Paying for disruption

By ANIL JOHN on 09 March, 2015 | Permalink

That has resulted in “rampant ApplePay fraud”
As usual, the issue is not the device/token, but customer account takeover fraud when provisioning cards in to ApplePay. Can you say remote identity proofing #FAIL?

According to a GAO report on Identity theft and tax fraud (PDF), IRS paid $5.8 billion in 2013 for refund requests later determined to be fraud. It also created a group aimed at centralizing several prior ad hoc efforts to authenticate taxpayers across its systems, but a commitment to cost, benefit and risk analysis is not documented in the group’s short- and long-term priorities. [sigh]
Intuit (maker of TurboTax Tax filing software) and IRS seem to be playing hot potato when it comes to “stolen identity refund fraud” (SIRF), where thieves gather pieces of data about taxpayers from outside means then create accounts at TurboTax in the victims’ names and file fraudulent tax refund claims with the IRS.
“According to the interviews with Intuit’s former security employees, much of the tax refund fraud being perpetrated through TurboTax stems from a basic weakness: The company does not require new customers to do anything to prove their identity before signing up for a TurboTax account. During the account sign-up, you’re whoever you want to be.” Where the potato has landed?

cyberLinks: random and relevant