay the plastic is not necessary, you just have to enter the data manually and that’s it, you can pay without any problem with your phone.
One of the advantages for users of Apple’s payment system is that we don’t have to show our real card or any other identification to buy anything. We bring the phone close to the reader and put our finger on the fingerprint sensor of the start button. But of course, to avoid the previous scenario, the bank must perform a verification task the first time we add a card, a task that according to Cherian is not being performed with enough caution .
Criminals buy stolen identities along with credit card information and convince both automated systems and manual checks to make them believe they are a legitimate customer.
It’s the same old story, every system always fails because of the weakest link. Each bank uses a different system to verify our identity and enable their cards on Apple Pay, some through a phone call, others through email… many had to build these mechanisms in a hurry because of Apple’s last minute change by making its “Yellow Path” mandatory but the question is: How could these banks possibly think it was a good idea to skip verification?
Meanwhile, in Europe the new service is expected to land with Visa across the UK and expand across the continent this year . Let’s hope that we on the old continent will be a little more cautious and take advantage of other people’s mistakes to make things a little better.