Apple Card Hacked, but how?

Pequod23

macrumors newbie
Original poster
Jul 26, 2010
2
0
Somehow, my Apple Card information was stolen, apparently along with my identity information. I've had credit cards compromised in the past, but this was very unusual. The perpetrator got the number that is associated with the physical card and used it to charge nine transactions at a wine store in Wallingford Connecticut. All of the transactions took place over the course of about 10 minutes. It's not clear yet whether these were actual physical transactions, but the Wallet app says that they were "card present" transactions meaning that according to the system, someone had a physical card with my info on it. I spoke to the store manager and to the police and they are following up with potential video of the transactions.

Of course, I notified Goldman Sachs and they are looking into it. But I am puzzled by several things. First, while the charges were apparently made in Wallingford Connecticut, the record in the Wallet app shows them as having been made in my hometown in Massachusetts, approximately 100 miles away from Wallingford. Both the transaction list and transaction detail screens have my home town, but the map shows the details of the actual physical location in Wallingford. Clicking on the map on the transaction detail screen takes you to the Yelp page for that merchant, which has the actual physical address and phone number for the store were the charges were made in Wallingford. The puzzling thing is, how can they change the merchant location?

The card present indication means that there was a physical card presented (unless that is hacked, too). I have had it suggested that my physical card was scanned somehow by an RFID scanner, or was compromised in a card skimmer. That may be the case, but I have only used the card for Apple services transactions except for the first month that I had it, which was last September.

With the changes to the merchant information, this seems more like a digital hack. Searched the Internet and have not seen anything like this, and in fact very few reports of Apple Cards being compromised. Ideas are welcome.
 

chscag

macrumors 68040
Feb 17, 2008
3,693
1,270
Fort Worth, Texas
With the changes to the merchant information, this seems more like a digital hack.
I suspect you're correct. I have had both my personal and business Visa cards hacked the same way. One particular hack showed items purchased from a store in Ireland.... I live in Texas. :rolleyes:
 

tkukoc

macrumors 68000
Sep 16, 2014
1,526
1,909
Wish I Was In Space!
I'd check is make sure you have two factor authentication on your Apple account associated with your card. I would then change my passwords for anything and everything just in case. Sorry you had that happen, no fun at all.
 

jaytv111

macrumors 6502
Oct 25, 2007
329
134
The Apple Card (in its physical form at least) is not a contactless card at all. It won't do anything with any RFID reader. It can however be easily skimmed, then copied to a physical card, then it can be used like it was the real card. Or it's possible there was an online hack and the card number was taken and used in the same way (as far as I know, there's two separate numbers, one for online, one in the magstripe).

The Wallet app probably had something unexpected on the backend which caused it to have wrong location data in the one view and then the right location in the other view. It probably defaulted to your home address with this unexpected condition.
 

Rigby

macrumors 603
Aug 5, 2008
5,140
4,882
San Jose, CA
It's not clear yet whether these were actual physical transactions, but the Wallet app says that they were "card present" transactions meaning that according to the system, someone had a physical card with my info on it.
Most likely a card with a cloned mag stripe, and they found a retailer that still accepts mag stripe.
But I am puzzled by several things. First, while the charges were apparently made in Wallingford Connecticut, the record in the Wallet app shows them as having been made in my hometown in Massachusetts, approximately 100 miles away from Wallingford. Both the transaction list and transaction detail screens have my home town, but the map shows the details of the actual physical location in Wallingford. Clicking on the map on the transaction detail screen takes you to the Yelp page for that merchant, which has the actual physical address and phone number for the store were the charges were made in Wallingford. The puzzling thing is, how can they change the merchant location?
I don't really know how Apple handles this, but they may use different methods to determine location in the transaction list and in the maps. Note that there isn't a 100% reliable method to determine the location of physical card transactions. There is a registry that links merchant IDs to locations, but it is voluntary and smaller retailers may not participate. The map could be based on scraping the regular transaction data for an address or store number. This works with many 3rd party credit cards provisioned in Apple Pay too, BTW.
With the changes to the merchant information, this seems more like a digital hack. Searched the Internet and have not seen anything like this, and in fact very few reports of Apple Cards being compromised. Ideas are welcome.
Most likely there was a data breach at either a retailer where you used the card before, or perhaps a payment processor.
 

ZipZap

macrumors 603
Dec 14, 2007
5,497
905
Applecard is a credit card. If you make purchases with it those purchases are subject to fraud. So, to say Applecards cannot be hacked is crazy. One of your merchants has been hacked. I thought Applecards had digitally generated numbers. Have a new one assigned and move forward. The exempt from this type of fraud per Visa/MC rules. Its a GS issue once you report the loss.
 

Rigby

macrumors 603
Aug 5, 2008
5,140
4,882
San Jose, CA
I thought Applecards had digitally generated numbers. Have a new one assigned and move forward.
The DAN (virtual card number) is only used when you use it through Apple Pay (just like any other credit card). The physical card has a fixed number (also like any other credit card). The Apple Card is no more or less secure than any other card that can be used with Apple Pay.
 

ZipZap

macrumors 603
Dec 14, 2007
5,497
905
The DAN (virtual card number) is only used when you use it through Apple Pay (just like any other credit card). The physical card has a fixed number (also like any other credit card). The Apple Card is no more or less secure than any other card that can be used with Apple Pay.
Fair enough, then Goldman Sachs should generate a new card for use. Don’t understand why that’s not happening.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.