Rurik Bradbury on Trustev's blog:
A hot and heavy headline at the Wall Street Journal, "Fraud Comes to Apple Pay," gives the impression of some kind of security weakness in Apple's new payment system, but it's not justified.
What has happened is that Apple Pay itself is basically fraud-proof, so fraudsters have turned their attention to the next weakest link: credit cards before they're added to an Apple Pay wallet.
This is classic fraud via social engineering. Criminals use stolen credit card details (which can easily and cheaply be bought for on sites like [redacted - not going to list it here]) and then trick banks into allowing them to be loaded onto an iPhone.
Yet another example of not letting the facts get in the way of a good headline. Everyone knows the formula:
Apple + Sensational Statement = Clicks