Apple wallet hacked

What’s impossible is hacking Apple Wallet. It resides in the Secure Element, which has never been hacked.

https://en.wikipedia.org/wiki/Secure_element

Typically cards are compromised when you swipe the physical card or insert the chip into a transaction terminal at bank ATMs and merchants such as gas stations, grocery stores, convenience stores and restaurants. 

Scammers use devices called skimmers and shimmers to copy the data off the card. The copied personal information and card details are sold on the Dark Web. Scammers make counterfeit cards and add the information to Android phones and iPhones to use with Google Wallet and Apple Pay. 

Fraud is committed when the scammers use the counterfeit cards or electronic wallets to make purchases online or in person. 

How did your card information get put on an electronic wallet? The verification process is managed by the issuing bank and Payment Network Operator (Visa, MasterCard etc.). Apple is not a bank and cannot verify your identity or authenticate the card details. Apple provides basic information such as iPhone model, usage patterns, location and information about Apple Account, iTunes account etc. The PNO and bank use various methods to verify the person trying to add the card and typically go through two or more verification processes.

Once identity is confirmed the bank sends an encrypted dynamic token that represents your card details including account number, expiration date and security codes to Apple servers. Apple then adds the token to the Wallet app along with art work representing the card to the Wallet and the card is authorized for use with Apple Pay. 

Please contact the fraud department at the issuing bank by calling the phone number on the back of your card. The bank’s fraud team has processes they go through and will probably request you file a police report. Apple will cooperate when requested with local law enforcement and the bank. 

I’m sorry to learn of the incident and hope your bank can resolve the issue to your satisfaction. 

Apple Pay component security - Apple Support

Apple Pay security and privacy overview - Apple Support

Card provisioning security overview - Apple Support

Legal - Apple Pay & Privacy- Apple

That would be a question for your bank. Only they can authorize the addition of a card to the Wallet App.

Also, the wallet app contains no actual card numbers or details, so even if your wallet app was hacked (which is not possible by the way), there would have been unable to see anything. Apple Wallet lives on your iPhone exclusively and is encrypted.

Apple does not verify or have access to card numbers or personal details in Wallet or during transactions. Those are encrypted and sent to the bank for verification when you add the card. If the bank then allows the card to be added the system adds the card, but does not store any card numbers or personal details, only an encrypted package is kept that only your bank can decrypt and access during transactions to link your device to your account.

Whatever happened, and if the hackers were able to add the card to their Wallet App falls squarely on the side of your bank. Contact them and ask the why they allowed that without confirmation from you.

Your problem is not with Apple, it is with your bank. Your card details were most likely taken by using the physical card at a terminal that had a Skimmer or Shimmer installed.

The only way the card can be added to the Wallet is if it is approved by your bank. Why did they do that? Apple has no details about the account owner of the card to make that decision, but your bank does.

You were scammed and the scammers could use your card details for anything they wanted to as long as your bank continues to approve it. You could say that you didn't allow them to use your card on Amazon if they made a purchase there, and the solution is the same. Your bank allowed it and that is who you need to contact to dispute the charges. It wouldn't be Amazon's fault either if that happened.

Wakeupthebear wrote:

It’s the way they used the Apple app to secure my card and it’s simple information onto their OS.

That is the hack.

What Apple app? Again, your Apple Wallet contains absolute no usable data for them to add to their devices. They did not get your data from there, as such there is no possible hack to Apple's apps or services.

that is a failure on Visa and Apple!

Apple had nothing to do with it. If they got a hold of your card some way, it was not through an Apple app, so how is Apple responsible for that?

using just the basic info they give on the surface of the card to make a normal transaction and all of the sudden I’m in their wallet. I’m in their APPLE wallet.

Again, if they managed to add the card to their wallet that is because Visa or your bank allowed them to. Apple has nothing to do with that. Apple has no way of knowing it's not supposed to add a card if the issuer or bank verifies and responds positively to the request.

What exactly do you expect Apple to do?

How would they know whoever is adding the card to their wallet app is not supposed to?

that’s a Apple wallet and the bank system that did this.

There is no hack. If the thieves got a hold of your card info, they could have just as easily add it to any other system, and it would still require your card issuers approval for that. Apple had nothing to do with it.

Apple has no way of knowing that the attempt to add a card to a different Wallet app is not a valid one. How could they possible know this? That's for your bank or card issuer to determine.

You are blaming Apple for something they could not possible know or prevent.

It’s that it happened and that it happened by them using your app

Whatever happened, is not a hack. It is not helpful to your situation to blame Apple for something that cannot happen.

It's not our App, this is a user to user forum. You are not addressing Apple Support here.

It would be better if instead of throwing blame you tried to understood what happened. And not assume things that can't possibly happen.

I know it's terrifying to have your card compromised, but just blaming Apple is not the way to resolve it.

There is no hack, if they added the card to their own Wallet App the normal way then they hacked nothing. They got your card details somehow and added the card the normal way.

If the bank permitted it, then its there fault for not verifying with the holder in some way.

You can blame Apple all you want, it's not going to fix the issue. There is no hack, and nothing to fix from Apple's side.

Wakeupthebear wrote:

Now that I don’t have Apple Pay in my phone. I have no way for the hackers to use my visa.

as my new visa will not be available on Apple Pay and any notification I get about apple wallet will immediately put up flags.

[Edited by Moderator]

There is nothing to get from Apple Pay. Do you not understand that Apple Pay is encrypted and does not hold any card info whatsoever? How would they get something that the Wallet App does not have?

However they got the card info was not from Apple Pay or the Wallet App. Not using Apple Pay does not in any way resolve the issue.

You seem to not understand that there is no card data stored in the wallet app for hackers to even get.

It's just an encrypted package with your device identifier that gets sent to the bank to verify.

You are free to never use Apple Pay again, but that will not stop the people that used your card from using it.

You can blame Apple all you want it won't alter reality.

Apple only sees encrypted data about the credit card being added. They have no way of authenticating the data or the person adding the card. Banks don’t want every customer being forced to verify to Apple for multiple reasons including security, privacy and desire to reduce friction. Friction is what banks call imposing what they view as unnecessary hurdles for the account owner to use the banks services and products.

Your observation that all they need to do is add account number expiration date and security code to add the card is incorrect. Banks use procedures to identify the person adding the account details and the device it’s being added to. Apple provides information about the device and accounts associated with the device to the bank. Banks use their own methods to verify identity etc. This includes the use of two factor authentication (2FA). This information is all contained in the 4 links I shared with you. Please review the information and do not post misinformation and you’re assuming facts that aren’t in evidence.

Either you haven’t read or understood what I’ve said to you. This is from my first post to you.

>>Typically cards are compromised when you swipe the physical card or insert the chip into a transaction terminal at bank ATMs and merchants such as gas stations, grocery stores, convenience stores and restaurants. 

Scammers use devices called skimmers and shimmers to copy the data off the card. The copied personal information and card details are sold on the Dark Web. Scammers make counterfeit cards and add the information to Android phones and iPhones to use with Google Wallet and Apple Pay. <<

Do you understand every time you insert your card into an ATM or transaction terminal your account information is at risk? Once compromised, it can still be added to a fraudsters electronic wallet. You’ve solved nothing but stopped using what banks consider the safest form of payment.

Wakeupthebear wrote:

Yes it is.

I will never use Apple Pay again. The app is removed from my phone. The Apple Pay app is responsible they hold hands with the bank. If I never authenticated my visa on the Apple app there would be no way to use my credit card to add to another account.

Give your head a shake for me.

read what I’m telling you.

then tell me I’m wrong again.

Apple is totally part of this.

stop hiding your heads!

Not true! Removing the card from your Wallet or even removing the Wallet makes no difference. As long as someone has your card details they will use it anywhere that your bank allows them to. It makes no difference if they buy something from Amazon or add your account to their own Wallet app, it is still your bank that approves it and they are solely responsible.

The problem is you didn’t take advantage of educating yourself. You failed to advance any facts that negates your negligence in the way you use your credit and debit cards when not protected in an electronic wallet.