Fraud cases across three prefectures involving Apple Pay exploit loophole: Sources — The Mainichi — “Multiple fraud cases involving stolen credit card information via Apple’s iPhone payment system ‘Apple Pay’ occurred across Osaka, Kyoto and Saitama prefectures in late March this year, investigative sources have revealed… Apple Japan said it had confirmed the Saitama cases, and a source disclosed that after the incidents occurred, Apple reportedly gathered credit card issuing companies together and warned them to exercise caution.”
- Apple Pay users in the US to get buy now pay later option with iOS 16
- BIS reports on CBDCs in emerging markets
- Moroccan bank launches biometric payment card
- US digital bank introduces contactless payments rings
- Riksbank completes digital currency payments pilot
Post navigation
One comment on this article
Comments are closed.
As best I can tell the issuer is sending a one time password to the phone of record of their customer. They are being duped into changing that number from that of their customer to that of the perpetrators. We have also seen cases in which telcos have been duped into changing the association between a phone number and a SIM or device.
To the extent that we rely upon text to phone for a control, we better be very careful about enrolling and changing those phone numbers. Consumers can help by ensuring that the numbers in their profiles are correct and that they are receiving the traffic intended for them.
Note that postal mail and e-mail may be vulnerable to the same kind of attack.