Can Apple Pay get hacked? (2024)

Jeff Donald

21,703 points

Chase Bank misinformed you. Apple Pay does not get hacked. If you want to read through several of my posts above, you’ll learn about several ways the account holders use their cards and compromise the card’s account information. The most likely scenario was you were at a merchants and you swiped your card or inserted it into the transaction terminal and the data was stolen.

Apple Pay only stores encrypted data. Only Chase Bank has the key to decrypt the card information. So, even if Apple Pay were to be hacked, the hackers couldn’t use the data they stole.

You can contact Chase Bank 24/7 365 days a year by calling the phone number on the back of your credit card(s).

Jeff Donald

21,703 points

Your account(s) could have been compromised weeks or even months ago. Personal and financial information is bought and sold on the Dark Web 24/7. Even after the accounts are closed by the bank, fraudsters will continue to buy and sell the information.

Apple Pay transactions are end to end encrypted and only the bank has the key to decrypt. Card information is compromised by the use of non-encrypted data such as swiping the card or inserting the card and using the chip. Then the merchant ends up with the complete account information in plain numeric format.

Jeff Donald

21,703 points

It requires the authorization of device the card is on. The actual account owner is not required to authorize all charges. In other words if I give my wife my card, she adds it to her wallet and makes a purchase. She authorizes the transaction, not me on my iPhone. If a fraudster adds the card to his iPhone he authorizes the transaction not the account owner. However, the account owner will see the charge. That is what the post sounds like it’s saying, that he didn’t Authorize the transaction. But it’s not required that he authorize the transaction.

So, you entered information on a fraudulent website or website that was hacked and fraudsters. Who is they? You do realize that the card can’t be added without the banks approval? The issuing bank approved and verified that card when it was added to Apple Pay. Did you ask your bank why they verified fraudsters to add the card to Apple Pay? Why did your bank do it?

Lawrence Finch

208,660 points

Bborz wrote:

And Apple knows your face, on your device, where you set up the card. Right?

i’m not trying to be cryptic.

No, Apple does not know your face. Your iPhone knows your face. Your biometric data remains exclusively on your device in encrypted storage on your phone’s processor chip.

thamir78

21 points

never physically used credit, i physically use debit card for atm, debit for gas as most stations in my area dont allow credit, this credit card is only linked to apple pay and i only use apple pay at POS on a daily basis and dont use it for online shopping where it asks card number and CCV.

so unless apple pay can be skimmed like a physical card at POS, i don't know how it got used.

yes i've read the link.

Jeff Donald

21,703 points

The long and the short of it is when your card was added to your iPhone the information was encrypted and the plain information was deleted.

The information was encrypted in the Secure Element, it’s not linked to the main processor or memory. Essentially a self contained computer within a computer. It’s a standard in the banking industry. It’s never been hacked.

The key to decrypt your data rests solely with one entity, your bank. So, go with your idea that your information is compromised, how did the scammers decrypt the information?

I can go on to describe tokenization so that when the bank issues a token it’s good for only one use and all the numbers dynamically change for the next transaction.

Or, is it more likely your credit information on your chip or magnetic strip was skimmed or shimmed, sold on the dark web and dozens, maybe even hundreds of scammers purchased the information, made counterfeit cards, with chips and are using them fraudulently.

Fraudsters can use the numbers, add them to Apple Pay and make fraudulent charges. Apple doesn’t approve or decline adding cards to Apple Pay. Approving cards for Apple Pay is the responsibility of the issuing bank and the Payment Network Operator (Visa, MasterCard, American Express etc.).

If you’re absolutely sure you never swiped or inserted the chip and only used Apple Pay, then the more likely compromise was your bank. Banks and credit card companies have had data breaches multiple times.

johnsy435

14 points

I am afraid what you say is incorrect.

In March while I was in Hertfordshire thieves managed to take £1,2000 from my banks account at a restaurant in London by using Apple pay and I certainly gave no authority for a second device to be used.Subsequently I had fraud on a credit card and nobody can explain how this happened.None of of my credit cards or debit card had been lost and were with me.I have no faith whatsoever with Apple pay and all my cards have been replaced and removed from Applewallet.Please explain how this was done.

Lawrence Finch

208,660 points

I’m sure your card was already in Apple Pay, probably with a different card number. Either that, or you share an Apple ID with someone, either intentionally or unintentionally. If you don’t knowingly share an Apple ID with anyone change your Apple ID password immediately→Change your Apple ID password - Apple Support and in addition see this→If you think your Apple ID has been compromised - Apple Support

Jeff Donald

21,703 points

Follow this path,

iPhone > Settings > Accessibility > Side Button > Click Speed > please try Slow or Slowest.

baffledforsure

8 points

Yes still waiting on resolution when I paid all of my bills July 2022 over the phone and all companies had confirmation after paying over the phone and not one received funds. Only common denominator was apple. I have never had bad credit and it’s damaged mine. I asked apple without success of a response blaming the credit union for outdated app. Not possible when I paid other bills off of the phone and were paid fine.

[Edited by Moderator]

herculez17

8 points

Jeff Donald

21,703 points

How was the data decrypted? Did you ask Chase that question? Your data was probably sold to 100’s if not 1000’s of fraudulent actors now using your data, that you compromised. There’s no way you read the article I linked to or researched any of the terms I used. You didn’t take the time to educate yourself, you’re just looking for a scapegoat.

Once you understand what encrypted data is you’ll start to understand that you’re assuming facts that aren’t in evidence.

soquel1

14 points

Jeff Donald

21,703 points

Apple Pay has never been compromised and there was no breach. Thinking Apple Pay can be hacked is the first thing that people think. People never suspect their own activities or use of credit devices and how they potentially compromise their personal information.

Even if you want to continue your assumption that Apple Pay was hacked (which it can’t) how do you explain that all Apple has on it’s servers is encrypted data, all you iPhone has on it is encrypted data, and all the merchant has is encrypted data?

How do the hackers decrypt the data? They would need a key, don’t you agree? Who has the key? Your bank has the key. So please explain how Apple Pay got hacked and while you’re at it explain how they decrypted the data they hacked.

Jeff Donald

21,703 points

Nothing silly when you understand how it can be done. I understand you don’t know what or how it happened. But instead, you choose to come in on the middle of someone else’s discussion and make accusations of what I’ve written is false. Nice introduction.

If you don’t understand something, ask. Be open minded. Your bank made an accusation and you accepted it as fact. They didn’t explain the technology, didn’t take the effort to ask me teach you anything. You come here and make the same accusations. How about we start in the beginning and ask me to explain how you were compromised?

Do you want to learn or be defensive about what Chase Bank support told you? Happy to educate. Just explain the circ*mstances and I’m happy to explain how your data was compromised.