Apple Pay isn’t enough to fix a broken payment system | Coin Center

Apple Pay isn’t enough to fix a broken payment system

High levels of fraud show us that slick apps are only as good as the payment system they rely on.

Coin Center Annual Dinner 2017

The Wall Street Journal has taken note of an alarming level of fraud in Apple Pay transactions:

[I]t’s not ‘an anomaly’ to see fraud accounting for about 6% of Apple Pay transactions, compared to about 0.1% of transactions using a plastic card to swipe.

The Journal’s source is payment expert Cherian Abraham at Drop Labs; Abraham’s post explains:

[A]s more [card] issuers come online (within [Apple Pay]) fraudsters will be the first to line up. They will catch on to the [Bank ID numbers] that work and the ones that don’t. And as long as issuers fall back on measures easily circumvented by freely available [Personally Identifying Information – PII] – this problem will continue to leech trust and large sums of cash.

According to Abraham, the root of the disproportionate rates of fraud is the system that’s set up to validate an attempt to load a new card onto your phone, the so-called Yellow Path. What’s the current gold-standard for proving you aren’t some scammer on the yellow path, loading a batch of stolen cards onto an iPhone? Provide the last four digits of your social security number. Or share other PII with an overworked operator at a call center. That’s not going to cut it in a world where stolen card numbers often end up sold in bulk along with similarly stolen PII. That’s not going to work in a world where all that data sits (and must sit) on the dubiously secured servers of payment intermediaries.

Apple Pay is great, and offers hope that at least merchants won’t need to handle PII, but the tokenization process just pushes the fraud back from the point of sale to the point of provisioning (when the user uploads a card to their device). The better solution is using a push payment system, like Bitcoin, from end to end. It’s time to stop bandaging an outdated payment infrastructure and rebuild payments from the root. As our report on Bitcoin and privacy explains, there’s been a long line of half measures that have failed:

First, chip and pin technology is being incorporated into the point of sale systems of many American retailers. Installation of these systems is costly—one hundred million dollars for Target stores alone. Yet chip and pin systems would likely not have prevented the sort of financial privacy breaches suffered at Target or Home Depot nor do these systems stop fraud and identity theft online.

Second, as rates of online fraud surged in the 2000s, Visa and Mastercard began developing a technological anti-fraud solution for ecommerce known as the 3-D Secure protocol. 3-D secure has been in development for years but many claim that it has yet to make any meaningful improvements to financial security for online purchases.

It is surprising that in 2014 we still have no viable improvement to credit card payment systems developed in the 1960s, despite losing $30 billion to fraud in 2012 alone, and spending an unknown amount of capital year-after-year investing in security systems that have failed to bear fruit.

And Blockchain-driven currency, like Bitcoin, provides a fresh answer:

Cryptocurrency has the potential to slash the compliance costs of securing customer data  by fundamentally changing the infrastructure. As discussed, cryptocurrency payments do not necessitate the storage, even temporary storage, of personal data on the servers of a merchant. This enables merchants to focus on providing valuable products rather than accumulating and securing a vulnerable database against hackers—an endless arms race.

A merchant accepting Bitcoin need only receive and keep coins sent by customers or have access to a service, such as BitPay, that will rapidly and automatically exchange payment in cryptocurrency for the local fiat currency. This allows payment networks to be global and interoperable without requiring any shared global database of user account information and private financial histories, beyond a pseudonymous ledger. In many ways it is the same as using cash.

Apple Pay is pretty slick, but for payments at the bar (and maybe even the Genius Bar), Bitcoin can be so much safer.

Read the full report: Bitcoin: Our Best Tool for Privacy and Identity on the Internet

Based in Washington, D.C., Coin Center is the leading non-profit research and advocacy center focused on the public policy issues facing cryptocurrency and decentralized computing technologies like Bitcoin and Ethereum. Our mission is to build a better understanding of these technologies and to promote a regulatory climate that preserves the freedom to innovate using permisionless blockchain technologies.