Apple has been touting its Apple Pay app as a secure, convenient alternative to other payment systems. It has been adopted by a number of major retailers and card issuers, but David Dewey, research director at Pindrop Labs, ran several experiments on the system’s card enrollment and authentication flow and found some serious problems. Using social engineering and other techniques, Dewey was able to enroll other people’s cards in his Apple Pay account and use them as if they were his own. In this episode of the podcast, Dennis Fisher talks with Dewey about the research, how the card issuers have addressed the problems he found, and what can be done to further secure mobile payment systems.
Music by Chris Gonsalves and Ken Montigny.