Powered by Guardian.co.ukSee artikkel pealkirjaga “Apple Pay: uus piir petturid” kirjutas Charles Arthur, jaoks theguardian.com esmaspäeval 2. märts 2015 08.00 UTC

Kurjategijad USA kasutate uus Apple Pay mobiilimakse süsteem osta kõrge väärtusega kaupade - tihti Apple Stores - varastatud identiteedi krediitkaardi andmeid.

Pangad on püütud üllatus pettuste taset, ja Guardian mõistab, et mõned on püüdvat tagab parema ja kontrollimisel süsteemid paika panna, et vältida probleemi otsa kontroll, ligikaudu kaks miljonit ameeriklast juba kasutavad süsteemi.

Crooks ei ole katki turvaline krüpteering ümber Apple Pay sõrmejälg aktiveeritud traadita maksesüsteemi. selle asemel, nad panevad uue iPhone'i varastatud isikuandmeid, ja siis helistades pangad "säte" ohvri kaardi telefoni kasutada seda osta kaupu.

Kurjategijad koos varastatud ID Kuuldavasti suunatud Apple Stores eelkõige seetõttu, et nad mõlemad aktsepteerivad Apple Pay ja pakkuda kõrge väärtusega esemed, mis saab siis müüa raha.

Krediidi või deebetkaardiga saab lisada ainult Apple maksma, kui selle väljastanud panga talad üle krüpteeritud versioon kaardi andmed salvestada telefoni - mis see peaks ainult tegema, kui teatud tegelik omanik kasutab seda.

Aga, pettuse abil varastatud ID mõistetakse kaugel oodatust suurem, kus kogukahju juba töötab miljoneid, vastavalt tööstuse allikatest. See on võrreldav oodatav väärtus on umbes $ 5 miljardit nutitelefoni põhinev jaemaksete USA selle aasta.

Apple tugileheküljelt teenuse eest ütleb: "Kui lisate krediit- või deebetkaardi Apple Pay ... Apple saadab krüpteeritud andmeid, koos teiste infot oma iTunes konto tegevus ja seadme (nagu seadme nime, Oma praeguse asukoha, või kui sul on pikk ajalugu tehingute iTunes) oma panka. Kasutades seda teavet, Teie pank kas kiita lisada oma kaardi Apple Pay ".

USA pangad kasutavad "roheline tee" kaartide nad on heaks kiitnud kohe selliste andmete, ja "kollane tee" kaartide vajavad rohkem kontrolle. Aga mõned pangad on muutnud liiga lihtne, küsides helistajad, et kontrollida nende samasus neli viimast numbrit oma sotsiaalkindlustuse number (SSN).

Kuigi pidi olema saladus, SSNs tavaliselt varastatud identiteedivargus, ja keskmiselt 11.5 miljonit ameeriklast on langenud identiteedivarguse aastas, vastavalt US andmed, keskmise juhtum maksavad $4,930. Sisse 2013 kogukahju ID pettuse USA oli $ 24.7bn. Ligi kaks kolmandikku juhtudel kaasata krediitkaardi andmeid.

"Sel hetkel, iga emitendi [Pank] Apple Pay see on märkimisväärselt pidev varustamine pettuse teel kliendi kontoülevõtmise,"Ütles Cherian Abraham, mobiil-maksed spetsialist, kes on konsultant USA rahanduse rühmad, oma blogis.

Ta ütles, et organiseeritud jõugud taga on petuskeemid: "Mõningatel juhtudel, petturid kutsuvad [panga] call centre themselves to ‘alert them to a trip out of town’ so that fraud rules looking for transaction anomalies (such as a customer living in California and transacting in Miami) do not trip up [kui] fraudulent transactions.”

Apple Pay, introduced in October 2014 and only available on the iPhone 6 ja 6 Plus phones released last year, lets users pay by holding their phone near an NFC-equipped payment terminal and then confirm their identity with the iPhone’s built-in fingerprint reader.

Kolmapäeval, JP Morgan Chase said on an investor call that more than one million customers had added debit and credit cards to Apple’s service, while Bank of America has previously said 800,000 people had added 1.1m cards by the end of 2014 – almost certainly making it the predominant mobile payment method in the US, displacing Google Wallet, mis käivitatud 2011. Despite being available first, Wallet has had very low transaction volumes due to the lack of NFC terminals and a more complex interface, retail experts say. Google has not provided any data on how many users it has for Google Wallet.

A spokesman for Apple reiterated that the secure mechanism for paying with card details stored on the phone had not been breached.

“Apple Pay is designed to be extremely secure and protect a user’s personal information,” the spokesman said. “During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”

None of the US banks that offer Apple Pay contacted by the Guardian would discuss levels of fraud.

But it is understood that US banks are seeking more robust methods to verify peoples’ identities before adding cards to the service. Abraham warns: “Fraud scales – call centres don’t. There has to be an automated process that is invisible but secure. In hindsight the only thing Apple could have done better was to anticipate the problem, made it mandatory [to call] and helped build a better ‘yellow path’.”

Tim Sloane, vice president of payments innovation at the Massachusetts-based financial consultancy Mercator Group, öeldud: “These are probably just some teething problems. If the banks can nail down the authentication, they should see less fraud on Apple Pay,” and added: “Battle plans always look great until you meet the enemy.”

Dave Birch, a UK-based mobile payments expert, ütles Guardian: “in the UK there probably won’t be a ‘green path’” – meaning that people would have to call their bank to add any card to Apple Pay once it is introduced here.

The US lags behind much of the world in its adoption of secure retail payment systems and mobile payments. “Chip and Pin” systems, used throughout Europe for years, will only become compulsory in the US later this year. As retailers replace old magnetic stripe systems, which were vulnerable to widespread fraud, with new ones, they are also adding NFC capabilities, already used in the UK for Oyster cards and in many shops.

Abraham says: “Fraud in Apple Pay… came as a surprise to all”, adding that too much trust had been put in the on-device security: “The soft underbelly proved to be [the] provisioning of cards”.

guardian.co.uk © Guardian News & Media Limited 2010

Avaldatud kaudu Guardian News Feed plugin WordPress.

24013 0