No. My position is that if Apple is selling a product, then Apple is responsible for making it secure - full stop.
They control their developers that way. Why not the banks?
BofA is so bad they’ll never qualify for this.
Come on. You guys have been in business for a long time - the responsibility of the product’s efficacy is on the one selling you the product.
Tech has had such a pass for the last three decades. If your hard drive fails, you’re not calling Kingston, you’ll call Dell or HP.
Not secure in one aspect of the product is not secure in ALL aspects of the product. This is especially true in this day and age.
Apple’s big enough that they could have told the banks, “Look, you don’t want all this found business - business that isn’t going through the CC companies first - then don’t follow the spec and we’ll work with the other banks.”
Walmart is what it is today precisely because they demand suppliers meet their logistics spec.
So, yes, its Apple’s fault. That they aren’t going to deign to explain the product in the first place to anyone in a coherent manner is just part of their unique charm.
The logo on the box of ApplePay has an Apple on it. People rank on MSFT all the time for selling beta to their customers. I don’t see how this is any different, except that THIS beta can wipe you out financially, and perhaps lead to your identity being stolen so that you don’t $hit right financially for a decade.
They think they’ve got political cover to do stuff like this, so they do it. It’s bad business.
It’s the banks that are in the position to authorize use of a given card. Once that authorization is established, Apple’s part is so far secure.
The failure of some banks to properly verify a cardholder is akin to people “side loading” malware onto iOS devices: despite clear security warnings, banks/people proceed to take risky behaviors. Remember, the article notes this problem hinges on people getting their card verification DENIED, calling the bank, and the bank routing them to a problem resolution center instead of the fraud prevention department. The bank is getting the same “are you sure you want to trust this client?” message as a user trying to “side load” an app to bypass the App Store.
If Apple DID get further involved in the verification process on the banks’ side, methinks you’d be complaining that Apple is meddling and unduly squelching the banks’ options for verification. They COULD shut down “enterprise distribution” and “verification waivers”, but then a whole lotta valid customers would get pi$$ed off.
At some point, the responsibility of the product’s efficacy is on the one USING product: if a bank is complicit with someone masquerading as a customer, it’s not Apple’s fault. If the banks would VERIFY THE #%$&*!# CUSTOMER fraud wouldn’t be a problem.
You are delusional.
Apple does not and can not control what the banks do beyond requiring certain behavior in the contracts the banks sign when agreeing to participate in ApplePay. In that contract Apple required them to take what the bank industry themselves have defined as the "YELLOW ROAD" which requires two factor authentication of any credit/debit card authorized to be used in ApplePay. Some of the over 3000 banks signed up with ApplePay did not use the Yellow Road and for reasons known only to them, opted to use the GREEN ROAD, accepting any card they had issued as OK to be used in ApplePay without further validation.
The criminals who specialize in credit card fraud very quickly learned that these particular banks were not validating cards being put into ApplePay and the value of stolen card numbers and IDs associated with those banks skyrocketed overnight. . . because they knew they could buy stolen cards, put them into a fraudulently bought iPhone and the bank would not validate any of their cards put into ApplePay, unlike the other card issuers. It was a license to steal. . . and steal they did.
They control their developers that way. Why not the banks?
This was NOT a failing of Apple or Apple's requirements on the banks by contract, it was a failure of the banks who chose to take the GREEN ROAD in validating their own cards! There is NOT A THING APPLE COULD DO TO SAVE THE BANKS FROM THEIR OWN STUPIDITY! If you cannot see that, you are truly delusional.
BofA is so bad they’ll never qualify for this.
Bank of America and Wells Fargo were the first two banks signed up, and happen to be two of the card issuers that I use. BOTH use the YELLOW ROAD and two factor validation to authenticate the cards I put into my ApplePay. Bank of America telephoned me using my on file phone number which they had with my credit and debit cards, while Wells Fargo texted a PIN activation number to my on file phone number as per my arrangement for two-factor ID confirmations for activation. Neither just willy-nilly accepted the card. I also have a card with Chase and they called me on the phone to confirm that I was indeed adding the card. Several other credit or debit cards were handled either by emailing a PIN activation code to my email address on file with the credit/debit card issuing bank, or a phone call. Not once was it just suddenly activated without two factor YELLOW ROAD activation from my issuing bank.
So, yes, its Apple’s fault. That they aren’t going to deign to explain the product in the first place to anyone in a coherent manner is just part of their unique charm.
What part of "THE REQUIREMENT TO USE TWO-FACTOR VALIDATION IS IN THE CONTRACT WITH APPLE" do you fail to understand?
Apple did explain the product and the requirements to these banks. . . who must have competent legal departments who also explained to them what was required and expected of them. SOMEONE failed to follow through. It was easier to just not do the proper validation . . . or they just did not expect the sheer numbers of people who were going to be trying to provision their cards in their iPhones and did not put the staff in place to handle the influx. . . and pushed it off onto the Customer Service instead of their Fraud Prevention Department. . . or just threw up their hands and said "Approve every card!"
Perhaps the bankers were naive. . . in any case, the problem has been shown it was not at Apple's end. The logo on the box of ApplePay has an Apple on it. People rank on MSFT all the time for selling beta to their customers. I don’t see how this is any different, except that THIS beta can wipe you out financially, and perhaps lead to your identity being stolen so that you don’t $hit right financially for a decade.
This is NOT a beta product, RinasesofDs. ApplePay is working as described. ApplePay is secure. No one has hacked into ApplePay. And, no Rina, it cannot lead to having your identity stolen. There is no part of ApplePay that is even in question for that. As a matter of fact, the identity of the cards being used was ALREADY stolen before ApplePay was involved. Those were stolen when someone used their legitimate card to make a purchase at a restaurant and gave the card to a waiter or waitress who took it away charged it for your meals, but also made a complete copy of it, swiped it through a magnetic reader to copy what's on the strip on the back, and then sold it on websites dedicated to that purpose to supplement his or her income, or to buy something on line with the real card number and provided the information to a shady website, or a hacker got it from Home Depot, Starbucks, Target, or any number of merchants where the card was used sometime in the past. . . or the card owner used it at an ATM or Gas Pump with a secondary card reader added on top to the legitimate card reader and a miniature video camera positioned to record the entering of the PIN. . . or other phishing expeditions to separate the card owner from his information.
They think they’ve got political cover to do stuff like this, so they do it. It’s bad business.
This is a PROTOCOL problem at a few banks. This is an operator error. It's a Read the F'ing Manual problem. It is a problem created by someone making an assumption. It is a loose nut on the keyboard problem; an ID10T problem at the BANKS; a midlevel MANAGEMENT problem where some heads are going to roll. The cost of this will come out of the bottom line at the banks who allowed their mid-level manager to make the bad assumptions. . . and ignore the contract their upper level management signed with Apple which required much more stringent safeguards.
It is not, however, a problem inherent in ApplePay or at Apple.