Report: Stolen Credit Card Information Used By Fraudsters To Make Purchases With Apple Pay

A rash in data breaches at national retailers may have led fraudsters to use Apple Pay to make big-ticket purchases with credit card information stolen during national data breaches.

The Wall Street Journal reports that the mobile payment system has recently been hit by a wave of fraudulent transactions involving credit card data stolen from retailers including Target and Home Depot.

While the Apply Pay system hasn’t been breached, the scamsters have input stolen card data into the payment system and then used the information to make purchases without a physical card being present.

According to sources close to the matter, nearly 80% of the unauthorized purchases have been made at Apple’s own store for items with high resale value.

A spokesperson for Apple tells the WSJ that the payment system is “designed to be extremely secure and protect a user’s personal information.”

To use Apple Pay, consumers simply take a photo of their credit card or manually enter their card information. At that point it is up to consumers’ banks to include additional verification steps such as requiring consumers to authorize the service through their online account or call a customer-service representative to complete the set-up.

However, our colleagues at Consumer Reports found back in October, that not all banks use verification processes. In this case a man was able to input his wife’s credit card information and use it with out further verification by the bank.

According to the WSJ, the most recent rash of fraud through Apple Pay has included relatively low-tech means to find vulnerabilities in the verification systems.

As a result banks are tightening their verification processes.

“Our member banks are reacting as quickly as possible to ensure their verification processes are adequate to thwart this new kind of fraud,” David Pommerehn, an executive with the Consumer Bankers Association, which represents lenders that issue credit and debit cards, tells the WSJ.

A spokesperson for PNC Financial Services Group says the company has seen 35 cases of fraud related to use of Apple Pay.

“We have looked at our processes and we believe we have very strong know-your-customer processes in place to prevent any additional cases,” the rep said.

To combat potential fraud some banks have implemented additional authentication methods – including sending a text message to the consumer – when making a purchased through Apple Pay.

“Apple Pay is formidable, but it still sits on a loose foundation,” Richard Crone, an executive for payments-advisory firm Crone Consulting, tells the WSJ.

Apple Pay Stung by Low-Tech Fraudsters [The Wall Street Journal]

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.