Yes, funny how that didn't get any traction... Yet, "banks" (no names of ANY bank from that source, strange hum... ) were scrambling... Maybe it is because it had little to do with Apple in the first place. It takes :
1) A bank that doesn't check if a card part of a breach (like target) or stolen.
2) A person who didn't cancel their card after the breach (Why?) or they gets it stolen.
3) No previous transactions done post breach/theft before being registered with Apple pay (or I'm guessing the owner would have cancelled the card already, or the bank suspended it if the card is used in an unusual way).
That's one hell of set of circumstances. Notice the info for the card is already owned by the crooks by this point. They can use it regardless of Apple. They can use it in ANY pay system they want.
What Apple pay makes possible once those unlikely circumstances occur is:
- Making it easier for crooks to check if any of 1) or 2) and 3) in a systematic way if a BANK makes it easy to add the card without verifying that the legitimate user is doing so (most banks do verify, so makes the circumstances even rarer). That way they could go through a pile of 50 cards numbers in an hour, find out which ones work and those that don't, then go online and order a big pile of stuff that way.
Not only that. Since Apple pay is linked to an Apple ID and a phone, they need a:
- Stolen phone with no lock, find my phone to wipe it
- A legitimate Iphone 6 with a fake apple ID.
Since this has kind of died down and we still don't have a single name of bank involved, I'm going to guess that this is just like the "bending" phones; a minor, or even imaginary event. Even if it had happened, it would be those few banks that would have been unsecured, not Apple or IOS.