I'm in the UK and have just been told by a friend that someone they know has had transactions attempted that originate from Apple Pay. My question is has or can apple pay be hacked? thanks
[Re-Titled by Moderator]
Original Title: Apple Pay hack?
iPhone 14, iOS 26
Hi, your friend is misinformed. Apple Pay has never been hacked. It runs totally separate from iOS and your iPhone’s other hardware. Apple Pay is its own System on a Chip (SOC). This means it has its own processor, memory and storage. The SOC doesn’t even run iOS, it uses a version of Java. All the personal and financial details it stores is encrypted on your iPhone. The cards details are deleted after encryption. Only your bank has the key to decrypt the information.
Apple Pay transactions require the user to verify and authenticate each transaction using biometric (FaceID or Fingerprint ID or passcode).
What unfortunately may happen is a card owner uses his card in an ATM, merchant transaction terminal (skimming), loses the card or information is lost in a merchant data breach. Another popular method is social engineering the card owner to enter data in fraudulent websites or via scam texts and phone calls. When that happens, the lost information is sold on the Dark Web. Scammers purchase the information and add the details to their mobile device (Android, iPhone) and the bank verifies and authenticates adding the card. Now the scammers can make Google Pay and Apple Pay transactions in person and online.
When a cardholder reports fraudulent transactions, the bank sees payments originating from Google Pay/ Apple Pay. This happens when banks are lax on the verification process and authenticate the scammers devices and add stolen card details.
Hi, your friend is misinformed. Apple Pay has never been hacked. It runs totally separate from iOS and your iPhone’s other hardware. Apple Pay is its own System on a Chip (SOC). This means it has its own processor, memory and storage. The SOC doesn’t even run iOS, it uses a version of Java. All the personal and financial details it stores is encrypted on your iPhone. The cards details are deleted after encryption. Only your bank has the key to decrypt the information.
Apple Pay transactions require the user to verify and authenticate each transaction using biometric (FaceID or Fingerprint ID or passcode).
What unfortunately may happen is a card owner uses his card in an ATM, merchant transaction terminal (skimming), loses the card or information is lost in a merchant data breach. Another popular method is social engineering the card owner to enter data in fraudulent websites or via scam texts and phone calls. When that happens, the lost information is sold on the Dark Web. Scammers purchase the information and add the details to their mobile device (Android, iPhone) and the bank verifies and authenticates adding the card. Now the scammers can make Google Pay and Apple Pay transactions in person and online.
When a cardholder reports fraudulent transactions, the bank sees payments originating from Google Pay/ Apple Pay. This happens when banks are lax on the verification process and authenticate the scammers devices and add stolen card details.
Thanks Jeff much appreciate your feedback.
You’re welcome and I hope you have a great day!
Can Apple Pay be hacked to make unauthorized transactions?
