Trusted Transactions | Entersekt Blog

Trusted Transactions | Entersekt Blog

Fraud on Apple Pay spikes up to 100 times the industry average

Posted by Christiaan Brand, chief technology officer, Entersekt

Mar 19, 2015 9:30:00 AM

ChristiaanBrandNewWe have all seen the reports about Apple Pay fraud plastered over the Web. Less informed commentators seem to blame Apple, but is this problem really their fault this time?

As I suggested in my previous blog post on this topic, Apple Pay is nothing more than institutionalized card cloning. The only barrier standing between a fraudster loading your credit card onto their mobile phone, as opposed to your doing so, is a concept called “identity proofing.”

Every time a new credit card is linked to Apple Pay on a mobile device, the card number is sent off to one of the payment networks and exchanged for a “token,” which will be used in lieu of the card number for transactions in the future. Before this exchange can take place, a real-time call is made to the bank that issued the card to request its permission to do so. It’s at this step that many card issuers flounder.
Read More

Topics: Apple Pay, Apple

A look at Apple Pay’s SMS OTP and tokenization

Posted by Christiaan Brand, chief technology officer, Entersekt

Dec 11, 2014 4:32:00 PM

ChristiaanBrandNewOn the weekend, I finally had a chance to load my three credit cards into Apple Pay. The process was slick and painless, as you’d expect from Apple: a simple snap of the credit card auto-populated the data on my phone. Only the card security code (three or four digits long) is entered by hand.

Below, I’ll explore the security mechanisms I encountered during the Apple Pay enrollment process, as well those in place for making actual payments.

Enrollment with one-time passwords

One of the inherent risks in any authentication solution is the initial onboarding or identity proofing process. In many deployments, a simple username and password offer greater security than a hardware token does because the identity proofing intended to pair the token with a specific user is not sufficiently rigorous.

Read More

Topics: One-time passwords, Tokenization, Apple Pay, Apple

About Trusted Transactions

Trusted Transactions is Entersekt's blog devoted to keeping our customers, prospects and friends updated with industry news, security threats and technology advances in consumer authentication. We can protect against online banking fraud and account takeovers. Trusted Transactions brings you industry data and insights to help safeguard your online and mobile banking and payments transactions. 

Subscribe to Entersekt's Blog

 

Download white paper: The importance of transaction  signing to banks  

 

Follow Entersekt