I've personally heard of multiple great experiences with iTunes support from multiple people I know. I wanted to reply to this thread to argue my belief that any assumption that Apple, iTunes, and/or iTunes' security is at fault in any of these scenarios is probably an assumption without any sound basis or proof.
I think most of these cases that are actually fraud and not purchases by kids are probably due to being tricked to provide their password and or billing information in response to fraudulent phishing emails. Other causes may be unrelated sources such as unscrupulous online vendors, local places such as restaurants, gas stations, etc. Maybe that place where you pulled over for gas and tried to run your card and it mysteriously didn't work? You hear the stories of people that setup card scanners that look like they're part of the pump or ATM. Maybe you tried to go to the Apple Online Store site, but typed in a Google search instead of a URL, and then visited some fraudulent site that pops up on Google's advertised results. Maybe the charge was on your wireless statement, and one of their support reps that doesn't know a thing about what they're talking about referred you to Apple. That happened to me when I called them about a $10 scam charge that started occurring on my phone statement which showed up from a scam associated with a technique known as "cramming." I asked my wireless rep to speak to a supervisor and got that taken care of. Anyways…
The iTunes Store is one of the largest worldwide online storefronts in the world. Over 400,000,000 iTunes accounts exist according to Wikipedia. I'm sure nobody ever uses a stolen credit card at Wal-Mart… yeah right. So the iTunes Store has tons of music and is reaching nearly a million third-party apps that are only sold for the iPhone, iPad, or iPod touch from the iTunes Store… unfortunately there are ethically challenged people out there that will want to try to acquire this content without using their own funds, and unfortunately there are people out there that make a business out of stealing/acquiring/selling/buying compromised personal and billing information. I don't see how it can be Apple's fault that someone else just happened to have your credit card information and decided to buy something from iTunes.
How could APPLE let this happen? If the necessary measures were taken to prevent all fraud, then Apple would probably run into an issue where 15,000 dollars of legitimate attempted purchases by legitimate people would be lost for every 1 dollar of additional fraudulent purchases that were prevented.
You'd have people freaking out because they'd have 4 kids but only 3 different credit cards, and it wouldn't be possible to use a specific card number on more than one Apple ID that you use for iTunes. They'd have to go exchange the new iPad and buy a pony for their fourth kid. You'd have to go to an Apple Store with a copy of your utility bill, either your social security card or birth certificate, and a photo ID in order to create an iTunes Apple ID. Or whenever you wanted to create an Apple ID, you'd need to fax in high resolution photo-copies of the front and back of your photo ID and credit card. You'd have a thread here with 5000 pages of posts per year instead of 17 pages over 3 years of people all complaining how they were on a trip and they couldn't buy that album, book, or movie because they were in a location other than their authorized desktop computer that they used to create the account 4 years ago which only works with iTunes when they bypass their router and connect the computer directly to their cable modem with an ethernet cord. Even after visiting the Apple Store the first time with their electric bill, they'd need to go back with 2 forms of ID in order to authenticate their new iPhone or iPad with their account. One of ten potential users would give up trying to use iTunes due to their inability to provide billing information in a standardized format or in a format that precisely matches the information their bank or credit card company has on file.
I'd assume 75% or more of the "unauthorized" or "fraudulent" purchases that people report are actually legitimate purchases made by people's family members (probably often young children). "But my kid is 4 years old and couldn't have done this because he can't read and does not know my password!" That is what my neighbor said when he contacted iTunes and was told that the $200 or so of charges that hit his bank over 1 or 2 days appeared to be "In-App Purchases" from within a free app/game he had allowed the kid to download. The iTunes person was able to help him as an exception and explained to him how to set restrictions to ensure his child didn't puchases without his permission. By default there is a 15 minute time-frame after you enter your password for your kid so they can download their free game... hand the kid an iPad with a signed in iTunes Apple ID that has a $5,000 limit CC on file and they have a free ticket for a 15 minute shopping spree... and while a 4 year old may not understand what the $100 price tag means, they do understand that a treasure chest of gems or coins is better than a sack of coins or 3 individual gemstone. Fifteen minutes go by with your kid playing the game, and 2 days later you notice a page of transactions of $9.99, $49.99, $99.99, etc. on your bank or credit card statement. Just because there were not restrictions set by the guardian of the child does not mean there is a hole in Apple's security.
Per the iTunes Store Terms and Conditions (URL: http://www.apple.com/legal/itunes/us/terms.html#SALE ) that everyone must agree they've read and understand before accessing the iTunes Store:
"In order to purchase and download App and Book Products from the App and Book Services, you must enter your Apple ID and password to authenticate your Account. Once you have authenticated your Account, you will not need to authenticate again for fifteen minutes. During this time, you will be able to purchase and download App and Book Products without re-entering your password. You can turn off the ability to make App and Book Product purchases by adjusting the settings on your computer or iOS Device. For more information, please see http://support.apple.com/kb/HT1904 or http://support.apple.com/kb/HT4213. "
In other words, this means updating to iOS 5 or later and going to Settings > General > Restrictions on your iPhone, iPad, or iPod touch, tapping "Enable Restrictions," choosing a restrictions passcode, and then scrolling down and making sure that the "Require Password" setting is changed to "Immediately" instead of "15 minutes" in the various items contained in the "Allowed Content" section of the Restrictions settings. Anyone that has young children using the devices should also set "In-App Purchase" to "OFF."
Here are articles about iOS restrictions and "In-App Purchases."
iOS: Understanding Restrictions - http://support.apple.com/kb/HT4213
iTunes Store: About In-App Purchases - http://support.apple.com/kb/HT4009
If you're not going to supervise your children or take the necessary due diligence to understand the powerful hand-held computer's they're using, you should make sure they use their own Apple ID with no PayPal or credit card setup, or remove the payment type from your Apple ID. You can still download free stuff with no payment type.
iTunes Store: Changing Account Information - http://support.apple.com/kb/HT1918
Creating an iTunes Store, App Store, iBookstore, and Mac App Store account without a credit card - http://support.apple.com/kb/HT2534
If you've noticed a bunch of unrecognized charges and you have kids that may use your iPhone, iPad, or iPod touch sometimes, I'd recommend checking your iTunes purchase history ( WHICH CANNOT BE VIEWED AT A WEBSITE ). If you think your kid doesn't have an account, go to "Settings" > "Store" or "Settings" > "iTunes and App Stores" on the iPhone, iPad, or iPod touch, and check what is listed as the Apple ID. Make sure you're signed in and viewing the purchase history within iTunes that is installed on your computer with that Apple ID.
iTunes Store & Mac App Store: Seeing your purchase history and order numbers - http://support.apple.com/kb/HT2727
If charges just randomly started showing up on the credit card statement and you don't have kids or family members that could have made purchases and they're not showing in your iTunes ( not Apple Online Store ) purchase history, then your credit card was probably stolen at the restaurant or gas station. Or... you provided it to a illegimate source after being fooled by a fraudulent phishing email. In order for someone to use a credit card on iTunes, they need your full credit card number, expiration date, and security code. This is not information that you can get by signing into someone's iTunes account. Whether your name, address, and phone number is required or not for a transaction to be authorized by your bank or CC company is something that is decided on the bank or CC side.
Do not be fooled by fraudulent "phishing" and "spoofing" emails. It's too easy for the fraudsters when you just give them your information and they don't even have to take it. This isn't just applicable to iTunes. See the info below:
Identifying legitimate emails from the iTunes Store - http://support.apple.com/kb/HT2075
Identifying fraudulent "phishing" email - http://support.apple.com/kb/HT4933
Also included in the iTunes Terms and Conditions:
"As a registered user of the App and Book Services, you may establish an account ("Account"). Don’t reveal your Account information to anyone else. You are solely responsible for maintaining the confidentiality and security of your Account, and for all activities that occur on or through your Account, and you agree to immediately notify Apple of any security breach of your Account. Apple shall not be responsible for any losses arising out of the unauthorized use of your Account. "
In other words, it is your responsibility to have the online equivalent of "street smarts" so that you can maintain the security of your personal information and billing information.
If you think your account has been compromised, you should immediately contact Apple. You should also visit the http://appleid.apple.com site DIRECTLY ( not via a potentially fraudulent link in a phishing email ) and change your Apple ID password and security questions immediately . You should ALSO change the password of your email account (i.e.: your Gmail, Yahoo, MSN, Live, Hotmail, etc.) You should change the password of any social network site that used your old password to something different than your Apple ID password. Adding a "RESCUE EMAIL ADDRESS" in "Password and Security" at http://appleid.apple.com is something Apple recently let us do that can significantly increase the security of your account. This makes it to where password reset and security question reset emails go to the "RESCUE EMAIL" which can't be the same as the primary. This prevents someone from being able to reset your password and security information in the event your primary email account is compromised.
Here are articles that explain the rescue email and that provide general tips for protecting account security:
About the rescue email address - http://support.apple.com/kb/HT531
Apple ID: Tips for protecting the security of your account - http://support.apple.com/kb/HT4232
