Fraud cases across three prefectures involving Apple Pay exploit loophole: Sources — The Mainichi — “Multiple fraud cases involving stolen credit card information via Apple’s iPhone payment system ‘Apple Pay’ occurred across Osaka, Kyoto and Saitama prefectures in late March this year, investigative sources have revealed… Apple Japan said it had confirmed the Saitama cases, and a source disclosed that after the incidents occurred, Apple reportedly gathered credit card issuing companies together and warned them to exercise caution.”
- Lloyds to let customers set own contactless transaction limit
- Emirates NBD records 34m contactless transactions during eight-week rewards programme
- Monzo lets customers link virtual debit cards to funds ring fenced for specific types of expenditure
- CBA: 80% of digital wallet payments in Australia made from Apple devices
- Aldi tests checkout-free technology at London store
This article is more than four years old
One comment on this article
Comments are closed.
As best I can tell the issuer is sending a one time password to the phone of record of their customer. They are being duped into changing that number from that of their customer to that of the perpetrators. We have also seen cases in which telcos have been duped into changing the association between a phone number and a SIM or device.
To the extent that we rely upon text to phone for a control, we better be very careful about enrolling and changing those phone numbers. Consumers can help by ensuring that the numbers in their profiles are correct and that they are receiving the traffic intended for them.
Note that postal mail and e-mail may be vulnerable to the same kind of attack.