My Apple Pay has been hacked

Question

Level 1

4 points

My Apple Pay has been hacked

I had a call from my bank on the 31st October stating that there was a dubious payment attempt on my credit card. I called the bank and they cancelled the card and stated that they will send a replacement card in a few days. On the 1st November I received another notification from my bank informing me that there was another fraudulent attempt on my credit card, for the same amount and from the same organisation. The difference in this case was that it was on a different credit card number. initially I assumed it was an old card as it did not match any of my current credit cards. nonetheless I called my bank to discuss it. My bank informed me that the credit card used was the new one they had issued me, which I did not have physically in my position. They suspected Apple Pay. On looking into my Apple Wallet the old credit card had been replaced with a new one, the numbers matched that which was associated with the second fraudulent attempt. As I had not attempted any purchases between the two transaction fraud attempts and the only device that was even aware of the replacement credit card was Apple Pay, I can only conclude that Apple Pay has been hacked.

How would this be possible??

iPhone 13 Pro, iOS 17

Posted on Nov 1, 2024 12:45 PM

Reply

Answer 1

Jeff Donald

Level 7

25,713 points

Nov 1, 2024 4:15 PM in response to KidDougi

They just need the information contained on the magnetic strip on the back of your card or information on the chip.

Yes, the physical card needs to be swiped or inserted in a transaction terminal. YouTube has some videos of actual scammers/fraudsters explaining how they hack accounts.

Online entered numbers are equally vulnerable. The merchant just needs to be hacked. Scammers will go in every week and pull numbers off the merchants network.

Reply

Answer 2

Jeff Donald

Level 7

25,713 points

Nov 1, 2024 1:19 PM in response to KidDougi

The Payment Network Operator (Visa, MasterCard, American Express etc.) all have a feature they offer merchants generically known as Automatic Billing Updater (ABU) and merchants are immediately notified of any changes in the billing of a subscription.

https://developer.mastercard.com/product/automatic-billing-updater-abu/

https://developer.visa.com/capabilities/vau

So, how does this happen? Your personal and financial information was skimmed or shimmed when you swiped or inserted your chip into a transaction terminal or ATM. Your information was then sold on the Dark Web to a fraudster. The fraudster then made counterfeit cards and/or added your information in an Apple device and/or Android device and made purchases (subscriptions) with your compromised data.

Your bank has to contact the PNO and inform them on the fraud on your account. The PNO is updating the merchant and they are continuing to bill you when they get the updated account information.

Reply

Answer 3

KidDougi Author

Level 1

4 points

Nov 1, 2024 2:51 PM in response to Jeff Donald

Thanks for your prompt response Jeff,

That will explain how they knew the new card number before I did!! Essentially, the merchant is simply resubmitting the payment request to the card supplier, and the ABU system has updated the actual card details?!

So, can this only happen if they have had access to my physical card?

Do they absolutely need the physical card, or are my details equally as vulnerable when entering them online?

I have only used my physical card once since I was first issued the card, and that was last week!! Would that be the most likely candidate?

Reply