The Apple Pay payment system has been used in recent years by cybercriminals to carry out thousands of scams against bank customers. Why is it so easy for them?

There are two factors that, in the opinion of Palomar Abogados, come into play here. On the one hand, it's easy to set up Apple Pay, for which you just have to add a debit, credit or prepaid card, mine, yours or anyone else's, to the Wallet app of an I PHONE device. On the other hand,  the inadequacy of the two-factor authentication system used by banks in their capacity as payment service providers.

At Palomar Abogados we want to warn that cybercrime "feeds" on bank customers not only through the use of Apple Pay, but also with payment platforms such as Samsung Pay or MoneyGram, among others.

Let's take a look at how easily cybercriminals circumvent banks' two-factor authentication system:

Phase 1: The criminal sends an SMS to our mobile phone. He deceives us on any pretext... For example, the pending payment of 1 or 2 euros of taxes or shipping for a package to be received, for which we must click on a link. It redirects us to a fake website of Correos, DHL, or MRW, which asks us for the full number of our credit, debit or prepaid card.

Phase 2: The criminal, taking advantage of the fact that he is an Apple customer, adds the stolen credit, debit or prepaid card to the Wallet app of his I PHONE. Knowing that the bank is going to ask us to confirm the linking of our card to the Apple Pay service, the criminal "through the back door" (from his fake website) anticipates and tells us that we will soon receive a request for validation of the payment of the fee or shipping from Correos, DHL or MRW.

Phase 3: We receive an SMS message from our bank that says: "Enter your verification code..... to activate Apple Pay with your card. The code will expire after 2 hours." And we, thinking that by entering that code on the online platform we are completing a payment for customs or transport freight, we are unconsciously "opening the door" for the criminal to make as many purchases uninterruptedly as he wants to make through Apple Pay charged to our bank account. Consummate scam, in just two or three minutes!

If this has happened to you, the bank is civilly liable for your loss, firstly because you acted properly at all times, that is, you did not incur any gross negligence, and secondly because the bank, knowing for years about this type of fraud, should have activated supervisory mechanisms to prevent it, and did not do so.

At Palomar Abogados we are specialists in legal claims for phishing. We recently had an interview on CADENA SER in which we explained this kind of procedure; You can listen to it at this link:

https://play.cadenaser.com/audio/1641803349_182051/

Banks must respond to phishing attacks, as they were the ones who designed the security system, and it was up to them to properly assess the risks when doing so; in short, the "operational risk" of the security system should fall solely on them, as the Courts have stated in repeated sentence.

Tell us about your case, and we'll help you get your money back.

https://palomarabogados.es/contactar/