Apple Inc.’s new mobile-payment system has been hit by a wave of fraudulent transactions using credit-card data stolen in recent breaches of big retailers, including Home Depot and Target, people familiar with the matter said.
About 80 percent of the unauthorized purchases have been for big-ticket items purchased with smartphones at Apple’s own stores, one person with knowledge of the situation said. Those Apple products have a higher resale value than most of those available through other merchants that have signed on to the Apple Pay system, such as Whole Foods Market and Panera Bread.
The Apple Pay system itself hasn’t been penetrated by hackers. Rather, fraudsters are entering stolen card data into phones, which can then be used to make purchases without a physical card being present.
An Apple spokesman said, “Apple Pay is designed to be extremely secure and protect a user’s personal information.”
The bogus purchases are a setback for Apple’s high-profile foray into electronic payments, even though banks are responsible for verifying customer information before cards can be used with phones.
Apple hasn’t provided data on the number of Apple Pay users but says that the service accounted for two of every three dollars spent in the U.S. via mobile payments on the three major credit-card networks.
Banks that are using the Apple Pay platform are in some cases making changes to their security procedures, the people familiar with the matter said.
The fraud highlights how compromised card data can be valuable to cybercriminals long after merchants secure holes in their payment systems.
“There is a trail of fraudulent activity as a result of these larger breaches, and our job is to catch that in the process,” said Jeff Siekman, director of payments and commerce solutions products at Fifth Third Bancorp, a large regional bank based in Cincinnati.
