Apple appears to have used the combination of TouchID+GeoLocation+Liability to get banks to treat ApplePay as a Card Present transaction rather than a card not present transaction.
++ That has resulted in "rampant ApplePay fraud"
++ As usual, the issue is not the device/token, but customer account takeover fraud when provisioning cards in to ApplePay. Can you say remote identity proofing #FAIL?
Taxing Issues in Authentication
According to a GAO report on Identity theft and tax fraud (PDF), IRS paid $5.8 billion in 2013 for refund requests later determined to be fraud. It also created a group aimed at centralizing several prior ad hoc efforts to authenticate taxpayers across its systems, but a commitment to cost, benefit and risk analysis is not documented in the group’s short- and long-term priorities. [sigh]
++ Intuit (maker of TurboTax Tax filing software) and IRS seem to be playing hot potato when it comes to “stolen identity refund fraud” (SIRF), where thieves gather pieces of data about taxpayers from outside means then create accounts at TurboTax in the victims’ names and file fraudulent tax refund claims with the IRS.
++ "According to the interviews with Intuit’s former security employees, much of the tax refund fraud being perpetrated through TurboTax stems from a basic weakness: The company does not require new customers to do anything to prove their identity before signing up for a TurboTax account. During the account sign-up, you’re whoever you want to be." Where the potato has landed?
cyberforge: random and relevant
Privacy in 2025: Experts’ Predictions - Don't expect location data in public locations to be considered private, but expect stronger protections for what you do in "enclosed spaces". I'm building myself an Iron Man suit and calling it an enclosed space!
++ The Creepy Test as a starting point to spot potential privacy problems
++ Signal, an encrypted voice and messaging application for iPhones and iPads