Re: ApplePay is very secure
Some years ago back in the mid 1990s I met with credit card companies on a project that was being developed. There were two issues then, limited imagination and the huge cost and near impossibility of adding security functionality to the streaming processes then used. I am pretty sure that number two still exists and we can see (1) being exhibited now. I am amazed that people were not aware that all this talk of 'very secure', is frankly hog wash - it is with all systems. Make a more secure anything and people will look for the easy way round the security. This is no exception. I suspect that the first error was to major all efforts on one device/method of initial verification. After that it was to allow a basically insecure method to 'verify' the voracity of the set up. If you do not employ a bit of lateral thinking and periodic re-verification your security will be breached. This is a consumer product so one perceived need is an easy ride for the user, but easy rides always come with costs.- The CVC code is pretty weak, and even the secondary card not present checks are not hugely strong but at least they are better and can be updated if/when needed via an established route.
Frankly I do not care who allowed this to come about, the banks, apple, the man in the moon, or whoever, it makes no difference. It is still like making a secure vault with thick walls and armoured locks and having an unsecured air-conditioning duct or a plywood roof (it's safe at 10 feet off the ground). The product is end to end and the weakness is where ever and when ever it is found.
The risk to the well organised fraudster is zero, phone cost is a few units of currency, (probably paid for with a stolen card), load it, use it for a few days make money, dump phone, bingo.