I was reading this article in the New York Times, and I was a bit torn. On one hand, the article was rife with swipes at Apple, things like:

Some bank executives acknowledged that they were were so scared of Apple that they didn’t speak up.

This makes it sound like Apple has a division of jackbooted thugs whose main job is to smash glass and rough up the bank executives who don’t toe the line.

That said, there were two points made that I think were right on the money.

The first point involves motivation. Banks were not so much interested in customer security as they were in being first into the Apple Pay wallet.

The banks, desperate to become their customers’ default card on Apple Pay — most add only one to their iPhones — did little to build their own defenses or to push Apple to provide more detailed information about its customers. Some bank executives acknowledged that they were were so scared of Apple that they didn’t speak up. The banks didn’t press the company for fear that they would not be included among the initial issuers on Apple Pay.

While that prose grinds my teeth (specifically, the maligning use of the words “desperate”, “scared” and “fear”, more appropriate for an op-ed piece like mine than for a post presented as news), it does speak to a bank’s motivation. The one fact here, “most add only one to their iPhones”, is tossed in without attribution, but I suspect there is a tendency to have one primary Apple Pay card and a race to be “that” card undermined the obligation to guard customer security, to ensure fraud prevention.

The second point involves a flaw in the process of dealing with red flags raised in the fraud prevention process.

It also appears that banks set up a flawed process to deal with the credit cards that it did flag. Affected users were directed to a customer care phone center, not a fraud prevention center. A customer care center’s mission is to help customers use their cards, leading more fraudulent cards to be approved for use on Apple Pay.

“Call centers are a poor approach for two reasons,” Mr. Abraham wrote. “One — fraudsters are better at social engineering than call center reps are at sniffing out fraud. In some cases, fraudsters are calling the call center themselves to ‘alert the bank about a trip out of town’ so that fraud rules looking for transaction anomalies (like a customer living in California and transacting in Miami) do not trip them up.”

The Mr. Abraham referred to in this post is Cherian Abraham, a controversial figure who the article says this about:

Some Apple supporters have sought to discredit Mr. Abraham based on his affiliation as an adviser to a company that is based on Apple’s main competitor, Android.

That aside, I see the two main culprits here as motivation and process. The banks did not put customers’ needs first and they made a strategic error in not putting their well trained fraud detection teams in the loop from the very beginning.

The good news is, though both the banks and Apple took a reputation hit here, it does sound like appropriate fixes are being wheeled into place and the long term prospects for Apple Pay look excellent.