Credit card fraudsters are always devising new tactics to steal money from tech giants and banking institutions alike.
With the rising number of mobile payment applications and options, cases of fraudulent transactions involving platforms like Apple Pay are on the rise as well.
In a new scheme, hackers are stealing millions of dollars from Apple by taking advantage of security lapses from banks.
The new scheme involves loading Apple Pay accounts using stolen payment card information from the dark web.
Capital One and JPMorgan are some of the banks that have been targeted in mobile payment fraud schemes.
Experts suggest the breaches were mostly because of loopholes created by banks.
In 2015 and 2016, Capital One suffered losses amounting to $1.5 million after a known organized crime group loaded their iPhones with funds from stolen credit cards.
One of the alleged perpetrators, a resident of Miami, received a four-year sentence in December 2018 for his involvement in the Apple Pay fraud scheme.
In another case, an organized crime group embezzled funds from JPMorgan bank accounts using information obtained from darknet platforms.
Like in the Miami case, fraudsters from Washington are said to have loaded Apple Pay and other different digital wallets in a bid to make high-end purchases.
After buying expensive items like MacBook Pros and Rolex watches, the products are resold to complete the well-orchestrated operation.
Details of the Washington and Miami Cases
According to a recent report by Forbes, the group from Miami had access to important user information from Capital One customers.
With this data, they were able to manipulate bank representatives into allowing them access to the accounts.
The verification step that sometimes involves impersonation is the most important step because it enables control over unsuspecting customers’ accounts.
In the second case from the Washington Western District Court, three suspects—Aaron Laws, Denison Ellis and Jeffrey Mayfield—were arrested for conspiracy to commit fraud.
One of them was further charged with money laundering, aggravated identity theft and possession of stolen credit card credentials.
Who Is Responsible?
The responsibility of protection from such fraudulent activities lies on the banks, as the breaches are made from bank accounts and not from digital wallets.
While some banks conduct due diligence by calling the account holder before adding a card online, others simply send verification codes that can be bypassed.
Card fraud is not new in the U.S., but the advent of various mobile payment options has availed new mechanisms for illegal activities.
Because banks are the ones who issue cards, they are left with the responsibility of being at the forefront in handling actions against fraudsters.
They also have access to the transaction history to tell whether a transaction from the user’s card is suspect or not.
Cases Involving Apple and Microsoft Stores
In 2017, there were two cases of card fraud in Washington involving Apple and Microsoft.
In the first of the two crimes that took place in April 2017, the suspected fraudsters in the aforementioned Washington case followed a predictable pattern.
Allegedly, they uploaded a stolen card to an Apple Pay account and later bought two MacBook Pros for over $7,000.
The same card was reused after a few weeks to buy merchandise worth $4,940 from a Microsoft Store in Seattle.
According to Forbes, the total losses accruing from their activities cost the affected banks at least $600,000.
Is the New Apple Card a Promising Solution?
On its side, Apple says it is already doing its part to prevent fraudulent transactions.
With the newly introduced Apple Card that doesn’t feature a CVV security code, a card number, signature, or an expiration date, it will be interesting to see how card fraudsters will bypass security measures.
Unlike the traditional cards, the Apple Card will store the user’s information on the iPhone’s Secure Element, a certified chip that stores a user’s payment information securely on the device.
Responsibility will consequently shift from banks to the company, which will have oversight of the transactions.
Apple Pay has been an easy target for fraudsters because banks suffer lapses in the process of verifying card usage online.
Even suspected transactions are not properly investigated. The legitimate account holder is only advised to apply for another card in the mean time.
As claimed a press release from last month, Apple Card is touted to beat competition from rival providers because it has zero card fees and features lower interest rates.
Apple Pay Vice President Jennifer Bailey stated she anticipates that the card will ensure “a healthier financial life” for all users.
While this may mitigate illegal transactions, it must be acknowledged that cybercriminals are adaptable to new technologies.
They are always looking for loopholes to compromise. Some of the breaches, however, happen because of individual malpractices and not just because of the underlying technology.
Latest posts by C.M. (see all)
- Australian Man Faces Charges for Running $17M Drug Syndicate on the Dark Web - April 23, 2019
- A Look at Baldr, a New Type of Malware Circulating in Hacking Forums - April 23, 2019
- Silk Road 2.0 Founder Sentenced to 5 Years in Prison - April 22, 2019