New Credit Card added to my Apple Wallet by Citi without informing me

Question

Level 1

4 points

New Credit Card added to my Apple Wallet by Citi without informing me

I suspected I had visited a fake web site last week, so immediately notified Citi and they canceled my card (no charges had been made yet!). Then on Saturday, 5 days after cancelling, I got a text notice that my new card had been used, awhile after that I received an email that requested I contact Citi for suspicious card use/fraud.

Contacting Citi, I was informed this was my newly issued card, and the transactions were done via Apple wallet. As I hadn’t even received my “new” card, I asked how this could be, and was told the Citi Fraud cs rep automatically loaded the new card to my wallet (while never informing me she had done so) and the Apple ID associated with the purchases wasn’t even mine. Anyone, how could someone get my new card info, how could they use with incorrect Apple ID, why wouldn’t I have received a notice card was added to my wallet in the first place!?! Citi is clueless and waiting on call back from Citi Supervisor.

iPhone 15 Pro, iOS 17

Posted on Jun 17, 2024 7:56 AM

Reply

Answer 1

Jeff Donald

Level 6

15,632 points

Jun 17, 2024 10:35 AM in response to sevenid8

When Citi added the new card to your Wallet, they also added the card to the fraudsters Wallet.

Here’s the most common way this happens. You use the physical card and either swipe the card or insert the chip into a reader. This happens at both merchants and ATM machines. The fraudsters use devices know as skimmers which copy the data on the magnetic stripe and shimmers with copy the data off the chip. Shimmers are the latest technology that fraudsters use and is virtually undetectable except for resistance inserting the chip into a transaction terminal.

Once the data is acquired, usually off seller on Dark Web, the credit card information is matched with personal data. Much of the personal data may also be for sale on the Dark web or easily accessed from social media sites like WhatsApp, Facebook, Instagram, LinkedIn and many others. The fraudsters then use an Apple device such as an iPhone or iPad (it happens just a frequently on Google Pay) and down load you bank’s mobile app and add the card to Apple Pay, bypassing the security requirements Apple has in place. The fraudsters also bypass the need to compromise your Apple ID and receive a 2FA code. The mobile app allows them to say they don’t have access to your iPhone and want to answer security questions. The security questions are easily answered using information from social media account you’ve shared publicly.

The fraudsters now have an active card linked to Apple Pay and approved by your bank. Then it’s spending time, at least until the banks potential fraud detection AI kicks in. When the original card was cancelled and new numbers issued, the bank updated the fraudsters wallet as well.

Reply

Answer 2

sevenid8 Author

Level 1

4 points

Jun 17, 2024 11:42 AM in response to Jeff Donald

Jeff, that’s basically what I finally figured out when talking with Citi again today. They had already (apparently) loaded my old card to Apple Wallet, I had no idea Citi was going to load my new card to Apple as the fraud agent never told me she was doing so, therefore I was at a loss as to how the hacker had possibly gotten my new card number before I did! ****** at Citi, as they never should have done this, plus, after having reported card as potentially hacked Monday, how they would let a $200 charge in CA go thru (I’m in OR), is beyond my comprehension! My old Alaska Air BofA card would immediately put my card on hold and I’d have to call before they would release for potential fraudulent charges! Citi seemed pretty unconcerned about the entire issue….I’d cancel but need for Costco! Again, thanks for you quick confirmation!

Reply

Answer 3

Jeff Donald

Level 6

15,632 points

Jun 18, 2024 5:34 AM in response to sevenid8

You’re welcome!

Reply