You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Apple Pay was hacked and used

One month. ago someone hacked my bank details and used my bank card. My Bank said that someone used it through Apple Pay. they think that I did the transactions after I sent them the police report too. Could someone help me about this case?

I want my money back, but I don't know how to prove to them that I didn't authorized the transaction.

They told me to solve this issue with the merchant directly.


iPhone 13 mini

Posted on Apr 19, 2023 9:11 AM

Reply
Question marked as Top-ranking reply

Posted on Sep 23, 2023 4:22 AM

It’s generally not a best practice to add a comment to a post just because a common theme (fraud) or word is used. Your situation is different than the posts above.


Apple Card has three unique numbers. One is the physical card number that is used when you swipe the card or insert the card in a chip reader. This is the least secure method of doing a transaction. Information (including card numbers) from these transactions are easily captured and sold on the dark web.


The second number is the virtual number that you have full access to yourself. This number is manually entered into websites for online transactions. This number can be accessed when a merchants site is hacked and customer data acquired. But worse, it’s frequently given out over the phone, written down, sent in texts etc. Again, easily sold on the dark web.


The last number is the most secure and next to impossible to acquire. Your Apple Pay number. Using a secure tokenization process your iPhone creates a unique one time use number for every transaction. The verification process is extremely secure and eliminates any of the first two scenarios above.


Your Apple Card was probably swiped, numbers captured and has been sold numerous times to fraudulent actors. Not sure who told you that number can’t be changed, because it automatically changes with every transaction. Either you misunderstood what the Goldman support person said, or they communicated misinformation to you. Now you’re making assumptions and statements based on misinformation. Sorry, no easy way to put that.


The transactions you’re seeing are declines that the GS system is catching. Most banks hide that data, but GS shows it and shows that it didn’t go through. That’s considered a feature, but most customers find it a distraction. Capital One has recently started doing the same thing, and their customers are wondering about all the declines they are now seeing. I guess they want to highlight their fraud prevention at work.


The only way that Apple Pay can be compromised is by losing control of your Apple ID. Even then, the 6 digit Two Factor Authentication (code) must be acquired to put a device under their control and enter fraudulently acquired account numbers. The 2FA code is acquired through phishing schemes via email, text/Messages, and voice calls. Usually, it comes in the form someone posing as bank personnel or Apple Support and asking for the code they’ll send you. You agree, they put the device under your account and they’re in your Apple ID and proceed to setup Apple Pay and make fraudulent transactions. Even after the bank shuts down the number(s), attempts will continue to be made days, weeks and even months into the future and these are the declines you’re seeing.


What’s being compromised is not Apple Pay or banking systems. What is being hacked is human nature and the lack of understanding how systems work and being gullible to allow ourselves into being conned out of our security credentials.

8 replies
Question marked as Top-ranking reply

Sep 23, 2023 4:22 AM in response to Jeffreychrsmith

It’s generally not a best practice to add a comment to a post just because a common theme (fraud) or word is used. Your situation is different than the posts above.


Apple Card has three unique numbers. One is the physical card number that is used when you swipe the card or insert the card in a chip reader. This is the least secure method of doing a transaction. Information (including card numbers) from these transactions are easily captured and sold on the dark web.


The second number is the virtual number that you have full access to yourself. This number is manually entered into websites for online transactions. This number can be accessed when a merchants site is hacked and customer data acquired. But worse, it’s frequently given out over the phone, written down, sent in texts etc. Again, easily sold on the dark web.


The last number is the most secure and next to impossible to acquire. Your Apple Pay number. Using a secure tokenization process your iPhone creates a unique one time use number for every transaction. The verification process is extremely secure and eliminates any of the first two scenarios above.


Your Apple Card was probably swiped, numbers captured and has been sold numerous times to fraudulent actors. Not sure who told you that number can’t be changed, because it automatically changes with every transaction. Either you misunderstood what the Goldman support person said, or they communicated misinformation to you. Now you’re making assumptions and statements based on misinformation. Sorry, no easy way to put that.


The transactions you’re seeing are declines that the GS system is catching. Most banks hide that data, but GS shows it and shows that it didn’t go through. That’s considered a feature, but most customers find it a distraction. Capital One has recently started doing the same thing, and their customers are wondering about all the declines they are now seeing. I guess they want to highlight their fraud prevention at work.


The only way that Apple Pay can be compromised is by losing control of your Apple ID. Even then, the 6 digit Two Factor Authentication (code) must be acquired to put a device under their control and enter fraudulently acquired account numbers. The 2FA code is acquired through phishing schemes via email, text/Messages, and voice calls. Usually, it comes in the form someone posing as bank personnel or Apple Support and asking for the code they’ll send you. You agree, they put the device under your account and they’re in your Apple ID and proceed to setup Apple Pay and make fraudulent transactions. Even after the bank shuts down the number(s), attempts will continue to be made days, weeks and even months into the future and these are the declines you’re seeing.


What’s being compromised is not Apple Pay or banking systems. What is being hacked is human nature and the lack of understanding how systems work and being gullible to allow ourselves into being conned out of our security credentials.

Sep 23, 2023 7:29 AM in response to Jeffreychrsmith

Not sure how running email security relates to Apple Pay. Please enjoy a little light reading.


Apple Pay security and privacy overview - Apple Support


Apple Pay Overview - Apple Developer


Apple Pay | Apple Developer Documentation


If what you’re saying were true every bank in the world would drop Apple Pay tomorrow. But the fact is Apple Pay is the most secure payment authorization process in the world and banks globally hand over billions of dollars paying for Apple Pay transactions every year. Why? Apple Pay saves them billions more in preventing fraudulent charges.



Apr 19, 2023 1:24 PM in response to bernadett145

bernadett145 wrote:

One month. ago someone hacked my bank details and used my bank card. My Bank said that someone used it through Apple Pay. they think that I did the transactions after I sent them the police report too. Could someone help me about this case?
I want my money back, but I don't know how to prove to them that I didn't authorized the transaction.
They told me to solve this issue with the merchant directly.

Nobody in these user to user forum can help, you'll need to start here Official Apple Support

Aug 28, 2023 6:40 PM in response to bernadett145

The same thing has been happening to me too as well, it’s been almost a year now. it wasn’t until this month my bank said that my apple pay was linked to a token in my bank acc even after removing my cards. i removed the token through chase fraud team but i am still getting charged in all acc even my credit cards business and personal. another weird thing that occurred was my venmo app was removed from my phone and i had to redownload it as if i never had it installed on my phone, this was after a purchase was made w my venmo acc. oddly this has been happening to my niece too, they’ve logged into her clothing accs and the apps disappeared/stopped working on her phone. i seriously believe apple is having a security breach

Sep 22, 2023 11:43 PM in response to Community User

My Apple Pay number was hacked. Goldman Sachs said to change my Apple ID password. I did. It changed my “virtual” card number. But not my Apple Pay number. Two different numbers. I continued to get fraudulent bills (I think someone learned how to hack Apple Pay when purchasing wifi

on a delta flight. Beware). Eventually Goldman admitted I couldn’t change my Apple ID card number. I was getting a fraudulent charge every week. So I canceled. Now what? The virtual number concept makes perfect sense. But that isn’t the card number used for Apple Pay. Which can’t be changed (because someone in Cupertino assumed it could never be hacked).

Apple Pay was hacked and used

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.