Experts: Cardholder Authentication Key to Stemming Apple Pay Fraud (March 9, 2015)
The Wall Street Journal reported last week that fraudsters were exploiting stolen credit card data to set up fake Apple Pay accounts and buying big-ticket items in Apple’s own stores and other retail outlets. Experts suggest that the problem—and the solution—lies in how banks authenticate cardholders when they add payment cards to the Apple Pay wallet.
“Issuers need to be particularly diligent about how they authenticate a cardholder when provisioning a new card to Apple Pay,” notes Lee Manfred, a partner with First Annapolis Consulting. “We see tremendous variation in how issuers authenticate customers and some of the less rigorous processes may need to be enhanced.”
More rigorous authentication options issuers could employ include:
- Sending a one-time authorization code via email or text to a registered Apple Pay user’s email address or mobile phone number;
- Adding security questions prospective Apple Pay users must answer to verify a new account;
- Requiring cards to be used for at least one in-store purchase before allowing them into Apple Pay; or
- Requiring the Apple Pay user to call the bank’s customer service number to add a new card to the account.
Rick Oglesby, a senior analyst with Double Diamond Group, ponders whether robust fraud controls will get in the way of the easy and seamless setup, which is one of the reasons Apple Pay has been a hit. But, Cheryl Slipski, executive vice president and general counsel at Ubiquity Global Services, contends that consumers are unlikely to be deterred by the need to comply with banks’ more-stringent card-verification methods to participate in Apple Pay. “Consumers understand why these additional measures are required,” she tells Paybefore. “While I agree quick and seamless is important in the early days for adoption, I believe that as a payment service matures, consumers understand why more in the way of verification is required.”
The fraud-related publicity is a setback for Apple Pay’s image, but it’s unlikely to undermine the service’s success or cause issuers to delay their participation, Manfred adds.
Double Diamond’s Oglesby believes the incident plays in PayPal’s favor. “PayPal’s value in these mobile wallets just went up,” he says, explaining that a pre-existing purchase history, like that which PayPal has for millions of users, will become a key advantage in enrolling new customers in any new mobile wallet.
Separately, Apple Inc. today announced details of its long-awaited Apple Watch, which supports Apple Pay. The watch, available for pre-order April 10, rolls out to consumers in nine countries on April 24, with prices ranging from $349 for a basic model to $10,000 for a gold version. During a keynote presentation at Apple headquarters today, executives demonstrated how a user can pay for groceries using the watch, which emits a pulse and a tone signaling it’s ready to pay when placed near an NFC-enabled POS terminal. More than 2,500 banks have signed up to support Apple Pay and the service is available at more than 700,000 retail locations, according to Apple CEO Tim Cook.
See related stories: