One of the worst thing is that criminals in US had already started using the new Apple Pay mobile payment system to buy high-value goods – often from Apple Stores – with stolen identities and credit card details.
How Criminals Do it
Criminals, instead of breaking the Apple Pay's encrypted security, thieves took the advantage of the lack in the rules of the card activations from banks. Instead, they are setting up new iPhones with stolen personal information, and then calling banks to “provision” the victim’s card on the phone to use it to buy goods.
Apple Pay works using near-field communication at payment terminals. Its transactions utilize more-secure tokenized payments, and buyers have to verify their purchases with Apple's Touch ID fingerprint sensor. The combination of encrypted payments and biological verification is supposed to offer a good deal more security than typical magnetic strips, and the problem here is how evildoers can manipulate bank card provisions.
“During setup Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”