social engineering attack
Apple Pay is so secure criminals so far have only been able take advantage of it by taking advantage of the banks behind it.
Sadly, identity theft and credit card fraud are nothing new. While Apple Pay does an enormous amount to secure the transaction process itself — merchants are given a one-time number instead of the card number to prevent expose in the case of data breach, for example — securing the banking process against basic social engineering attacks is something else entirely. When reached for comment, Apple told me:
This weekend, Wired's Mat Honan had his internet accounts hacked and iPhone, iPad, and Mac erased, thanks to his own linking of accounts, lack of two-factor authentication, and lack of backups -- but also because of severe problems with both Apple's and Amazon's online security policies and procedures. Basically, with an internet connection and a social engineering attack, anyone could get at least partially into anyone else's stuff.