Editorial Note: The content of this article is based on the author’s opinions and recommendations alone. It may not have been previewed, commissioned or otherwise endorsed by any of our network partners.
Updated on Friday, March 6, 2015
This week, it was reported that 6% of all transactions made with Apple Pay were fraudulent. The problem: some banks make it too easy to load credit cards into an iPhone that does not belong to the cardholder. It is up to the bank to determine the amount of authentication required before a credit card is loaded onto the iPhone.
At MagnifyMoney, we did an experiment. We tried to load credit cards of the major credit card issuers (Citi, Chase, American Express and Barclays) onto an iPhone. There was only 1 credit card company that had an added level of verification, making it the safest card for Apple Pay: Chase.
Below is the information required by Chase, and all of the others.
In order to load the Chase credit card onto the iPhone, you have to take a picture of the front of the card. In addition, you have to input the expiration date and security information.
But here is where Chase provides extra protection, without much hassle. Chase will then send either a text message or an email to the number or email address on file. That text or email would contain a code that is required to complete the registration.
That adds a very important extra layer of security. Simply skimming a credit card in a bar is not sufficient to use the card on an iPhone. This is called second-factor authentication, and we salute Chase for making it a part of Apple Pay registration.
Citi, Amex and Barclays
All 3 of these providers followed Step 1 of Chase: you take a picture and input the expiration date and security code. However, that was enough to load the credit card. There was no second factor authentication.
The lack of this second factor authentication is why 6% of transactions could be fraudulent. We hope that all issuers move towards 2-factor very soon.
What does this mean for you?
As we reported previously, using Apple Pay does not increase your risk of fraud. Hackers have not penetrated the Apple systems, and registering your credit card on your iPhone (even with Citi, Amex and Barclays) does not increase your risk of fraud.
However, the weakness in iPhone registration makes it easier for already stolen credit cards to be used.
The best way to protect yourself is to sign up for regular alerts, so that you can see an additional stream of data about your accounts (ideally via text message or email). And, as soon as you see a transaction you don’t recognize, you should call your credit card issuer to dispute it. The good news: you are not liable for fraudulent transactions that you report immediately.
And credit cards remain a safer alternative than debit cards, which have fewer protections for fraud, and even with those protections can leave you in the lurch.
That’s because thieves have direct access to the funds in your checking account with a debit card, and unlike a credit card, where you simply do not pay for fraudulent charges, fraudulent debit withdrawals immediately leave your checking account and it’s up to you to work with your bank to request funds to cover the missing amount.
While big banks like Bank of America promise to credit fraudulent withdrawals as soon as the next business day, there are no guarantees of that, making a debit card breach more disruptive than a credit card breach via Apple Pay.