Apple Pay has been hacked, what to do?

The bank that issued the credit or debit card used for the charges approved the fraudulent transactions. Please contact the issuing bank for card used. Their phone number is usually printed on the back of the card. Do not delay in contacting the bank. You have only 60 days to notify the bank of the fraudulent charges and protect your consumer rights.

Stolenfrom wrote:

I have two $500 charges on Apple Pay that I did not authorize and I don’t know how they did it. I want to see if the money can be refunded thanks.

You can’t have charges on Apple Pay; it is just a passthrough for your registered credit cards. The charges were made on a card. Contact the card issuer.

Jeff Donald wrote:

I should use more emojis when I post.

Please, no!

No one can connect to your Apple Pay account unless they know your Apple ID and password.

It sounds like your Apple ID is compromised. You should update your password if you haven’t done so already.

It is. Apple Pay cannot be hacked. It lives exclusively on your devices, so the only way to use it, is to get physical access to your iPhone, iPad or Mac.

If you explain why exactly you think it was hacked, someone may be able explain what happened and advise a course of action.

The exact same thing happened to me. They hit two of my accounts that I had cards stored, and as soon as I activated the new cards, the same transactions posted for a second time on those! The new cards were never even added to my wallet! Apple Pay can for sure be hacked!!!!

Jeff you seem to be well informed so had a question. Today someone attempted fraud using what GS says was Apple Pay. It was declined bc of a mismatch of information (what I assume was my Apple Card # and the date/CVV). I have not shared my 2FA with anyone nor did I receive any 2FA request on my Apple devices prior to the attempted fraud. I have never used my physical Apple Card nor have I entered my digital Apple Card # into any payment gateway. I have only used my Apple Card via Apple Pay 1) online and 2) via Apple Pay in a few physical stores. All this said, they want me to change my Apple ID password. I don't mind doing it, but I haven't seen any signs of someone trying to login in with a compromised ID/Pass anywhere so I don't believe that's how the fraud happened. Do you think someone just used an emulator to try random 16-digit combinations of credit cards #s with random expiration dates and CVVs?

Thanks Lawrence. Couple of follow ups:

1) Isn't one of the benefits of using Apple Pay that the transaction is encrypted and the merchant never knows/stores the actual credit card #?

2) Unless I was tricked into sharing a code from MFA and authorizing another device, is there any reason to change my Apple ID password? As I understand it, someone cannot log into a new Apple device simply with my user/pass without me authorizing that via MFA

You shouldn’t have to change your Apple ID password unless you got tricked into providing a 2FA code in an email or text.

Think about it for a minute: If the merchant doesn’t know a credit card number, how are they going to submit a bill to it? The number used in an Air Pay transaction is different from the number on the card, it’s chip or its mag stripe, but it still has to be a billable number.

This seems like what likely happened. I requested a new virtual card number and enabled automatic changing of my security code periodically. Whoever purchased my information has had declined transactions over the last 3 days to the same merchant so we'll see if this stops it. I doubt my apple id was compromised because I haven't received any MFA requests that I haven't initiated myself.

Jeff Donald wrote:

If I’m a fraudulent actor I target a single bank using the first 6 numbers. Then I attack a merchant account with a list of numbers behind the 6 digit BIN target. It’s random, but it works. The first transaction is usually small so as not to attract attention. Those account numbers that get a successful transaction are recorded and exploited at a later date.

I recently got a potential fraud alert from my bank; a purchase for $18.05 was made using my card number (not an Card, but in Apple Pay) on Etsy; did I make that purchase? The alert said the card had been suspended pending my response. This specific charge was not mine, although I have used that card on Etsy in the past, and I use it online with other merchants routinely. So I have no idea how they identified it as fraudulent, but I was impressed. They have been slow to send a replacement card after canceling it, however.

The above comment is not true my Apple Pay was hacked and my card was charged I never revealed any information and I want to know how this happened two different people or hackers it the same hacker different names did it and the scary thing is my phone didn’t let me know, I got an email after the fact 😡😡😡

So how do I stop them from trying to get in my account even though I added and took off two different bank cards the first one they hacked and the second one was brand new and they tried to get in my account again. I don’t recognize the name they are trying to sign in by and it’s scary because I have to have some type of card on my account for my active subscriptions, my watch keeps notifying me to log in to my Apple Pay account and I don’t but they still connect some how

My Apple “wallet” is being charged by a company that I DID NOT access, give my password to or communicate with in any way. My “wallet” is accepting the charge from a website WITHOUT my giving any permission, clicking any buttons, PERIOD. I’ve canceled my bank card. They still continue to “charge” my wallet. It’s now being declined, due to the new card, this means I can’t enter my new card number into the wallet, because they have access to the “wallet.” Nobody has heard of this and my bank is working with me on the card part. I plan to call Apple today to see if they have any insight on this.