User profile for user: Shklee
Shklee Author
User level: Level1 5 points
I thought Apple Pay was an added form of protection. In one day two cards were hacked. Help?
[Re-Titled by Moderator]
Apple TV 4K, tvOS 16
Posted on Nov 1, 2023 7:42 AM
Reply
Question marked as Top-ranking reply
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Posted on Feb 29, 2024 2:23 PM
So, from day one you added the card to Apple Pay and have used Apple Pay on your iPhone for every transaction since?
You’re saying you’ve never swiped your card or inserted your card in a transaction terminal? Not once never?
View in context
Similar questions
- I need to talk to Apple Pay support. My card was hacked a few hours after updating new card number.I think my phone is hacked. After updating my Apple Pay account my account was hacked 9341
- Hacked Apple payHow do I cancel transactions made through my Apple Pay ? 8741
- Apple Pay how to stop a random person adding my card to their account I received an unexpected text. Which looks suspicious, but how do I know if I am at risk. Also this does not look like it is from Apple Pay?[Image Edited by Moderator to Remove Personal Information] 15463
49 replies
Loading page content
Page content loaded
Question marked as Top-ranking reply
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Feb 29, 2024 2:23 PM in response to Dcctx12
So, from day one you added the card to Apple Pay and have used Apple Pay on your iPhone for every transaction since?
You’re saying you’ve never swiped your card or inserted your card in a transaction terminal? Not once never?
Reply
Link
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Jan 30, 2024 10:36 AM in response to bobdigital
So, Apple Card has 3 sets of numbers. One number is the mag stripe/chip, another number is the virtual number you can change in the Apple Wallet/Apple Card. The third number is the device number. That’s the encrypted number that only the bank has the key to. The other 2 numbers are the standard 16 digit number. But the length of the device number is unknown. The last 4 digits of the device number are disclosed in the Wallet app and this is to facilitate returns and refunds.
The first 6 digits for the 16 digit card number identifies the bank (BIN). The link below may help.
https://chargebacks911.com/bank-identification-numbers/
If I’m a fraudulent actor I target a single bank using the first 6 numbers. Then I attack a merchant account with a list of numbers behind the 6 digit BIN target. It’s random, but it works. The first transaction is usually small so as not to attract attention. Those account numbers that get a successful transaction are recorded and exploited at a later date.
Reply
Link
User profile for user: Lawrence Finch
Lawrence Finch
User level: Level10 207,974 points
Jul 16, 2024 3:34 PM in response to dene15
Your tickets were also on the sellers website. If it was Ticketmaster they were hacked big time, their entire customer base was stolen. That’s much more likely than your Apple Wallet being hacked.
Reply
Link
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Jan 27, 2024 5:35 PM in response to bobdigital
Yes, your statement is correct and the raw (decrypted) data is encrypted and neither Apple or your iPhone has the raw data. The encrypted data is transmitted to the bank and they verify the data is good and authorize (verify) the card to be added to Apple Wallet. The bank and only the bank has the key to decrypt the data. Any raw data entered via device is deleted and only encrypted data is stored on device or Apple servers.
When a transaction is started, a one time use token (encrypted) is generated and used throughout the transaction process. All the merchants ends up with is an approval or a decline, transaction number and last four digits of the token/device number, that can be used as an identifier in case of refund or dispute. If Apple Pay is used, the merchant has very little information and none is really usable.
Sharing an MFA code is more likely or hacking an Apple ID/iCloud account. My Apple ID account password is over 35 characters. It’s easy to remember too.
Reply
Link
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Jan 11, 2024 2:48 PM in response to Datkutiekisha
Wow, you didn’t read my reply. I’ll copy and paste it again for your convenience. You need to secure your Apple ID Account before more cards are compromised.
>>No, Apple Pay cannot be >hacked<. All the numbers credit/debit cards on your iPhone are encrypted. Your iPhone doesn’t have the key to decrypt, Apple doesn’t have the key, the merchant doesn’t have the key, only your bank has the key.
However, humans make mistakes. If you were tricked into revealing your Two Factor Authentication code or your Apple ID Account was hacked, the issue is on you.
You need to change the password to your Apple ID and remove any devices you do not recognize listed on your Apple ID Account.<<
Reply
Link
User profile for user: Lawrence Finch
Lawrence Finch
User level: Level10 207,974 points
Jan 27, 2024 1:27 PM in response to bobdigital
bobdigital wrote:
Jeff you seem to be well informed so had a question. Today someone attempted fraud using what GS says was Apple Pay. It was declined bc of a mismatch of information (what I assume was my Apple Card # and the date/CVV). I have not shared my 2FA with anyone nor did I receive any 2FA request on my Apple devices prior to the attempted fraud. I have never used my physical Apple Card nor have I entered my digital Apple Card # into any payment gateway. I have only used my Apple Card via Apple Pay 1) online and 2) via Apple Pay in a few physical stores. All this said, they want me to change my Apple ID password. I don't mind doing it, but I haven't seen any signs of someone trying to login in with a compromised ID/Pass anywhere so I don't believe that's how the fraud happened. Do you think someone just used an emulator to try random 16-digit combinations of credit cards #s with random expiration dates and CVVs?
Most likely one of the stores where you used Apple Pay was hacked, and your card number and expiration were stolen, then someone tried to add the card using that information to their Apple Pay, which failed, of course.
Reply
Link
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Jan 27, 2024 5:14 PM in response to bobdigital
Yes, a mass attack is certainly a possibility. These attacks are know as a brute force BIN attacks. Fraudulent actors gain access to a smaller business with weak security. They know the first 6 digits of the credit card is the Bank Identification Number (BIN) and put through tens of thousands of numbers and collect the hits that work. Then they use the numbers in a website and collect the transactions.
Reply
Link
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Mar 20, 2024 9:26 AM in response to jlsycks
What do you mean by the Wallet’s >insignia<?
If you want to assume that the Wallet was compromised, all they would have been able to retrieve was encrypted data that your bank put there as part of the provisioning of the card for addition to Apple Wallet. How did the >hackers< gain access to the key, that only the bank has?
Reply
Link
User profile for user: Lawrence Finch
Lawrence Finch
User level: Level10 207,974 points
Aug 21, 2024 7:36 AM in response to 17_85_61
17_85_61 wrote:
My debit card on Apple Pay has been hacked, my bank account I’ll not take responsibility
Yes, your DEBIT CARD has been hacked. It has nothing to do with Apple Pay. If you contact your bank’s fraud department they will fix it, cancel the compromised card, and issue you a new debit card.
Reply
Link
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Aug 21, 2024 9:40 AM in response to Ih8protesters
You have a lot of your information incorrect. The data breach was for a company that verifies social security information. It does not oversee credit scores. Your information is incorrect and misleading.
The company has nothing to do with credit cards. Employers and banks would not have disclosed information to the company. The company would not have access to anyone’s credit information either.
No one has infiltrated Apple security measures or Apple Pay.
Again, the recent breach contained names, social security numbers, DOB, and past addresses. That’s it. You are spreading FUD, Fear, Uncertainty and Doubt.
Here’s how your credit card information was compromised. You used your credit card by swiping or inserting the chip. The data was skimmed or shimmed. Information is sold on the Dark Web along with some of your personal information. The information is purchased by a fraudster and added to their Apple device. The issuing bank and payment network operator (MasterCard, Visa, AmEx etc.) verify the card and send Apple a token. The token is added to the fraudsters wallet app and now they can make Apple Pay transactions.
Virtually nothing you wrote is factual or involved with the fraudulent activity on your account.
Reply
Link
User profile for user: Phil0124
Phil0124
Community+ 2024 User level: Level10 203,129 points
May 8, 2024 10:27 AM in response to Stolenfrom
Stolenfrom wrote:
I have two $500 charges on Apple Pay that I did not authorize and I don’t know how they did it. I want to see if the money can be refunded thanks.
Contact your Card issuer or bank and the merchant the charges are from to dispute the charges.
click here ➜ See your Apple Pay transaction history - Apple Support
Reply
Link
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Jan 11, 2024 6:03 AM in response to RobShaw2222
No, Apple Pay cannot be >hacked<. All the numbers credit/debit cards on your iPhone are encrypted. Your iPhone doesn’t have the key to decrypt, Apple doesn’t have the key, the merchant doesn’t have the key, only your bank has the key.
However, humans make mistakes. If you were tricked into revealing your Two Factor Authentication code or your Apple ID Account was hacked, the issue is on you.
You need to change the password to your Apple ID and remove any devices you do not recognize listed on your Apple ID Account.
Reply
Link
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Jan 30, 2024 12:19 PM in response to Lawrence Finch
One of the biggest loopholes is the transit card feature. The transit companies security is fairly low, in my opinion, and data is being captured when people use that feature. But the real problem was Visa and MasterCard. This security issue was mostly, if not completely plugged last year. But if devices aren’t updated etc., issues can continue. It also took Visa a while to acknowledge their issue and block the exploit on their side. You can search the internet for much the details.
Just like on the forums here, many things you’ll read on the internet refer to Apple Pay being hacked, when it reality it’s just simple fraud on their Apple Cash account. The account holder/owner sends money for the purchase of goods or services and disappears. But the post you’ll read is “My Apple Pay was Hacked!”
Another method of fraud is numbers sold on the dark web. These are usually attained by fraudulent actors using a skimmer (collects data off mag stripe) or a shimmer (collects data off the chip) when the physical card is used for transactions. The number is then sold on the Dark Web and can be added to an Apple Pay account.
Reply
Link
User profile for user: Jeff Donald
Jeff Donald
User level: Level7 20,444 points
Feb 25, 2024 7:58 AM in response to Hev6969
No, your credit card number was skimmed or shimmed. Skimming is when you swipe your card and the magnetic data is captured by a device called a skimmer. Fraudulent actors then enter the data online or create a fraudulent card (fake) with your data. A shimmer is similar, but captures data off the chip.
Please contact your credit card servicer by call the phone number on the back of the compromised card. When calling ask for the fraud department.
Reply
Link
User profile for user: Lawrence Finch
Lawrence Finch
User level: Level10 207,974 points
Feb 29, 2024 1:51 PM in response to Dcctx12
No, your Apple Pay was not hacked. Your credit card was compromised. It had nothing to do with Apple Pay, which is just one more way to use a credit or debit card, and actually a more secure way than using the actual card because it cannot be”skimmed” by a hacked card terminal.
Reply
Link
Apple Pay has been hacked, what to do?