HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
What makes detecting crimes like this so hard is that the average Apple customer is so used to getting ripped off that they don't notice when someone else is doing it to them. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Apple Pay: A New Frontier For Scammers
- Thread starter HardOCP News
- Start date
TwistedAegis
[H]F Junkie
- Joined
- Oct 7, 2009
- Messages
- 8,958
Fraudsters: the earliest adopters. If anything, it simply identifies the issues of identifying people over the phone/non face to face.
And as a shoutout to my fraud peoples, I can imagine they're not surprised internally. It's senior management being "surprised" despite likely being told exactly this would happen, but "We don't have the resources/it's not a priority right now!"
And as a shoutout to my fraud peoples, I can imagine they're not surprised internally. It's senior management being "surprised" despite likely being told exactly this would happen, but "We don't have the resources/it's not a priority right now!"
Watch the solution be our banks having photos/facial recognition, finger prints, height and weight info, DNA and more so we can prove who we are.
Read the article. The service isn't insecure, the banks are just approving unauthorized accounts.
TwistedAegis
[H]F Junkie
- Joined
- Oct 7, 2009
- Messages
- 8,958
USAA actually was the first major US bank to roll out facial recognition via their mobile app.
Honestly, not sure what the solution is. Biometrics is likely the future, but I also understand the privacy concerns. Not sure how best to balance that.
Exactly; no matter how secure a vault, digital or not is, transporting the valuable data/goods into the vault is where the insecurity still lies.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
Say rather the path of least resistance (of fraud) is with banks greenlighting fraudsters over the phone. If/when banks clamp down (as they should have from the beginning), another exploit will probably be found.
D
Deleted member 82943
Guest
+1 to this.
Insula Gilliganis
[H]ard|Gawd
- Joined
- Feb 6, 2007
- Messages
- 1,469
amddragonpc
[H]ard|Gawd
- Joined
- Sep 20, 2012
- Messages
- 1,996
Well, I can imagine the executives laughing at this. U.S. criminals buying FROM THE APPLE STORE with Apple Pay. CA-CHING!!!!! Talk about improving gross revenue.
Service as in end-to-end process from customer to merchant to bank and the weakest link was exposed much like all it took was a simple preventable brute force to expose pictures of people's orifices on iCloud.
Well, I can imagine the executives laughing at this. U.S. criminals buying FROM THE APPLE STORE with Apple Pay. CA-CHING!!!!! Talk about improving gross revenue.
Yeah, I thought that was kind of funny. It's not like Apple can stop accepting Apple Pay.
I'm not sure who takes the loss on this. Is it Apple, the bank, or whoever the scammer stole the ID from?
The banks take the loss. Which is why these breaches happen (target, home depot), the people accepting the payment method do not suffer the losses when their data is breached. Until they are held liable nothing will change because they don't care.
I don't know what the future is and more important than payment methods is the fact that everything about us is tied to a SSN#. You would be appalled at how out there your SSN is. There is no protection against identity theft other than playing the odds.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
LMAO. No.
It simply is too much trouble to breach Apple Pay itself when social engineering the card-issuer is far easier and takes less computer coding skill. Path of least resistance. Change the path of least resistance to Apple Pay itself instead of social engineering bank representatives, and you can bet money some enterprising criminals will find exploits in Apple Pay overnight.
Such is the nature of crime.
aaronspink
2[H]4U
- Joined
- Jun 7, 2004
- Messages
- 2,122
Bank is going to eat these losses. Its entirely outside of both Apple's and the retailers hands. It would be the same thing if the bank shipped out a box of checks to a fraudster. Apple wisely put authorization in the hands of the banks and the banks appear to have a rather pathetic form of authorization.
Last 4 SSN? REALLY? in 2014/15 using the last 4 SSN is like using the combination of 1234 to guard shield dome around your planet to prevent the oxygen from being sucked out. Its also the combination an idiot uses on his luggage! Christ, if you aren't confident enough to green flag it, require an in person branch visit at least. Or at a minimum to a snail mail auth code.
aaronspink
2[H]4U
- Joined
- Jun 7, 2004
- Messages
- 2,122
Actually, the main selling point of something like Apple Pay is that it largely secures the retailer side of the equation for the banks. Nothing that the retailer stores from an Apple Pay transaction is valid for any past or future transaction. Unlike with a normal credit card transaction where the retailer has a record of the card stripe and likely also the 3/4 security code.
Which is why using last 4 SSN for any sort of auth is completely retarded.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
It was 12345 that was the shield key in SpaceBalls. Jesus. Kids are so uncultured these days.
aaronspink
2[H]4U
- Joined
- Jun 7, 2004
- Messages
- 2,122
Actually, Apple Pay itself is currently the most secure payment system available. It uses one time cryptographically secure tokens which can't be replayed. It has heavy level of anonymization in transit as well. From a theoretical level it is a very secure system once authorized. The only weak link is the initial authorization as demonstrated in this article.
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
The key there is "theoretically".
Problem being, as demonstrated by Target, and every other major merchant who has been hacked in the last 24 months and had all their CC info stolen....Apple will never admit to any kind of breach to the contrary. And even if there is one, they'll downplay it for all they can until it is futile to keep up the charade anymore.
There's a hole there to be made. If it isn't Apple Pay itself it is the surrounding database or the people with access to it. In this day and age nothing is uncrackable, it just takes enough brains and computing power. As shown by the NSA and SIM cards.
D
Deleted member 108676
Guest
Click bait is click bait.
This is for any payment system of this style.
This is for any payment system of this style.
Lets cut out the hype. Single use secure token based transaction have been around forever. I worked on one for online statements almost a decade ago and I doubt we were the first.
aaronspink
2[H]4U
- Joined
- Jun 7, 2004
- Messages
- 2,122
Even apple doesn't have the actual account info stored with apple pay. The only provider in the loop with the actual account information is the issuing bank. And if the issuing bank gets hacked, you are already so fubar....
TwistedAegis
[H]F Junkie
- Joined
- Oct 7, 2009
- Messages
- 8,958
Right, but as Apple does, they take something other people have done on a small scale, polish it up and release it to the mainstream. I'm not a fan of the company, but that's the key to their success and they do it very well.
It may not be a perfect solution, nothing is, but I think it's a big step in the right direction...other than the fact that it's happening in Apple's walled garden, fragmenting the landscape even further.
Ocean
Supreme [H]ardness
- Joined
- Oct 19, 2003
- Messages
- 4,927
Should we expect all cellular hardware manufacturers to ensure that the user of the hardware has been correctly authenticated and identified?