As I suggested in my previous blog post on this topic, Apple Pay is nothing more than institutionalized card cloning. The only barrier standing between a fraudster loading your credit card onto their mobile phone, as opposed to your doing so, is a concept called “identity proofing.”
Every time a new credit card is linked to Apple Pay on a mobile device, the card number is sent off to one of the payment networks and exchanged for a “token,” which will be used in lieu of the card number for transactions in the future. Before this exchange can take place, a real-time call is made to the bank that issued the card to request its permission to do so. It’s at this step that many card issuers flounder.