March 10, 2015

'Digital ID' for Mobile Purchases Using Apple Pay, Google Wallet, CurrentC

Banks Changing Apple Pay Procedures After Fraud, Consultants Say

March 6, 2015

NewsMax - Some banks have begun to make changes in how they activate customers’ credit-card accounts to use Apple Inc.’s new mobile-payment system after reports of fraudulent transactions, according to industry consultants.

The effort is an attempt to thwart criminals who have been typing stolen credit-card numbers into Apple Pay and trying to make purchases with their iPhones.

The breaches follow Apple’s October introduction of the service, which lets owners of the new iPhone 6 and 6 Plus load their credit and bank cards on their smartphones and use them to make purchases at cash registers equipped with a proper wireless connections.

“This is a black eye that needs to heal through improved authentication procedures,” said Richard Crone, chief executive officer of Crone Consulting LLC.
Some banks are now requiring users to call them to activate Apple Pay, to ensure that their identities haven’t been stolen, he said.
“It comes down to making sure that the data that is being provisioned to a device is to a device of a cardholder,” said Al Pascual, director of fraud and research at Javelin Strategy & Research, who also was aware of some banks making changes to their activations. 
Major banks and credit-card companies teamed up with Apple to develop Apple Pay, which uses the world’s largest payment networks’ tokenization products, a system that replaces some account information with a digital ID for online and mobile purchases.
“Apple Pay is designed to be extremely secure and protect a user’s personal information,” the company said Thursday in an e-mailed statement.
New Products

Apple Pay is one of several new services being introduced by the Cupertino, California-based technology company as it looks to encompass more of its users’ digital lives.

The mobile payment market is expected to rise to $142 billion in 2018 from $52 billion last year, according to Forrester Research.

Banks, such as First Tech Federal Credit Union, have seen fraudulent transactions since introducing Apple Pay.
“There’s still some ability to have some fraud on a transaction, we are seeing a little bit of that,” said Terry Rodrick, vice president of cards and payments at the credit union, which serves 387,000 people.
Some issuers have found as much as 8 percent of Apple Pay transactions to be fraudulent, compared with 0.1 percent on traditional payments cards, Julie Conroy, an analyst at Aite Group, said in an interview. Card issuers have had to absorb the losses.

Apple Pay rival CurrentC has been hacked.

CurrentC, the merchant's answer to NFC payment systems, has been hacked during its pilot program.

December 29, 2014

CNN Money - The mobile payments app -- which isn't even officially out yet -- was created for the sole purpose of getting stores away from credit card fees they pay every time you swipe your card.

CurrentC partners CVS and Rite Aid made news earlier in the week for boycotting tap-to-pay technologies like Apple Pay and Google Wallet in favor of their own flavor of mobile payments.

On Wednesday, those taking part in the CurrentC pilot program received a warning from the consortium of anti-credit-card retailers called MCX, or Merchant Consumer Exchange: The program was hacked in the last 36 hours, and criminals managed to grab the email addresses of anyone who signed up for the program.
MCX confirmed the hack, adding what's become a go-to line for any company that loses your data: "We take the security of our users' information extremely seriously."

It's a rough start for an app that aims to be a competitor to Apple Pay and Google Wallet.

CurrentC has also come under recent scrutiny because of the data it collects on customers. A close look at the app's privacy policy reveals that signing up will require your "driver's license number, Social Security number, date of birth" and more "to authenticate your identity." The CurrentC app promises it doesn't use such information "for marketing purposes."

But MCX is free to share with marketers and other companies the rest of the data it collects: your name, home address, email, phone number and actual location at all times. Aside from payments, the app will also deliver coupons and help stores better track shoppers to target them for advertisements.

Apple doesn't ask for your Social Security number. Google does. But that information is not passed on to retailers. MCX is itself a consortium of retailers.

This latest episode will give CurrentC critics -- who cite Apple Pay as better, safer technology -- even more ammunition. In an FAQ page, MCX claims "consumers' privacy and data security are our top priorities." This hack disproves that notion.

Cherian Abraham, a mobile payments expert, said this CurrentC hack is unfortunate but isn't reflective of the security of the actual app itself. But it still doesn't stack up to Apple Pay.
"Nothing comes close to the security apparatus Apple has created," Abraham said.

No comments:

Post a Comment