Apple Pay has been hacked, what to do?

No, your credit card number was skimmed or shimmed. Skimming is when you swipe your card and the magnetic data is captured by a device called a skimmer. Fraudulent actors then enter the data online or create a fraudulent card (fake) with your data. A shimmer is similar, but captures data off the chip.

Please contact your credit card servicer by call the phone number on the back of the compromised card. When calling ask for the fraud department.

Wow, you didn’t read my reply. I’ll copy and paste it again for your convenience. You need to secure your Apple ID Account before more cards are compromised.

>>No, Apple Pay cannot be >hacked<. All the numbers credit/debit cards on your iPhone are encrypted. Your iPhone doesn’t have the key to decrypt, Apple doesn’t have the key, the merchant doesn’t have the key, only your bank has the key.

However, humans make mistakes. If you were tricked into revealing your Two Factor Authentication code or your Apple ID Account was hacked, the issue is on you.

You need to change the password to your Apple ID and remove any devices you do not recognize listed on your Apple ID Account.<<

Stolenfrom wrote:

I have two $500 charges on Apple Pay that I did not authorize and I don’t know how they did it. I want to see if the money can be refunded thanks.

You can’t have charges on Apple Pay; it is just a passthrough for your registered credit cards. The charges were made on a card. Contact the card issuer.

Don't let you bank off the hook. If someone added your card to another device, it is the bank that must approve it. Apple does not approve/deny cards when added to your Wallet, because they don't have any information about the cardholder.

The response you got from your bank is the normal tier 1 response you can expect when they don't want to investigate it any further. You are going to have to officially dispute the charges with your bank and will be transferred to their fraud department. Banks are bound by the CFPB to dispute charges when requested. If they still do not want to help, file a complaint with the CFPB. This will force the bank to respond within 15 days after the complaint is filed. Review the page from the CFPB about filing the complaint and include as much information and especially documentation as you can.

https://www.consumerfinance.gov/complaint/

No, Apple Pay cannot be >hacked<. All the numbers credit/debit cards on your iPhone are encrypted. Your iPhone doesn’t have the key to decrypt, Apple doesn’t have the key, the merchant doesn’t have the key, only your bank has the key.

However, humans make mistakes. If you were tricked into revealing your Two Factor Authentication code or your Apple ID Account was hacked, the issue is on you.

You need to change the password to your Apple ID and remove any devices you do not recognize listed on your Apple ID Account.

Most likely your card was either skimmed or shimmed. Skimming gathers card information off the magnetic strip on the card. This typically is done at gas stations, ATM machines or convenience stores. Shimming is similar but gathers data from the chip. Once a fraudulent actor has the data they can sell it on the Dark Web and/or make hundreds of fake credit cards. The information can be added to an Apple or Android device and digital wallets can be used for transactions online and in person.

Apple is not a bank and only stores and has access to encrypted card information. iPhone is a secure device that transmits encrypted data between your iPhone, the merchant, Payment Network (Mastercard, Visa etc.) and the issuing bank. Apple, your iPhone and the merchant do not have the key to decrypt the data. Only the issuing bank has the key. Only the issuing bank can approve or decline any transaction.

Call the fraud department at the issuing bank of the compromised credit card(s). The number is on the back of the card. You may also file a police report. M

It is your bank that is responsible for unauthorized charges and you will need to dispute them with your bank. To address your other concerns:

• It is the bank that authorizes cards to be added to Apple Pay. Your bank has the details about your account that is not given to Apple to make that decision. It is also your bank that authorizes charges when using Apple Pay.
• Yes there was a well reported data breach that contained millions of records. The breach was at National Public Data and has nothing to do with Apple.
• If your number is available to scammers, you are going to get those calls including the famous Medicare scams. Medicare has a whole page dedicated to these scams. You are correct, it does not matter if you are on a National Do Not Call registry because they don't follow the rules and are using spoofed numbers that most likely originate from out of the country. This is not an issue with Apple's security measures.
• In addition to the security breach, credit card numbers are captured every day through skimmer devices attached to retail terminals. This is most common at gas stations where the thief can install them overnight with little interruptions, but of course can happen anywhere. If the card has also been added to your Wallet app, you will see the charge there when the thief uses it. That does not mean that the charge originated from your phone or Apple Pay leaked your info.

17_85_61 wrote:

My debit card on Apple Pay has been hacked, my bank account I’ll not take responsibility

Yes, your DEBIT CARD has been hacked. It has nothing to do with Apple Pay. If you contact your bank’s fraud department they will fix it, cancel the compromised card, and issue you a new debit card.

The bank that issued the credit or debit card used for the charges approved the fraudulent transactions. Please contact the issuing bank for card used. Their phone number is usually printed on the back of the card. Do not delay in contacting the bank. You have only 60 days to notify the bank of the fraudulent charges and protect your consumer rights.

Do you ever use Apple Cash online at a merchant’s online store or via an app? Anytime you manually enter the card number you put your information at risk. The other possibility is a Visa hack, known Visa-L1 Attack, which requires a Visa card to be used for the Transit card option. I was under the impression that Visa plugged the vulnerability in 2023.

Technically speaking the transit payment option and Apple Pay have much different security levels. You can contact an Apple Cash specialist at Green Dot Bank. You should also contact Visa about the fraud. They released a public statement a year ago or more that said their users were protected.

Apple Cash is a service that’s administered by Green Dot Bank. Contact an Apple Cash Specialist at Green Dot Bank by calling (877)-233-8552 or by calling 1-800-MY-APPLE

https://applecash.greendot.com/termsconditions/

Apple Pay has never been hacked. If you have unauthorized charges on your account, talk to the bank that issued the card and accepted and authorized fraudulent transactions.

Stolenfrom wrote:

I have two $500 charges on Apple Pay that I did not authorize and I don’t know how they did it. I want to see if the money can be refunded thanks.

Contact your Card issuer or bank and the merchant the charges are from to dispute the charges.

click here ➜ See your Apple Pay transaction history - Apple Support

Apple Pay is contained in its own System on a Chip (SOC) and does not use any of the iPhones resources. It runs its own operating system and has never been hacked. It’s authorized and used by virtually every bank in the world. It called the Secure Element and then Apple’s Secure Enclave.

https://en.m.wikipedia.org/wiki/Secure_element

https://en.m.wikipedia.org/wiki/Security_and_privacy_of_iOS

I explained in my prior post how your credit or debit card was used with Apple Pay. It didn’t take some cyber genius. It took a teenager with access to an iPhone and the internet connection and bitcoin. A simple shopping trip on the dark web and the person bought probably 100 accounts with personal information for about $200 to $300 total. Then he just has to add it to an iPhone and it’s ready to go. Your bank has poor security and you do not have Two Factor Authentication on your bank information. Personally, I’d switch banks.

You have a lot of your information incorrect. The data breach was for a company that verifies social security information. It does not oversee credit scores. Your information is incorrect and misleading.

The company has nothing to do with credit cards. Employers and banks would not have disclosed information to the company. The company would not have access to anyone’s credit information either.

No one has infiltrated Apple security measures or Apple Pay.

Again, the recent breach contained names, social security numbers, DOB, and past addresses. That’s it. You are spreading FUD, Fear, Uncertainty and Doubt.

Here’s how your credit card information was compromised. You used your credit card by swiping or inserting the chip. The data was skimmed or shimmed. Information is sold on the Dark Web along with some of your personal information. The information is purchased by a fraudster and added to their Apple device. The issuing bank and payment network operator (MasterCard, Visa, AmEx etc.) verify the card and send Apple a token. The token is added to the fraudsters wallet app and now they can make Apple Pay transactions.

Virtually nothing you wrote is factual or involved with the fraudulent activity on your account.

Your Apple Wallet is never charged, it is a passthrough for credit and debit cards. But the wallet itself is never involved it a transaction. Payment methods you have in your Apple wallet can be defrauded, but that does not mean the wallet had anything to do with the transaction. A credit or debit card can be compromised in many ways, but not through Apple Wallet.