Earlier this week, a February blog post by mobile payments consultant Cherian Abraham captured the attention of the media and set off a flurry of articles about rampant fraud on Apple Pay. But despite headlines declaring that Apple Pay sees 60 times more fraud than magnetic stripe credit cards, the details are a bit more nuanced. It turns out that Apple Pay as a platform appears quite secure—it hasn’t yet seen any man-in-the-middle or other hacking attacks (that we know of) that could result in the loss of thousands of credit card numbers, like the Target breach did. But Apple Pay as a service, offered to customers in conjunction with bank issuers, might be struggling to keep up with the persistence of identity thieves.
Abraham, who works as an adviser to SimplyTapp, a company that builds Host Card Emulation technology for devices using Android, says identity thieves are buying iPhones with stolen credit card information and then loading them with that stolen credit card information. Because the fraudster's iPhone is so new, Abraham argues, there’s very little detail that Apple can send to the banks to help them verify who the user is and if that card information is fraudulent.
Abraham writes (emphasis his):