There is a debate about who is to blame for the recent security breaches on Apple Inc. (NASDAQ:AAPL)’s Apple Pay system. Banks have been hit with Apple Pay fraud whereby criminals impersonate users and trick them to approve additional cards. According to experts, both Apple and the banks share the blame for Apple Pay fraud cases.
Apple Pay is supported by the major U.S. banks and other financial institutions. Bank of America Corp. (NYSE:BAC) disclosed having about 1.1 million Apple Pay users at the end of 2014. JPMorgan Chase & Co. (NYSE:JPM) said it had already registered 1 million cards with Apple Pay.
Criminals impersonate users
There have been no illegal breaking into the encrypted system of Apple Pay, but criminals are finding a way to fool banks to verify cards by impersonating genuine users. The reason such is happening is that some of the details that banks ask for to approve a new card are easily available on the black market.
The major weakness on the side of Apple Inc. (NASDAQ:AAPL) and the banks is their desire to make the registration process for the payment service simpler. While that is helping them to increase Apple Pay adoption, they are risking the security of the service.
Fault of the banks
Banks are competing to register more Apple Pay customers. As such, they are aiming to make Apple Pay card registration as painless is it can be. For example, the banks do not usually ask for additional information from users after they receive the encrypted card details from Apple. In the end, the simplified card registration process is creating loopholes for criminals to attack.
Apple’s fault
Apple Inc. (NASDAQ:AAPL) is operating from a consumer mindset that making Apple Pay card registration complex would put off many users, especially senior citizens. However, Apple needs to do more about security as it does about usability.
Apple has the opportunity to compel banks to up their Apple Pay security game, which it hasn’t done. It seems Apple prefers to trade security for usability, which can be costly on a bad day. In the embarrassing breach of iCloud system where various celebrities were impacted, experts say Apple could have easily prevented such attacks. Use of two-factor authentication would have done it and make iCloud more secure.