Benner on Tech: Apple Pay, Always Blameless

Katie Benner is a Bloomberg View columnist who writes about technology, innovation, and the cult and culture of Silicon Valley. She lives in San Francisco.
Read More.
a | A

People are Talking About…

Did we really need more evidence that Apple wields brand power like Excalibur?

No, I’m not talking about all the breathless hype around the Apple Watch, though that’s sure been hard to escape. I’m talking about the fact that hackers are attacking Apple Pay and, so far, the news hasn’t hurt the brand or the product.

Here’s a quick Apple Pay fraud timeline. In January and February, mobile payments strategist Cherian Abraham wrote that Apple Pay was more vulnerable to fraud than traditional credit card payments. On March 3, the Wall Street Journal said sophisticated fraud rings were targeting the product. The newspaper reiterated Abraham’s claim that about 6 percent of Apple Pay transactions were fraudulent, compared with 0.1 for credit cards.

As the story grew, the press focused on the role that banks played in the mess because the fraud occurs when users add their credit card information to Apple Pay. The banks that issue credit cards, the narrative went, were so eager to have their cards uploaded to Apple Pay that they relaxed approval standards, opening the door for stolen credit card credentials to get the green light. Business Insider declared, “Nope, there’s no ‘Apple Pay fraud.’

On March 9, after nearly a week of Apple Pay fraud news, chief executive Tim Cook touted Apple Pay at the company’s big Apple Watch product launch, boasting that 2,500 banks and 700,000 merchants were participating in the mobile-payment service. The number of companies accepting Apple Pay had tripled. Analysts’ only complaint was that the company had wooed just a fraction of the country’s merchants.

Six days later, the investigative reporter Brian Krebs revisited the issue, noting that Apple gives banks a lot of data that should, in theory, prevent fraud -- including device location and whether or not the customer has a long history of transactions on iTunes.

All useful data points, of course, unless the iTunes account that all of this information is based on is hijacked by fraudsters. And as we know from previous stories on this blog, there is a robust trade in the cybercrime underground for hijacked iTunes accounts, which retail for about $8 per account.

Card fraud, it seemed, had never been easier or cheaper.

Only yesterday did The New York Times acknowledge (while firmly laying the blame on the banks) that banks lowered their bar for credit card approval because Apple wanted to make it easy to sign up for Apple Pay.

Because Apple wanted its system to have the simplicity for which it has become famous and wanted to make the sign-up process “frictionless,” the company required little beyond basic credit card information about a user. Nor did it provide much information to the banks, like full phone numbers and addresses, that might help them detect fraud early.

Now, is this technically a problem for the banks to solve? Yes it is. And should Apple sacrifice ease and provide more customer information to the card issuers? Of course.

In most normal circumstances surrounding problems like this, it would be the brand that takes a reputational hit. But Apple is no normal brand, and it doesn’t seem like Apple Pay’s problems will blow back into Apple's lap as it might with other companies.

The banks, incredibly, anticipated the fraud problem. They told the Times that they were all too afraid to bring it up during the months that they worked with Apple on payments. Talk about being the weaker partners. Apple’s brand is so powerful that financial firms knowingly stayed mum on a major security flaw to curry favor with the company. Now the press, kowtowing to that same brand power, will tell consumers that Apple Pay is another Apple miracle when things go well, and another Wall Street debacle when the fraudsters strike.

It's good to be the king. 

** Sort of related: Facebook users can use the company’s Messenger app to send money to friends, putting Facebook head-to-head against Venmo and Square in that corner of the payments business.


Ellen Pao v. Kleiner Perkins: Kleiner partner Randy Komisar calmly and convincingly defended himself against allegations that he came on to Pao. The Wall Street Journal says that he said that Pao’s “betrayal” of him was “unforgiveable.” Re/code says the judge doesn’t think Pao has enough evidence to sue for unspecified punitive damages, though she could still sue for the $16 million specified in her case. My Bloomberg Business colleague Brad Stone calls the trial a case of “lean in” gone bad.

Dataminr, which finds signals in Twitter data that are used by everyone from hedge fund guys to cops, raised $130 million from investors including John Mack and Vikram Pandit, Bloomberg reports.

Lyft now accepts Google Wallet, along with Apple Pay and PayPal, reports VentureBeat.

Uber is letting any app embed its ridesharing service, a move that the Verge points out could turn Uber into “the pipes that other services use to move people and products around.”

The most powerful startups don’t have any women on their boards, Fortune reports.

In case you didn’t know, those huge late stage valuations are usually a work of fiction. Bloomberg explains why.

The World Bitcoin Association filed for bankruptcy, reports Bloomberg.


Apple is offering to share data in order to get programmers to support its TV package, reports the New York Post. If you’re impatient for “Becoming Steve Jobs,” the warmer biography of tech’s most revered CEO, you can read co-author’s Rick Tetzeli’s Fast Company essay about Jobs. If you want the more “complicated” portrait, the Verge says you can watch the new documentary “Steve Jobs” by Alex Gibney, who also directed films about Enron and Eliot Spitzer.

Google is using humans to vet apps and will rate them for age appropriateness, reports the Wall Street Journal.

Microsoft says that Windows 10 will launch this summer in 190 countries and 111 languages. The Wall Street Journal says the new system will support biometric authentication. It’s also killing off the Internet Explorer brand.

Oracle’s quarterly revenue report fell short of expectations, but Bloomberg says that the company attributed the miss to the strong dollar and the stock rose.

Twitter launched its first developer tools with IBM, which lets people write applications that use Twitter data, reports the New York Times. The company made a tool that makes it easier to report online threats to the police.

Security Watch

Premera Blue Cross said that hackers stole Social Security numbers, bank data and medical records from up to 11 million people. The Wall Street Journal says that the crime bears some similarity to the recent Anthem breach.

Media Files

Unbundling has forever changed cable TV, but the Wall Street Journal says that slimmed down over-the-top packages may not save consumers money or hassle.

Pearson Education is under fire for monitoring student Twitter accounts for leaked test information, the New York Times reports.

This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.

To contact the editor on this story:
Timothy L. O'Brien at