Merchants are far from helpless bystanders as Apple and banks sort out who is responsible for stopping fraudulent cards from being enrolled in the Apple Pay mobile wallet.
In fact, merchants can make the only move certain to block all fraudulent Apple Pay transactions they can pull the plug on Near Field Communication payments altogether, as CVS and Rite Aid did for their own reasons shortly after Apple Pay's October launch.
Merchant backlash has destroyed other NFC wallets before, including Bling Nation, which shut down after merchants objected to certain requirements it imposed. Apple may have more clout, but the company also has its share of opponents, and any issue that undermines confidence in Apple's wallet makes merchants more likely to wonder why they should tolerate this new payment method.
"Apple is genuinely concerned about merchant perception of their products and they want to clear up any issues out there," said Mark Horwedel, CEO of the Merchant Advisory Group, who spoke to Apple representatives at a recent MAG event.
To be clear, a widespread merchant uprising is not imminent. "Merchants don't want to turn their back on iPhone users, and they know most of the issues are of the networks' making," he said.
But the latest issue adds to the small but growing pile of concerns with Apple's security. On Apple Pay's first day, some customers found they were double-charged for certain transactions. And even before the Apple wallet's launch, the security issues surrounding iCloud, which was exploited to expose many celebrities' nude photos, made it easy for Apple Pay's rivals to mock the tech giant's approach to data security.
"In this instance [of fraudulent cards on Apple Pay], it again illustrates that this product was rushed to market, it was kept secret by the brands and networks, and this is what happens," Horwedel said.
It's not even a new problem, Horwedel noted. "We have seen prepaid products rushed to market without any ability to control fraud on returned goods, and the answer is always to charge that stuff back to the merchants," he added.
If Apple can clear up these issues, it can significantly improve security at the point of sale. Its mobile wallet adds tokenization, encryption and fingerprint authentication, all of which are "worlds safer than the plastic cards we all carry every day," said Al Pascual, senior analyst for Javelin Strategy & Research.
Considering that Apple Pay transactions are treated as card-present transactions for the sake of fraud liability, merchants should not be overly concerned about the account takeover issues if they lead to fraud at the point of sale, Pascual added.
However, Apple Pay's issues reflect poorly on the mobile wallet market overall, Horwedel said. Merchants might be forgiving of Apple because it is a well-established brand, but they may be less likely to tolerate risk and customer service issues from a startup's product. That would particularly be an issue if the card networks were to mandate that if a merchant accepts one NFC wallet, it must accept others.
"Some of these other wallets may come with baggage, too," Horwedel said. "A merchant who will take Apple Pay may not want other NFC wallets with all of the possible warts."
Blocking a particular mobile wallet doesn't actually stop the fraud, said Mary Monahan, head of mobile for Javelin Strategy & Research.
"When a fraudulent account already exists, the fraud is going to happen anyway," she said, adding that 1.5 million consumers in the U.S. suffered account takeover fraud last year, accounting for $4 billion in damages.
If that type of fraud is going to occur, Apple Pay could even contain the situation, Monahan said.
"A fraudulent Apple Pay account is easier to stop than a physical card," she added. "The Apple Pay account can be turned off, and the fraudster tracked [to the phone] if the fraud is discovered in time."