Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Banks Confident in Apple Pay Security, Assume Liability for Fraudulent Purchases

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,516
30,794



touch_id_chase_hand-250x395.jpg
Apple's new Apple Pay payment system has been designed to be ultra secure, taking advantage of existing NFC tokenization specifications to keep user payment information safe. Apple uses tokens, or unique Device Account Numbers, to replace card numbers and transactions are verified through both one-time use security codes and Touch ID.

Ahead of the launch of Apple Pay, The Daily Dot has spoken to several different banks working with Apple on the payments service, including Navy Federal Credit Union, USAA, Chase, and PNC, to get their thoughts on its security.

According to Navy Federal VP of credit cards Randy Hopper, the bank was "very excited" to see what Apple had developed, because it is "convenient, secure, and private." Apple's use of tokenization "addresses all points of weakness across the payment system."

USAA assistant vice president Vikram Parekh, meanwhile, said that the bank is confident enough in Apple Pay to assume all liability for unauthorized or fraudulent transactions, both in retail stores and for online purchases.
"USAA has a zero liability policy and members are never liable for any losses related to unauthorized [or] fraudulent activity, this does not change with Apple Pay," Vikram Parekh, Assistant Vice President at USAA Bank tells the Daily Dot.

"The bank has liability for any purchases made when Apple Pay is offered and used as the form of payment. This is true for both face-to-face and for "in-app" purchases," Parekh explains.
Click to expand...
Both Chase and PNC offered similar statements, suggesting banks that have partnered with Apple feel that the payments system is secure enough for them to offer consumers the same protections they get with standard credit cards.

Apple Pay is "extremely secure" and "zero liability for fraudulent transactions still applies," said Chase spokesman Paul Hartwick, while Tom Trebilcock, vice president of digital at PNC Bank, pointed out that tokenization will protect consumers from "potential mass theft of credit and debit card information." Stolen credit cards and customer information have plagued millions this year, as major retailers like Target and Home Depot saw massive security breaches that compromised significant amounts of customer data.
"From Navy Federal's perspective we're excited about the whole tokenization process," Hopper says. "The whole process of providing a payment token as opposed to the financial account number actually reduces the risk to the system and to everyone participating in it, from the customer, to the retailer, to the payment networks, to the issuer, and to Apple."
Click to expand...
Though Apple has said that it will not be able to see transaction information, several of the bank representatives that spoke to The Daily Dot have confirmed that they will be able to tell if a transaction has taken place using Apple Pay or a standard credit card, "because of the nature of the data" given to banks in the Apple Pay system.

Apple has plans to launch Apple Pay in October, through an update to iOS 8. iOS 8.1, which was seeded to developers earlier this month, already contains hidden Apple Pay setup and settings elements that will likely be unlocked before the software is released to the public.

There is no word of an official release date for Apple Pay, but Chase said its customers will be able to use Apple Pay when it launches, while USAA plans to begin offering Apple Pay on November 7. PNC and Navy Federal will support Apple Pay in the fall.

Article Link: Banks Confident in Apple Pay Security, Assume Liability for Fraudulent Purchases
 
Article Link
https://www.macrumors.com/2014/10/09/apple-pay-bank-liability/
markyr17

markyr17

macrumors 65816
Apr 8, 2010
1,186
92
Banks are willing to cover fraudulent charges? Wow. That's a step in a different direction (as opposed to the new Chip and Pin credit cards, where the merchant is required to assume liability) -- They really stand behind Apple's security in Apple Pay.

Good to hear- now let's get this Apple Pay up and running!
 
Last edited:
UnfetteredMind

UnfetteredMind

macrumors 6502
Jun 6, 2012
451
77
I'm not at all surprised they'll assume liability as the system is more secure than what we have today and they're already assuming the liability :rolleyes:

Looking forward to being able to use it!
 
N

NorEaster

macrumors regular
Feb 14, 2012
239
23
markyr17 said:
Banks are willing to cover fraudulent charges? Wow. That's a step in a different direction -- They really stand behind Apple's security in Apple Pay.

Good to hear- now let's get this Apple Pay up and running!
Click to expand...

Why is this is a surprise to you? My bank (one of the larger nationwide banks) has always covered fraudulent charges. In fact, a few years ago this actually happened to me. My bank actually proactively reached out to me and told me they identified a suspicious charge. They asked me if I actually made it, when I said no, and they wiped the charge from my account. Maybe your bank isn't so great?
 
keysofanxiety

keysofanxiety

macrumors G3
Nov 23, 2011
9,539
25,302
At the risk of sounding pessimistic, I can't even play online games on my iPhone thanks to the wifi constantly dropping on iOS 8. I don't think I'm ready to replace my debit card with my phone.
 
markyr17

markyr17

macrumors 65816
Apr 8, 2010
1,186
92
UnfetteredMind said:
I'm not at all surprised they'll assume liability as the system is more secure than what we have today and they're already assuming the liability :rolleyes:

Looking forward to being able to use it!
Click to expand...

With magnetic stripes, banks assume liability. With Chip and Pin, merchants have to assume liability. Chip in pin is incoming to the USA 2016, and merchants will be required to accept liability for fraud in this case.
 
markyr17

markyr17

macrumors 65816
Apr 8, 2010
1,186
92
NorEaster said:
Why is this is a surprise to you? My bank (one of the larger nationwide banks) has always covered fraudulent charges. In fact, a few years ago this actually happened to me. My bank actually proactively reached out to me and told me they identified a suspicious charge. They asked me if I actually made it, when I said no, and they wiped the charge from my account. Maybe your bank isn't so great?
Click to expand...

No, as I said in another reply, they do cover fraudulent charges with swiped cards, but with the new chip and pins, the merchants are responsible.
 
S

spectrumfox

macrumors 6502a
Oct 18, 2013
751
1
I will let others be the beta testers for this and sign up once I'm sure all the security measures Apple has implemented are proven in real-world scenarios.
 
Last edited:
iSRS

iSRS

macrumors 6502
Mar 2, 2010
468
291
It seems like, with music (downloads, then storage, soon streaming), Movies, and TV, Apple was wise to start with the key third parties. These are areas that while the end consumer is the ultimate user, having those important third parties on board set everything up for success.
 
UnfetteredMind

UnfetteredMind

macrumors 6502
Jun 6, 2012
451
77
markyr17 said:
With magnetic stripes, banks assume liability. With Chip and Pin, merchants have to assume liability. Chip in pin is incoming to the USA 2016, and merchants will be required to accept liability for fraud in this case.
Click to expand...

I thought it was if the merchants did not upgrade to the new system, that they (merchants) would be responsible for fraudulent charges? Thus incentivizing merchants to upgrade.
 
J

jpsaffron

macrumors newbie
Oct 9, 2014
5
3
markyr17 said:
No, as I said in another reply, they do cover fraudulent charges with swiped cards, but with the new chip and pins, the merchants are responsible.
Click to expand...

Assuming you're referring to the US, it's the other way around. If a customer has a chip-and-signature card, but the merchant runs the mag swipe, the merchant takes on the liability. If the customer has a chip-and-signature card, and the merchant runs it as chip-and-signature, the issuing bank takes on the liability. That gives the merchant an incentive to update their terminal to chip-and-signature.

If the bank does not issue a chip-and-signature card in the first place, the issuing bank will still have liability for all transactions. Of course, one would expect not many banks to leave themselves in that position.

(Also note that chip-and-signature is, unfortunately, not chip-and-pin -- which is the standard in Europe.)
 
P

patohi

macrumors regular
Sep 16, 2009
157
70
What is Apples cut?

I'm afraid next weeks event is going to be all Apple Pay.

Not that I'll blame them if successful it'll make Apple even more ridiculous amounts of money...
 
J

jpsaffron

macrumors newbie
Oct 9, 2014
5
3
Card enrollment process?

I understand how actual payments are more secure with ApplePay. I'm wondering how the initial enrollment works. From the keynote, it seemed that you just take a picture of the card, and it's enrolled.

What's to stop me from taking a picture of someone else's card? Obviously the fraud can still be tracked to the phone initiating the charges, but there are lots of stolen phones out there. It's much easier to steal a phone than to print your own credit cards (especially chip cards). And your enrolled phone will now be considered to have gold-standard fraud controls.

Is there some process for the bank to confirm you intended to enroll a card?
 
S

spectrumfox

macrumors 6502a
Oct 18, 2013
751
1
MacSince1990 said:
Right here. And I apologize for the Google Wallet.

(Disclaimer: I have no idea what that is.)
Click to expand...

Just for history's sake, Google Wallet is Google's NFC implementation for making purchases with Android devices.

Rather than use a one-time secure token like Apple's method, Google Wallet makes use of a virtual debit card to make purchases, so your actual bank account and/or debit card is kept private during transactions.
 
L

loanhighknight

macrumors member
Jun 24, 2013
56
156
jpsaffron said:
Assuming you're referring to the US, it's the other way around. If a customer has a chip-and-signature card, but the merchant runs the mag swipe, the merchant takes on the liability. If the customer has a chip-and-signature card, and the merchant runs it as chip-and-signature, the issuing bank takes on the liability. That gives the merchant an incentive to update their terminal to chip-and-signature.

If the bank does not issue a chip-and-signature card in the first place, the issuing bank will still have liability for all transactions. Of course, one would expect not many banks to leave themselves in that position.

(Also note that chip-and-signature is, unfortunately, not chip-and-pin -- which is the standard in Europe.)
Click to expand...

Dead on. One correction though: If the bank does not issue a chip-and-signature card, the merchant taking a signature (even if the signature is a drawing of a Christmas tree) is sufficient to shift liability to the bank... because in our weird financial world that is somehow preferable to issuing a card with a chip in it. (Planet Money actually just did a piece on this exact issue.)

ApplePay leapfrogs the chip payment system in security, so maybe the folks that held out on updating to chip-and-pin will get the last laugh here as mobile payments become more prolific and reliable.
 
dontwalkhand

dontwalkhand

macrumors 603
Jul 5, 2007
6,376
2,865
Phoenix, AZ
markyr17 said:
With magnetic stripes, banks assume liability. With Chip and Pin, merchants have to assume liability. Chip in pin is incoming to the USA 2016, and merchants will be required to accept liability for fraud in this case.
Click to expand...

Only if the merchant doesn't have a Chip and PIN reader and most do now.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom