MSE News: 'Apple Pay' launches in UK today: Here's how it works

NFH

bestyman wrote: »

But I always use my PIN number at the ATM machine.

Lots of people likewise request a "PAC code" when they want to switch mobile networks.

MagWag

Hummm...well I have never owned an Apple phone of any description, but today I appear to have been making payments with one from my bank account...or so the bank told me, by text. They wanted to know if it was me doing this...I told them it was not!

The debit card for the account in question is not much used ...only twice in fact to make payments - once in a shop and once online. It has only been used in ATM's a couple of times, so hopefully the fraud prevention people will find it useful to track down the criminals.

It does make me concerned about how a thief can get someone else's card details and convince a bank to enable a phone, not belonging to the cardholder! To the best of my knowledge the card has never been out of my sight/possession and I run up to date anti-virus software on my computer. I do not open phishing email attachments and the like. Looking online it seems that there has been a lot of this type of fraud in the USA since Apple pay started, so I hope UK banks get better security checks in place soon!

http://www.theregister.co.uk/2015/03/03/apple_pay_plastic_fraud/

d123

MagWag wrote: »

Hummm...well I have never owned an Apple phone of any description, but today I appear to have been making payments with one from my bank account...or so the bank told me, by text. They wanted to know if it was me doing this...I told them it was not!

The debit card for the account in question is not much used ...only twice in fact to make payments - once in a shop and once online. It has only been used in ATM's a couple of times, so hopefully the fraud prevention people will find it useful to track down the criminals.

It does make me concerned about how a thief can get someone else's card details and convince a bank to enable a phone, not belonging to the cardholder! To the best of my knowledge the card has never been out of my sight/possession and I run up to date anti-virus software on my computer. I do not open phishing email attachments and the like. Looking online it seems that there has been a lot of this type of fraud in the USA since Apple pay started, so I hope UK banks get better security checks in place soon!

http://www.theregister.co.uk/2015/03/03/apple_pay_plastic_fraud/

You've given your info to someone (or allowed someone to steal it) at some stage, the story makes it quite plain the problem lies with customers losing info and banks being lax with verification checks.

"The crooks have not broken the secure encryption around Apple Pay’s fingerprint-activated wireless payment mechanism. Instead, they are setting up new iPhones with stolen personal information, and then calling banks to 'provision' the victim’s card on the phone to use it to buy goods," Arthur wrote in the pages of The Guardian.

It is lax customer verification controls by banks rather than any inherent security weaknesses with Apply Pay that is creating a boon for ID fraudsters, Apple Insider notes.

Who do you bank with? Halifax use a phone call to verify ApplePay activation, so it's impossible to register a card without having the phone registered to your account with you to complete the registration.

MagWag

Hi Dave,

Yes, the weakness lies with the bank security checks, but Apple pay is making it easier for criminals to use stolen account details. My bank contacted me to ask about transactions made/attempted earlier in the day. I don't want to name the bank, but the fraud prevention people I talked to thought that because the card was so little used it would be especially helpful for tracking down the fraudsters.

The card was only ever used in an ATM a couple of times to check the balance and change the PIN and for two purchases; one from a large online retailer and the other in a shop (a large chain). I did not 'allow' anyone to steal my card details, but someone has them, through no fault of mine as far as I can see!

The bank fraud people thought it could possibly be through an ATM or because one of the shops had had their records hacked. I think it is the latter, and is most likely to be the online retailer because the shop did not have the security number (unless the shop assistant managed record it).

The bank were quick to spot the rogue transaction; the first two were small and were authorised, the larger (at an Apple kiosk) was larger and declined. They are going to refund the amounts involved, but I am still wondering how someone could fraudulently link a card to a phone that was not mine?

I have used two cards with the online retailer I mentioned, the other one is issued by a bank that has not yet rolled out Apple pay, but hopefully when they do they will have better security in place...I shall be watching that account very carefully!

d123

MagWag wrote: »

The bank fraud people thought it could possibly be through an ATM or because one of the shops had had their records hacked. I think it is the latter, and is most likely to be the online retailer because the shop did not have the security number (unless the shop assistant managed record it).

The CVV number isn't captured by an ATM or online transaction so it couldn't have been either (unless you used a fake storefront to carry out the transaction and they captured the details between you and the genuine site). Did you hand your card to the shop assistant? If so, why? That's the only reasonable assumption that they were skimming cards and noted your CVV.

You can't register a card to ApplePay without the CVV.

MagWag wrote: »

The bank were quick to spot the rogue transaction; the first two were small and were authorised, the larger (at an Apple kiosk)

Just out of curiosity, what's an Apple kiosk?

diamonds

Here is how it works, spend £500-600 to do something your free debit or credit card does, wait.....FREE!

20aday

MagWag wrote: »

Hummm...well I have never owned an Apple phone of any description, but today I appear to have been making payments with one from my bank account...or so the bank told me, by text. They wanted to know if it was me doing this...I told them it was not!

The debit card for the account in question is not much used ...only twice in fact to make payments - once in a shop and once online. It has only been used in ATM's a couple of times, so hopefully the fraud prevention people will find it useful to track down the criminals.

It does make me concerned about how a thief can get someone else's card details and convince a bank to enable a phone, not belonging to the cardholder! To the best of my knowledge the card has never been out of my sight/possession and I run up to date anti-virus software on my computer. I do not open phishing email attachments and the like. Looking online it seems that there has been a lot of this type of fraud in the USA since Apple pay started, so I hope UK banks get better security checks in place soon!

http://www.theregister.co.uk/2015/03/03/apple_pay_plastic_fraud/

In my experience of Apple Pay whenever I've registered a credit/debit card to a qualifying device I've had to verify my identity in the form of a phone call/SMS code.

As you don't own any form of Apple product to conduct such transactions I'm very surprised your bank allowed the (fraudulent) card to be added to the criminal's phone!