Can Apple Pay get hacked?

What do i do if my apple pay has numerous charges that are nit mine

NOT true - I had 4 fraudulent charges on my card and when I called Chase, they said all 4 charges were done on Apple Pay somewhere in India. They could not answer the question "How is that possible?" None of my devices were lost or stolen so I've now lost confidence that Apple Pay is any more secure than a physical card.....

Any chance it was an overseas “hardware store”???Same happened to us. The credit card we had on Apply Pay got compromised and cancelled (the hardware store). So Chase issued a new card and added it to my Apple Pay without me knowing (by associating my new card to my Digital Account Number/Token). Fraud charges on the NEW card before I ever used it! Chase says someone hacked my Digital Account.

Apple Pay has never been hacked by accounts being sold as Littyma suggests. The use of one time use tokens instead of actual card data and the verification process that Apple and your banks use makes hacking nearly impossible.

If you lost your iPhone and the thief had your passcode, they could use your iphone to make unauthorized purchases via Apple Pay, but that is hardly hacking.

If the iPhone owner was tricked into revealing their 2FA code to a thief that would work, but that’s not hacking either.

So, hacking is virtually out of the question. The the actual card details can be stolen by hackers, but that wouldn’t involve Apple Pay. Neither Apple or you phone store the card data in unencrypted form. Apple Pay only has encrypted data which is useless to hackers. You and the bank have card details. The merchant also has the details if you don’t use Apple Pay.

Merchants/point of transaction, account owners and credit card companies banks are who is being hacked. Not Apple Pay or similar services.

For anyone in this situation, I cracked the code nearly a month later. I used my Chase debit card in my Apple Wallet at a KwikTrip and inserted my pin, which for the longest time I believed you had to do in order for something to be charged on a debit card. What’s funny is my purchase was only $1.69, and the fraudulent charges that followed were hundreds of dollars. Remove your cards from your Apple Wallet and start fresh - Chase sent me a new card after the first incident and it automatically updated in my Apple Wallet, so MORE fraudulent charges appeared before the card was even shipped over to me. I’ve since added my brand new card (new Chase account and credentials) to my Apple Wallet and have used it with no problems. If anyone else is like me and has been entering their pin at places like gas stations (though this was my first time even doing so inside the store as I don’t drive), make sure you don’t do that anymore! Hope everyone can get their charges reversed and be protected moving forward.

Contact the bank that issued the credit or debit card used for the fraudulent transaction. Apple Pay does not approve or decline charges. Apple Pay only securely transmits the data associated with your card. Your credit card issuer approved the charge and you need to dispute the charge. Please use the phone number on the back of the card and talk to their fraud support team.

I think the general reaction is to want to blame something we don’t understand, like Apple Pay. Banks told people how safe credit cards were and people believed them. Then they were told to use a chip, it was more secure than swiping and people believed them. Well, now you have something people truly don’t understand and when their credit card is compromised, they blame what they don’t understand, Apple Pay. They also don’t want to accept responsibility for sometime comprising their own account by giving out their 2FA code to fraudsters posing as the bank or Apple. Social engineering by fraudsters is real and is more common than people want to admit. Just my opinion. 😀

I’ll respectfully disagree with you. If my card was skimmed, shimmed, copied, etc, it still needs to be added to someone’s digital wallet. In order to do that two factor authorization needs to take place and that did not happen. Just because someone has your credit card number does not give them access to adding it to MY digital wallet without me knowing.

Apple Pay is a payment system that acts as an intermediary between your payment method (credit/debit card), merchant and your bank. Apple prevents the merchant and hackers from accessing your payment information and your personal information. It keeps you more secure, not less.

Apple Pay only has encrypted data. Hackers have no way of decrypting the data, they don’t have the key. You don’t have the key, your iPhone doesn’t have the key, merchant doesn’t have the key, Apple doesn’t have the key. The only entity that has the key is your bank.

The most likely way the fraudulent actors gained access was through skimming, shimming, your Apple ID Account or scamming you out of your Two Factor Authentication (2FA) security code. Yes, account owners are the weakest link in the chain, you, me and everyone else that too easily discloses account information. It’s called social engineering.

Here’s a good explanation of how hackers use social engineering to trick people. The article is by IBM.

https://www.ibm.com/topics/social-engineering

Your bank information was obtained and probably sold on the Dark Web. It probably been sold to 100’s, possibly 1000’s of fraudulent actors. Now that Chase is aware that your data is compromised, they’ll be able to stop future charges. But it’s now in your best interest for you to learn about how hackers work and take action to prevent it from happening in the future. Please read the information in my posts above and the links I’ve provided.

Chase Bank misinformed you. Apple Pay does not get hacked. If you want to read through several of my posts above, you’ll learn about several ways the account holders use their cards and compromise the card’s account information. The most likely scenario was you were at a merchants and you swiped your card or inserted it into the transaction terminal and the data was stolen.

Apple Pay only stores encrypted data. Only Chase Bank has the key to decrypt the card information. So, even if Apple Pay were to be hacked, the hackers couldn’t use the data they stole.

You can contact Chase Bank 24/7 365 days a year by calling the phone number on the back of your credit card(s).

Maybe you can explain the following scenario. I do understand what you said but here's what happened to me.

I had 4 physical credit cards in my hand bag while vacationing in Las Vegas. 2 of those cards were in Apple wallet. I did not take any of the physical cards out of my wallet while I was there, nor did I make any Apple wallet purchases. (husband used his cards and no problem) How is it only the 2 cards that were "stolen" were in Apple Wallet? If I got "hijacked" on open Wi-Fi or hand bag got scanned by someone walking by, why didn't they abuse 4 cards? which one of the 3 scenarios is most likely the culprit?

It requires the authorization of device the card is on. The actual account owner is not required to authorize all charges. In other words if I give my wife my card, she adds it to her wallet and makes a purchase. She authorizes the transaction, not me on my iPhone. If a fraudster adds the card to his iPhone he authorizes the transaction not the account owner. However, the account owner will see the charge. That is what the post sounds like it’s saying, that he didn’t Authorize the transaction. But it’s not required that he authorize the transaction.

So, you entered information on a fraudulent website or website that was hacked and fraudsters. Who is they? You do realize that the card can’t be added without the banks approval? The issuing bank approved and verified that card when it was added to Apple Pay. Did you ask your bank why they verified fraudsters to add the card to Apple Pay? Why did your bank do it?

The third parties are the bank that issued the card and Payment Network Operator (MasterCard, Visa, American Express, Discover etc.). The weakest part of the system is the user. Talk to any fraud investigator and they’ll tell you the weakest link is the human element, the account holder and the bank support personnel.

People don’t understand the technology, so that must be the issue. Americans are much slower to adopt new technology. Acceptance of Apple Pay, and similar payment services have much wider acceptance in Europe and Asia. Americans fear what they don’t understand.

Everyone wants an explanation of how they were hacked. They can’t explain how the technology was hacked, but they know they’re infallible and the bank told them it’s Apple Pay. Just ask the bank CEO why the bank approved adding stolen credit card credentials to a fraudsters iPhone? What do you think his answer will be?

Bborz wrote:

And Apple knows your face, on your device, where you set up the card. Right?

i’m not trying to be cryptic.

No, Apple does not know your face. Your iPhone knows your face. Your biometric data remains exclusively on your device in encrypted storage on your phone’s processor chip.

never physically used credit, i physically use debit card for atm, debit for gas as most stations in my area dont allow credit, this credit card is only linked to apple pay and i only use apple pay at POS on a daily basis and dont use it for online shopping where it asks card number and CCV.

so unless apple pay can be skimmed like a physical card at POS, i don't know how it got used.

yes i've read the link.