While these fraud cases stem from identity theft rather than a hack into the Apple Pay system, it shows that there are still kinks in the service's verification process that both Apple and the banks need to address, security experts said.
"Both sides play a role because Apple could have done more," said Samuel Bucholtz, co-founder of Casaba Security. "But where the fraud is really coming from is the bank's verification of those cards. It's not a compromise of any Apple security system that Apple has put in place."
Read More Why Apple Pay could be big: Analyst
According to Apple's support page, when a user adds a card to Apple Pay, Apple encrypts the data then sends it to the bank along with other information, including data about your iTunes account activity and information about the device you are using, such as its current location or the name of the device. It is then up to the bank to decide whether to approve that card for transactions.
The bank may request additional information to prove the card belongs to the user, but often the information that is asked for is easy for criminals to obtain online. Also, bankers may not require any additional information because they want the process to be as painless as possible, experts said.
Banks have made a push to get customers to adopt the service because of the added layer of security provided the tokenization technology it involves. And their efforts seem to be working, given the adoption figures some financial firms have touted. JP Morgan Chase, for example, recently said that it already had one million customers who had added cards to Apple Pay, and Bank of America said that it had 1.1 million cards registered for the service by the end of last year.
"Banks jumped the gun, they wanted to make it easy, but it is a trade-off between usability and security and they trended toward the side of usability rather than security," Bucholtz said.
One thing the banks and Apple could require to make the process safer is a PIN issued by the bank to register a new card, Bucholtz said. This could be a PIN the bank mails to the user or one they have to log into their bank account to access for a one-time registration, he said.
Read More Apple plans fix next week for newly uncovered Freak security bug