But that doesn’t stop a hacker who’s already ganked your credit card info from using it to create an Apple Pay account on their own device. In fact, that exact scenario poses what is probably the biggest fraud risk, according to the fraud prevention team at the digital security firm Easy Solutions: "The primary concern isn’t the Apple technology itself, but rather the ways in which Apple Pay and banks are verifying payment and authenticating users. For example, an attacker can easily register their phone with another user’s credentials, since TouchID serves only as a local validation of the fingerprint.”
In short, anyone who scores your credit card info can register their device with it, pose as you to swindle your bank into believing its legit, and go buckwild at Aeropostale.
But since swiping a stranger's info is increasingly simple these days, and sophisticated hackers will always find new ways to steal your stuff, there's no reason to believe Apple Pay is making you any more or less vulnerable than usual... except that researchers at the mobile data management firm Wandera discovered it's remarkably easy for would-be hackers to co-opt the Apple Pay sign-up process over WiFi, and snag your credit card info even as you're entering it. The good news is the imposter sign-up pages they use to capture your keystrokes are fairly obvious to spot.
Your best line of defense is to be ultra-vigilante about keeping tabs on your purchase history. And meanwhile, Apple has lit a fire under banks to amp up their verification efforts to double and triple-check that whoever's linking their card is the true account holder.
The bottom line is this: neither plastic cards nor Apple Pay are secure 100% of the time. Of course, if that's what you're looking for, there's always the old fashioned way...
Sign up here for our daily Thrillist email, and get your fix of the best in food/drink/fun.
Joe McGauley is a senior writer for Thrillist. He accepts Visa, Mastercard, Amex, and literally every other form of payment.