NEW YORK (TheStreet) -- Apple Pay has come under scrutiny because of apparent credit card fraud, but multiple sources say a fix is in the works in the aftermath of a flood of news stories on an apparent security flaw.
The problem is simple. With stashes of millions of stolen credit cards details harvested in the recent breaches at Target (TGT) , Home Depot (HD) and the others, thieves have realized that an iPhone can, in effect, be transformed into a credit card substitute by loading it with a stolen number. Before, those criminals could only shop at online retailers. Now, with an iPhone, they can walk out of retail stores with merchandise they can sell.
"Criminals may not be able to manufacture a plastic credit card that they can use, but if they have the card number and a few other details they can enroll it in Apple Pay and their iPhone, in effect, becomes a credit card," said Patrick Nielsen, a senior security expert at Kaspersky Lab.
Since its inception, Apple Pay’s purportedly stronger security has been touted by Apple (AAPL) CEO Tim Cook, who pointed to fingerprint biometrics, including TouchID, and turning the transaction data into something non-sensitive, a process known as tokenization.
But at least some experts think Apple Pay may not be as safe as advertised.
Cherian Abraham, who heads mobile commerce & payments at Experian Global Consulting, blogged in early January on DropLabs.net, that one credit card issuer -- which he couldn't name -- said Apple Pay fraud is running a rate of $6 per $100 in transactions, some 60 times higher than normal.
Gartner analyst Avivah Litan said in an email that "every bank issuer has been impacted by it, according to my bank sources." She believes all mobile payments solutions are likely to have problems similar to what appears to be plaguing Apple Pay.
That's because the security issue revolves around card enrollment, said Nielsen.
No one claims that the volumes of fraud in Apple Pay are enormous. Indeed, the overall volume of transactions on Apple Pay are relatively small even if the device is currently accounting for two-thirds of all contactless payments in the U.S. "I doubt the volume of fraud is out of control since [Apple Pay] still constitutes a fraction of the transactions out there," Litan said.
Must Read: 5 Stocks Warren Buffett Is Selling