Apple Pay has been hacked, what to do?

El_jk29 wrote:

my question is how was someone Apple to set up Apple Pay with my card details without me knowing?

Someone has an iPhone. Someone stole your credit card and knows your Apple ID and password. That same someone added your credit card to Apple Pay on their iPhone.

My Apple “wallet” is being charged by a company that I DID NOT access, give my password to or communicate with in any way. My “wallet” is accepting the charge from a website WITHOUT my giving any permission, clicking any buttons, PERIOD. I’ve canceled my bank card. They still continue to “charge” my wallet. It’s now being declined, due to the new card, this means I can’t enter my new card number into the wallet, because they have access to the “wallet.” Nobody has heard of this and my bank is working with me on the card part. I plan to call Apple today to see if they have any insight on this.

I was notified by my bank last night that fraud was suspected. Sure enough, some lowlife attained my debit card information and tried to purchase over $460 worth of items from a Walmart in South Florida. Side note: this absolutely ****** me off because I have memorized all my cards and the expiration dates and the security codes. Anyway, as the person from my bank was asking me about my purchase history over the past 3 days, Apple-pay was mentioned. I have never activated the ability to use this feature. The reason why is because you have to call your bank and verify it and I literally cannot handle tasks like that. I have a phobia over certain, aggravating tasks. I am aware that there was a major data breach 4 days ago that affected 1 out of 3 people. It was the company who the government contracts with to oversee credit scores. So anyone who has recently applied for a credit card, checked their credit score or has purchased something where they ran your credit is affected. Even if you don’t actively go online and check, it’s still a feature connected to my credit card accounts when I pay my bills online.

Nobody has access to my phone. I use facial recognition and all that stuff, however, Apple Pay was activated and it shows a $0.00 balance and the annoying little icon that shows up that I haven’t finished setting up my Apple Pay was gone.

There were small charges from Apple that I DID NOT make. I also have been inundated with spam calls to the tune of 14 per day. The people who call claim they are with Medicare, (I am not old enough for that by a long shot) and I tried to be nice and ask to be removed from their call list, but that hasn’t worked. I am also on the do not call government registry, which obviously isn’t working, just like our elected officials. Since we are evidently behind the 8 ball with AI compared to other countries, maybe they have figured out how to infiltrate Apple’s security measures. If someone did figure it out, it makes sense to hit people’s cards for $1 every other day. I would be mad, but probably dismiss it until it snowballed and I was forced to talk to a bank person. Even if it was a one time charge, I believe at least half the population wouldn’t notice or question anything regarding $1. This stuff is happening and it isn’t conspiracy theories and repeated rhetoric. I came here today because somehow, I was hacked through my phone. If people are clever enough to hack into Microsoft (don’t believe for one minute that their own program accidentally sent out an update or whatever they claim) that globally affected businesses and flights for DAYS, I can’t accept all of these issues are accidental in nature. The credit bureau has ALL our information. Our SS numbers, DOB and phone numbers….so this latest breach is a major issue for most of us.

How many times have you used OMNY in the recent past? I ask because it is not a real time system. OMNY records each transaction in its system, then actually charges the payment source a day or two later.

So apple pay has a section where you can report an issue and make a statement.

Oh my apologies if that wasn't clear. I should’ve removed the funds earlier but I didnt because I thought access to the cash would've been blocked after I did that process. I’ve had an issue with a debit card years before and when I reported it all transactions were blocked so I was sort of expecting the same until I saw a charge this morning to my apple cash.

I’m not sure where you reported the fraud, but Apple Pay and Apple Cash do not have a place to report fraud and make a statement. That may have been when you compromised your data. The place you reported the fraud could have been fraudulent.

You report fraud on Apple Cash to Green Dot Bank or Apple Support (Apple transfers your call to Green Dot). There is no place to report fraud on Apple Pay or Apple Cash.

1. My apple Cash.
2. You can report and issue with a charge and make a statement when you click on the charge. I did it last night and this morning.

The exact same thing happened to me. They hit two of my accounts that I had cards stored, and as soon as I activated the new cards, the same transactions posted for a second time on those! The new cards were never even added to my wallet! Apple Pay can for sure be hacked!!!!

Jeff you seem to be well informed so had a question. Today someone attempted fraud using what GS says was Apple Pay. It was declined bc of a mismatch of information (what I assume was my Apple Card # and the date/CVV). I have not shared my 2FA with anyone nor did I receive any 2FA request on my Apple devices prior to the attempted fraud. I have never used my physical Apple Card nor have I entered my digital Apple Card # into any payment gateway. I have only used my Apple Card via Apple Pay 1) online and 2) via Apple Pay in a few physical stores. All this said, they want me to change my Apple ID password. I don't mind doing it, but I haven't seen any signs of someone trying to login in with a compromised ID/Pass anywhere so I don't believe that's how the fraud happened. Do you think someone just used an emulator to try random 16-digit combinations of credit cards #s with random expiration dates and CVVs?

Thanks Lawrence. Couple of follow ups:

1) Isn't one of the benefits of using Apple Pay that the transaction is encrypted and the merchant never knows/stores the actual credit card #?

2) Unless I was tricked into sharing a code from MFA and authorizing another device, is there any reason to change my Apple ID password? As I understand it, someone cannot log into a new Apple device simply with my user/pass without me authorizing that via MFA

The above comment is not true my Apple Pay was hacked and my card was charged I never revealed any information and I want to know how this happened two different people or hackers it the same hacker different names did it and the scary thing is my phone didn’t let me know, I got an email after the fact 😡😡😡

So, from day one you added the card to Apple Pay and have used Apple Pay on your iPhone for every transaction since?

You’re saying you’ve never swiped your card or inserted your card in a transaction terminal? Not once never?

So how do I stop them from trying to get in my account even though I added and took off two different bank cards the first one they hacked and the second one was brand new and they tried to get in my account again. I don’t recognize the name they are trying to sign in by and it’s scary because I have to have some type of card on my account for my active subscriptions, my watch keeps notifying me to log in to my Apple Pay account and I don’t but they still connect some how

The notice is coming through the Apple wallet. My bank has canceled the original card that you are suggesting was compromised, and still, the hackers tried to access my account through the wallet. I have a screenshot of the attempted charge and the wallet’s insignia as the means for access. My bank has weighed-in that it is through the wallet.

Jeff Donald, I believe that Apple phones have not been hacked until recently. I just wrote a novel explaining why I am on this thread. I certainly wish I had the brains and capability to understand all the recent cyber attacks (or claims of accidental updates being released that effected business operations globally) or the “security breach a few days ago from a third party company that is responsible for our credit scores. Are you kidding me!? Anyone who has applied for a loan, checked their credit score or paid their CC online where this information is located as well as a courtesy, which is most of us, that’s striking gold for some country organization. We don’t even know who is in our country. These could be individuals who have knowledge that we don’t. My Apple Pay was activated and set up, and not by me. That’s a fact. There were attempts to make charges through Apple Pay but I never activated it, and my bank flagged the attempts and has direct proof to back up my claim. Most people also know, especially criminal minded types, that people who have money have iPhone’s. We are arrogant and confident about the security of the device. Someone out there figured out a way.