I am a cynical, grizzled veteran of the technology wars. I implemented my first payment system in 1995, and just a few weeks ago was programming in PHP to handle refunds through the online payment processor Stripe’s excellent interface.

But when I saw the variants on the headline, “Fraud Comes to Apple Pay,” I figured what was stated wasn’t true. Apple retains so very little information about credit cards registered to a phone, and tucks it away so securely, that this scenario seemed exceedingly unlikely.

And that’s turned out to be the case—including in the further explanation in the body of articles that led with that banner. In truth, the problem has little to do with Apple, and you have additional tools by which you can can protect yourself should you experience what I describe below.

The fraud, however, isn’t in Apple Pay: it’s in the verification process by which banks allow a card added to an iPhone to be enrolled in Apple Pay. That process is entirely controlled by the banks. Along with your credit card number, expiration date, and other details, Apple sends several signals to banks that are used to determine whether a valid user of the card is trying to enroll it.