Powered by guardian.co.ukTa članek z naslovom “Apple Pay: nov mejnik za scammers” je napisal Charles Arthur, za theguardian.com v ponedeljek 2. marca 2015 08.00 UTC

Kriminalci v ZDA so z novo Apple Plačaj mobilno plačevanje za nakup visoko vrednostjo blaga - pogosto iz Apple Stores - z ukradenimi identitetami in podatke o kreditni kartici.

Banke so presenetili s stopnjo goljufij, in Guardian razume, da so nekateri kodiranja, da se zagotovi boljše preverjanje in sistemi preverjanja so vzpostavljeni za preprečevanje problema teče izpod nadzora, z okoli dva milijona Američanov, ki že uporabljajo sistem.

Za lopove, ni prekinil varno šifriranje okoli brezžično mehanizem Apple plačati za plačila prstnih odtisov aktivirana. Namesto, so ustanovitev nove iPhone z ukradenih osebnih podatkov, in potem kliče banke, da "določbe" kartica žrtve na telefonu, da jo uporabljajo za nakup blaga.

Kriminalci z ukradenimi ID se razume, da so usmerjene Apple Stores zlasti zato, ker sta oba sprejeti Apple Plačaj in nudijo visoko vrednostjo postavke, ki se nato lahko proda na za gotovino.

Kreditna ali debetna kartica je mogoče dodati samo Apple plačati, ko njegove banke izdajateljice žarki nad šifrirano različico podrobnosti kartice shraniti na telefonu -, ki naj bi jih storili šele, ko nekatere je pravi lastnik, da jo uporabljajo.

Vendar, goljufije z uporabo ukradenih ID Razume se, da je veliko višji od pričakovanega, s skupne izgube že teče v milijonih, po podatkih iz industrije. To je primerljivo s pričakovano vrednostjo okoli $ 5 milijard za temeljijo na pametni plačil na drobno v ZDA v tem letu.

Jabolka podporne strani za storitve pravi: "Ko dodate kreditno ali debetno kartico Apple Plačaj ... Apple pošlje šifrirano podatkov, skupaj z drugimi informacijami o aktivnostih in naprave za iTunes (kot so ime naprave, njegovo trenutno lokacijo, ali če imajo dolgo zgodovino transakcij v iTunes) na svojo banko. Na podlagi te informacije, vaša banka bo določil, ali naj odobri dodajanje kartice za Apple Plačaj. "

Ameriške banke so z uporabo "zeleno pot" za kartice se odobri takoj podlagi teh podatkov, in "rumena pot" za kartice, ki zahteva več pregledov. Vendar so nekatere banke, sta nalogo preveč preprosto s spraševanjem klicatelje, da se preveri njihovo identiteto z zadnjih štirih številk njihovo številko socialnega zavarovanja (SSN).

Čeprav naj bi bila skrivnost, SSNs so pogosto ukradeni v krajo identitete, in v povprečju 11.5 milijonov Američani so žrtve kraje identitete vsako leto, po podatkih ZDA, s povprečno incident stanejo $4,930. V 2013 skupne izgube iz ID goljufije v ZDA znašala $ 24.7bn. Skoraj dve tretjini primerov za podatke o kreditni kartici.

"Na tej točki, vsak izdajatelj [banka] V Apple je Pay videl pomembno stalno goljufij rezervacij prek računa stranke prevzema,"Je dejal Cherian Abraham, mobile-plačila specialist, ki je svetovalec za finančne skupine v ZDA, na svojem blogu.

Dejal je, organizirane tolpe so za prevare: "V nekaterih primerih, goljufi se kliče [banke] klic se osredotočali na "jih opozori na poti iz mesta", tako da so pravila goljufij iščejo transakcijskih nepravilnosti (kot je življenje stranke v Kaliforniji in transakcijah v Miamiju) Ne potovanje navzgor [kot] goljufive transakcije. "

Apple Pay, uveden oktobra 2014 in so na voljo le na iPhone 6 in 6 Plus telefoni izšla lani, upamo, uporabniki plačajo tako, da držite svoj telefon v bližini NFC opremljeno plačilnega terminala in nato potrdijo svojo istovetnost s iPhone vgrajen bralnik prstnih odtisov.

V sredo, JP Morgan Chase je dejal na klic vlagateljev, ki so več kot milijon strankam dodano debetne in kreditne kartice Apple storitev, medtem ko je Bank of America prej omenjeni 800,000 ljudje so dodali 1,1 mio kartic do konca 2014 – almost certainly making it the predominant mobile payment method in the US, displacing Google Wallet, ki začela 2011. Despite being available first, Wallet has had very low transaction volumes due to the lack of NFC terminals and a more complex interface, retail experts say. Google has not provided any data on how many users it has for Google Wallet.

A spokesman for Apple reiterated that the secure mechanism for paying with card details stored on the phone had not been breached.

“Apple Pay is designed to be extremely secure and protect a user’s personal information,” the spokesman said. “During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”

None of the US banks that offer Apple Pay contacted by the Guardian would discuss levels of fraud.

But it is understood that US banks are seeking more robust methods to verify peoples’ identities before adding cards to the service. Abraham warns: “Fraud scales – call centres don’t. There has to be an automated process that is invisible but secure. In hindsight the only thing Apple could have done better was to anticipate the problem, made it mandatory [to call] and helped build a better ‘yellow path’.”

Tim Sloane, vice president of payments innovation at the Massachusetts-based financial consultancy Mercator Group, je dejal: “These are probably just some teething problems. If the banks can nail down the authentication, they should see less fraud on Apple Pay,” and added: “Battle plans always look great until you meet the enemy.”

Dave Birch, a UK-based mobile payments expert, povedal Guardian: “in the UK there probably won’t be a ‘green path’” – meaning that people would have to call their bank to add any card to Apple Pay once it is introduced here.

The US lags behind much of the world in its adoption of secure retail payment systems and mobile payments. “Chip and Pin” systems, used throughout Europe for years, will only become compulsory in the US later this year. As retailers replace old magnetic stripe systems, which were vulnerable to widespread fraud, with new ones, they are also adding NFC capabilities, already used in the UK for Oyster cards and in many shops.

Abraham says: “Fraud in Apple Pay… came as a surprise to all”, adding that too much trust had been put in the on-device security: “The soft underbelly proved to be [the] provisioning of cards”.

guardian.co.uk © Guardian News & Media Limited 2010

Objavljeno prek Guardian News Feed plugin za WordPress.

25028 0