Apple Pay Fraud: Who's to Blame, Apple or Wall Street?

Apple CEO Tim Cook speaks about Apple Pay at the Flint Center in Cupertino, California, on September 9, 2014. REUTERS/Stephen Lam

Apple Pay, Apple's new mobile-payment system that lets users make payments on the go with their smartphones, has become the target of fraudsters since its launch last October. On this point, some of Wall Street's biggest banks, which enthusiastically paired with Apple to launch the service, and Apple itself agree.

But Apple and Wall Street both say the other is to blame for the fraud, according to a New York Times report Tuesday.

At the time of Apple Pay's launch, Apple announced a long and illustrious list of financial services partners: Visa, Mastercard, American Express, Bank of America, Capital One, Chase, Citigroup and Wells Fargo, among others.

Apple Pay lets users store credit card information on their smartphones and pay with a single tap. Apple CEO Tim Cook said the service had more than a million users less than 72 hours after its launch. However, despite Apple Pay's robust security features, including fingerprint authentication, fraudsters discovered that it is fairly easy to upload stolen credit cards to Apple Pay—Apple, insisting on a "frictionless" user experience, requires little in the way of verifying users are who they say they are.

Now some of Apple's partners seem to be having second thoughts about their agreement with the company, but most are afraid to speak up publicly for fear of angering the tech giant, according to Times DealBook reporter Andrew Ross Sorkin. "No bank executive would speak with me on the record for fear of upsetting their company's relationship with Apple," he writes.

Tensions escalated in late February when Cherian Abraham, a mobile-banking consultant who advises an Android-based competitor to Apple called SimplyTapp, wrote in a blog post that as much as 6 percent of Apple Pay transactions may be fraudulent. That's significantly higher than credit card transactions, which have an average fraud rate of 1 percent, according to Abraham.

Apple won't say what the fraud rates are for Apple Pay, but a representative said in a statement that the system is "designed to be extremely secure and protect a user's personal information."

A bank employee, who asked not to be named to avoid upsetting Apple, told Newsweek the actual percentage of fraud was much lower, but didn't provide any specifics.

Apple blames the banks' "onboarding" process of new credit cards for the rate of fraud, as Sorkin writes in the Times:

Apple Pay itself should, in theory, cut down on fraud because it makes stealing credit card information almost impossible. Each time a transaction takes place, Apple generates the equivalent of a new credit card number so the merchant never actually sees a customer's information.

The vulnerability in Apple Pay is in the way that it — and card issuers — "onboard" new credit cards into the system. Because Apple wanted its system to have the simplicity for which it has become famous and wanted to make the sign-up process "frictionless," the company required little beyond basic credit card information about a user. Nor did it provide much information to the banks, like full phone numbers and addresses, that might help them detect fraud early.

Meanwhile, the banks, which are responsible for fraudulent charges, have begun to tighten up their screening processes for new cards with Apple's help.