Fraud cases across three prefectures involving Apple Pay exploit loophole: Sources — The Mainichi — “Multiple fraud cases involving stolen credit card information via Apple’s iPhone payment system ‘Apple Pay’ occurred across Osaka, Kyoto and Saitama prefectures in late March this year, investigative sources have revealed… Apple Japan said it had confirmed the Saitama cases, and a source disclosed that after the incidents occurred, Apple reportedly gathered credit card issuing companies together and warned them to exercise caution.”
- Crédit Agricole issues biometric payment cards in France
- Amazon expands pay by palm technology to Whole Foods Market store
- Apple lets US families build credit by sharing Apple Card accounts
- German savings banks roll out contactless card acceptance on standard NFC phones
- UK Treasury and Bank of England launch CBDC taskforce to explore digital currency options
This article is more than three years old
One comment on this article
Comments are closed.
As best I can tell the issuer is sending a one time password to the phone of record of their customer. They are being duped into changing that number from that of their customer to that of the perpetrators. We have also seen cases in which telcos have been duped into changing the association between a phone number and a SIM or device.
To the extent that we rely upon text to phone for a control, we better be very careful about enrolling and changing those phone numbers. Consumers can help by ensuring that the numbers in their profiles are correct and that they are receiving the traffic intended for them.
Note that postal mail and e-mail may be vulnerable to the same kind of attack.