The banks, desperate to become their customers’ default card on Apple Pay — most add only one to their iPhones — did little to build their own defenses or to push Apple to provide more detailed information about its customers. Some bank executives acknowledged that they were were so scared of Apple that they didn’t speak up. The banks didn’t press the company for fear that they would not be included among the initial issuers on Apple Pay. Within weeks of Apple Pay’s introduction, a second set of banks joined: Barclays, Navy Federal Credit Union, PNC Bank, USAA and U.S. Bank.

It also appears that banks set up a flawed process to deal with the credit cards that it did flag. Affected users were directed to a customer care phone center, not a fraud prevention center. A customer care center’s mission is to help customers use their cards, leading more fraudulent cards to be approved for use on Apple Pay.

“Call centers are a poor approach for two reasons,” Mr. Abraham wrote. “One — fraudsters are better at social engineering than call center reps are at sniffing out fraud. In some cases, fraudsters are calling the call center themselves to ‘alert the bank about a trip out of town’ so that fraud rules looking for transaction anomalies (like a customer living in California and transacting in Miami) do not trip them up.”

Some Apple supporters have sought to discredit Mr. Abraham based on his affiliation as an adviser to a company that is based on Apple’s main competitor, Android. While he may indeed be conflicted, he has rightfully raised an important security issue that all sides have acknowledged is a problem, though perhaps not to the extent he has contended.

All of this has led to a thriving black market in which thieves enter stolen credit card numbers into iPhones, essentially turning the devices into physical credit cards, which they in turn take to stores and walk out with merchandise. Thieves have even used Apple Pay at Apple Stores.

In a statement, Apple put the problem squarely on the shoulders of the banks: “During setup, Apple Pay requires banks to verify each and every card and the bank then determines and approves whether a card can be added to Apple Pay. Banks are always reviewing and improving their approval process, which varies by bank.”

Apple has now begun providing additional information to the banks that should help deter some of the fraud. The banks, which are responsible for the costs of the frauds, have toughened standards to review customer sign-ups on Apple Pay. No bank executive would speak with me on the record for fear of upsetting their company’s relationship with Apple. If you’re asking yourself, “Why are criminals more inclined to use Apple Pay than just use stolen credit cards at an online retailer?” it’s a good question. It is apparently much easier for banks to catch thieves using stolen credit cards with online retailers because of the delay in shipping a product — it can often take days — as well as the extra information that every online retailer requires, like an address where the product is to be shipped.

First-mover advantage is often crucial when it comes to the rapidly changing and rabidly competitive world of technology, but that can quickly turn to disadvantage when companies rush headlong into trouble.