Apple Pay itself should, in theory, cut down on fraud because it makes stealing credit card information almost impossible. Each time a transaction takes place, Apple generates the equivalent of a new credit card number so the merchant never actually sees a customer’s information.
The vulnerability in Apple Pay is in the way that it – and card issuers – “onboard” new credit cards into the system. Because Apple wanted its system to have the simplicity for which it has become famous and wanted to make the sign-up process “frictionless”, the company required little beyond basic credit card information about a user. Nor did it provide much information to the banks, like full phone numbers and addresses, that might help them detect fraud early.
The banks, desperate to become their customers’ default card on Apple Pay – most add only one to their iPhones – did little to build their own defenses or to push Apple to provide more detailed information about its customers. Some bank executives acknowledged that they were were so scared of Apple that they didn’t speak up. The banks didn’t press the company for fear that they would not be included among the initial issuers on Apple Pay.
It seems the Apple Pay fraud is a bit more complex than it just being the banks’ fault. This is what happens when one company becomes so big and dominant that everyone else dances to their tunes. We’ve seen it before in technology, and it seems we are entirely unwilling to learn.
In any case, letting a secretive, closed technology company take care of my payments seems like an incredibly stupid thing to do. I much prefer our banks to handle it – they’re shady, too, of course, but at least here in The Netherlands, there are at least a lot of government and media eyes focussed on them, and they have far stricter laws and regulations to adhere to than a random technology company.