Banks Confident in Apple Pay Security, Assume Liability for Fraudulent Purchases

Thursday October 9, 2014 2:05 pm PDT by Juli Clover
touch_id_chase_handApple's new Apple Pay payment system has been designed to be ultra secure, taking advantage of existing NFC tokenization specifications to keep user payment information safe. Apple uses tokens, or unique Device Account Numbers, to replace card numbers and transactions are verified through both one-time use security codes and Touch ID.

Ahead of the launch of Apple Pay, The Daily Dot has spoken to several different banks working with Apple on the payments service, including Navy Federal Credit Union, USAA, Chase, and PNC, to get their thoughts on its security.

According to Navy Federal VP of credit cards Randy Hopper, the bank was "very excited" to see what Apple had developed, because it is "convenient, secure, and private." Apple's use of tokenization "addresses all points of weakness across the payment system."

USAA assistant vice president Vikram Parekh, meanwhile, said that the bank is confident enough in Apple Pay to assume all liability for unauthorized or fraudulent transactions, both in retail stores and for online purchases.
"USAA has a zero liability policy and members are never liable for any losses related to unauthorized [or] fraudulent activity, this does not change with Apple Pay," Vikram Parekh, Assistant Vice President at USAA Bank tells the Daily Dot.

"The bank has liability for any purchases made when Apple Pay is offered and used as the form of payment. This is true for both face-to-face and for "in-app" purchases," Parekh explains.
Both Chase and PNC offered similar statements, suggesting banks that have partnered with Apple feel that the payments system is secure enough for them to offer consumers the same protections they get with standard credit cards.

Apple Pay is "extremely secure" and "zero liability for fraudulent transactions still applies," said Chase spokesman Paul Hartwick, while Tom Trebilcock, vice president of digital at PNC Bank, pointed out that tokenization will protect consumers from "potential mass theft of credit and debit card information." Stolen credit cards and customer information have plagued millions this year, as major retailers like Target and Home Depot saw massive security breaches that compromised significant amounts of customer data.
"From Navy Federal's perspective we're excited about the whole tokenization process," Hopper says. "The whole process of providing a payment token as opposed to the financial account number actually reduces the risk to the system and to everyone participating in it, from the customer, to the retailer, to the payment networks, to the issuer, and to Apple."
Though Apple has said that it will not be able to see transaction information, several of the bank representatives that spoke to The Daily Dot have confirmed that they will be able to tell if a transaction has taken place using Apple Pay or a standard credit card, "because of the nature of the data" given to banks in the Apple Pay system.

Apple has plans to launch Apple Pay in October, through an update to iOS 8. iOS 8.1, which was seeded to developers earlier this month, already contains hidden Apple Pay setup and settings elements that will likely be unlocked before the software is released to the public.

There is no word of an official release date for Apple Pay, but Chase said its customers will be able to use Apple Pay when it launches, while USAA plans to begin offering Apple Pay on November 7. PNC and Navy Federal will support Apple Pay in the fall.

Related Roundup: Apple Pay
[ 60 comments ]

Top Rated Comments

(View all)

Avatar
UnfetteredMind
69 months ago
I'm not at all surprised they'll assume liability as the system is more secure than what we have today and they're already assuming the liability :rolleyes:

Looking forward to being able to use it!
Rating: 9 Votes
Avatar
jpsaffron
69 months ago

No, as I said in another reply, they do cover fraudulent charges with swiped cards, but with the new chip and pins, the merchants are responsible.


Assuming you're referring to the US, it's the other way around. If a customer has a chip-and-signature card, but the merchant runs the mag swipe, the merchant takes on the liability. If the customer has a chip-and-signature card, and the merchant runs it as chip-and-signature, the issuing bank takes on the liability. That gives the merchant an incentive to update their terminal to chip-and-signature.

If the bank does not issue a chip-and-signature card in the first place, the issuing bank will still have liability for all transactions. Of course, one would expect not many banks to leave themselves in that position.

(Also note that chip-and-signature is, unfortunately, not chip-and-pin -- which is the standard in Europe.)
Rating: 8 Votes
Avatar
UnfetteredMind
69 months ago

With magnetic stripes, banks assume liability. With Chip and Pin, merchants have to assume liability. Chip in pin is incoming to the USA 2016, and merchants will be required to accept liability for fraud in this case.


I thought it was if the merchants did not upgrade to the new system, that they (merchants) would be responsible for fraudulent charges? Thus incentivizing merchants to upgrade.
Rating: 8 Votes
Avatar
Worf
69 months ago
Where are those Google Wallet apologists?
Rating: 6 Votes
Avatar
MacSince1990
69 months ago

Where are those Google Wallet apologists?


Right here. And I apologize for the Google Wallet.

(Disclaimer: I have no idea what that is.)
Rating: 5 Votes
Avatar
spectrumfox
69 months ago

Where are those Google Wallet apologists?


Geez, can't let an Apple announcement go by without mentioning Android or Google.

Fanboy much? Give it a rest, hero. No one mentioned them before you did.
Rating: 5 Votes
Avatar
falcon362
69 months ago

With magnetic stripes, banks assume liability. With Chip and Pin, merchants have to assume liability. Chip in pin is incoming to the USA 2016, and merchants will be required to accept liability for fraud in this case.


I think you have this wrong.

Right now, banks assume liability for magnetic striped cards. After October 2015, merchants will assume liability for fraudulent charges on those cards. If they have switched to chip and PIN or chip and signature, the bank will be assume liability.

That is how the banks and the credit card companies are getting businesses to pay for and install the new card readers.

If merchants were responsible for chip and pin fraud, none of them would move to that system.
Rating: 4 Votes
Avatar
loanhighknight
69 months ago

Your math needs work. It's not 15 cents but rather 15% of a penny. They could still rack up some cash with this but nothing like what you're suggesting.

Edit: I realized you were quoting there. But please ensure you don't pass on bad info.


Mmm, nope. It's right as-is. 0.15% of a $100 purchase is 15 cents--exactly as it says.
Rating: 4 Votes
Avatar
NorEaster
69 months ago

Banks are willing to cover fraudulent charges? Wow. That's a step in a different direction -- They really stand behind Apple's security in Apple Pay.

Good to hear- now let's get this Apple Pay up and running!


Why is this is a surprise to you? My bank (one of the larger nationwide banks) has always covered fraudulent charges. In fact, a few years ago this actually happened to me. My bank actually proactively reached out to me and told me they identified a suspicious charge. They asked me if I actually made it, when I said no, and they wiped the charge from my account. Maybe your bank isn't so great?
Rating: 4 Votes
Avatar
kdarling
69 months ago
The US customer has never been liable for fraudulent purchases made via contactless or online methods.

This is just bank PR.

Banks are competing to be the default card on people's Apple Pay wallet.

Expect to see more and more ads about this soon.
Rating: 3 Votes

[ Read All Comments ]