Apple Pay Enhanced Fraud Prevention (updated)

Apple Wallet VISA card users report receiving ‘Enhanced Fraud Prevention’ notifications today that outline changes how Apple shares ‘fraud prevention assessments’ with payment card networks based on analyzed information from user Apple Pay transactions (purchase amount, currency, date, location, very likely more). The changes seem to apply to web and in-app purchases.

Apple has been doing most of this already. The new Apple Pay and Privacy text expands upon earlier iOS user guide text: If you have Location Services turned on, the location of your iPhone at the time you make a purchase may be sent to Apple and the card issuer to help prevent fraud. Perhaps Apple is changing ‘may be sent’ to ‘will be sent’.

Enhanced Fraud Prevention might cause problems for some Apple Pay users when people start traveling again as in-app purchase is used for adding money to transit cards. There have already been a few very recent and odd, ‘I can’t use my home issued Apple Pay card to recharge PASMO’ complaints on social media from inbound visitors. Until now this kind of thing has been unheard of for Apple Pay Suica•PASMO users. A new complication to keep an eye on going forward. So far Wallet Enhanced Fraud Protection notifications only seem to be going out to VISA card users. Why and why now?

Because it’s starting with VISA with the focus on web and in-app payments, my first thought was this is partly a response to bad publicity from the silly VISA-centric ‘Apple Pay Express Transit has been hacked!‘ story that make the rounds last October. The new Apple Pay and Privacy text outlines how the new policy applies to various Apple Pay operations: adding a card, paying with Apple Pay, using transit cards, etc.

QR Code payments in Wallet are also referenced. The official mention may indicate the long in development feature will finally see light of day, perhaps iOS 15.5, we shall see. The text says, “When you make a payment using a QR code pass in Wallet, your device will present a unique code and share that code with the pass provider to prevent fraud.” If Apple Pay delivers native device generated QR code payments without a network connection, just like all Apple Pay cards to date, it would be quite a coup.

The notification privacy text is worth reading. As of this posting the Apple Pay & Privacy web page has not been updated with Enhanced Fraud Protection information.

2022-04-22 Update
Some clarity on the reasons and timing of Enhanced Fraud Prevention: Wallet notifications went to VISA card users in various Apple Pay regions (US, Japan, Australia and more) the same day Apple switched the Apple Cash card brand from Discover to VISA debit. Kissing the Green Dot Bank/Discover backend goodbye for VISA is the smart thing to do as Apple can finally take Apple Cash international. Enhanced Fraud Prevention had to be in place first for that to happen.