Apple fans around the world are excited about the debut of the Watch on Monday, and one of the company’s big pushes is to expand its Apple Pay program. If the Apple Watch takes off, it could be a boon for those who traffic in credit card fraud and exploit banks’ lax enforcement.
Apple rolled out its Pay program when the iPhone 6 debuted last fall, and there have already been early reports of credit card fraud. One source familiar with the matter told the Wall Street Journal that about 80 percent of Apply Pay’s fraud purchases were big-ticket items in Apple stores themselves. This is in part because fraudsters can more easily sell items from there than they can at Whole Foods or Panera Bread, the other big early adopters of the Pay program.
The Apple Watch will also have the pay feature, and is expected to exacerbate fraud problems in part because the the Watch will be cheaper than an iPhone. While the starting price of $349 is expensive compared to other watches, it’s actually much cheaper than the starting price for an out-of-the-box iPhone that isn’t subsidized by a cell phone contract.
The way Apple Pay fraud usually works has less to do with the security of the program itself than how fraudsters are using it; they generally buy new Apple devices with the Pay feature, then load stolen credit card data onto them. This stolen data comes from hacks to merchants’ pay systems like Target, Home Depot, and others. Because Apple Pay’s verification system varies from bank to bank, and it’s often up to the bank to decide whether a charge is fraudulent, that can mean some banks that take extra precautions see very little fraud and others who take fewer steps see a lot.
Apple is aware of these issues, and has responded to early questions about fraud: “Apple Pay is designed to be extremely secure and protect a user’s personal information,” an Apple spokesperson told technology website iMore. “During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”
Of course, Apple Pay isn’t the only digital payment system susceptible to fraud. The popular Venmo payment program also received criticism for security flaws, and one user reportedly had over $2,000 stolen from his bank account through the service. The company later apologized and laid out options for users to take steps to tighten their own security. “I want to assure you we are continuously improving product and security measures,” Michael Vaughan, Venmo’s general manager, pointed out on the company’s blog.
Credit card fraud is a booming industry. An estimated $11.3 billion in U.S. credit card fraud was reported in 2012, a 15 percent increase over the previous year. Nearly half, or 42 percent, of all Americans have experienced some form of credit card fraud. An estimate from Business Insider found that even though U.S. payments only made up about 23 percent of global credit card sales, they make up about 47 percent of credit card fraud.
Much of this is attributed to the fact that most American credit cards use only magnetic strip technology rather than the chip-and-PIN technology found in many other countries. Such technology, which embeds a metal chip in the card and asks users to input a personal identification number, has reduced credit card fraud in Europe by 65 percent in a decade, according to one estimate. The U.S. is slowly switching over to this system starting this year, but the change will cost billions of dollars and take many years.
Of course, there are about 115 million American households that are too poor to even have a checking or savings account to use Apple Pay in the first place. These households are also disproportionately headed by people of color, with about 20 percent of African-Americans and Hispanics shut out of the banking system.