Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

dcmike

macrumors member
Original poster
Hi all,

In the last week, I've had fraudulent charges appear on two different cards issued by two separate banks. The only connection I can find between the two is I registered both for Apple Pay. Has anyone else had similar issues? I'm trying to not jump to the paranoid conclusion that it must be Apple Pay and delete all my cards there, but I am trying to figure out some other way the information from both of these cards could have been compromised.

Thanks!

Mike
 
Did you happen to use these same cards at a particular retailer or even a vending machine?

This past year, I used an Amex card and the merchant pretended it didn't work so I handed him a Mastercard (obviously issued by a different bank). Apparently both were skimmed at the same time because someone tried to use both of them at Best Buy (for the same charge no less), but were stopped cold at point of sale. A few months also passed between the skimming and attempted fraudulent use. Yours could have been skimmed several months ago.
 
the biggest factor is which store you used the physical card at. Most people visit the same vendors.

It's crazy cause my Amex has been getting hammered with fraud often since 2014 til now. Have a feeling it's this kabob store near me, but the food is too delicious. Gotta start carrying cash.
 
Its easier to steal off a physical card versus :apple:pay so focus on where you may have shown or used both cards. Also, just call the bank and get a new card/number. There is no reason to mess around with credit issues in todays world!
 
Hi all,

In the last week, I've had fraudulent charges appear on two different cards issued by two separate banks. The only connection I can find between the two is I registered both for Apple Pay. Has anyone else had similar issues? I'm trying to not jump to the paranoid conclusion that it must be Apple Pay and delete all my cards there, but I am trying to figure out some other way the information from both of these cards could have been compromised.

Thanks!

Mike

You're going to have to delete the cards anyway, and re-enroll as soon as you get new cards.

In any case, if it was Apple Pay, the bank would know right away. Apple Pay doesn't give out your actual credit card number, but generates a different, device-specific number. If you look at your credit card slips, you'll see that the last four digits of the "card number" don't match your actual credit card number. The merchant never sees your actual card number if you use Apple Pay.

So, if the fraud was coming from Apple Pay (which is doubtful for other technical reasons), the number used would be the device-generated number, not your actual credit card number.

In any case, almost certainly the fraud occured from a skim that happened long before you started using Apple Pay. I had my card numbers stolen last year when on a trip (parent's funeral, actually... thanks thieves, appreciate it!), but the actual fraudulent use didn't start happening until several months later. Apparently the thieves sometimes sit on the card numbers for a while before they start using them.
 
Hi all,

In the last week, I've had fraudulent charges appear on two different cards issued by two separate banks. The only connection I can find between the two is I registered both for Apple Pay. Has anyone else had similar issues? I'm trying to not jump to the paranoid conclusion that it must be Apple Pay and delete all my cards there, but I am trying to figure out some other way the information from both of these cards could have been compromised.

Thanks!

Mike

See article:

http://www.cultofmac.com/310173/apple-pay-actually-makes-really-easy-commit-credit-card-fraud/
 

Two problems with this article:

1. The fruaud being discussed here is people adding cards to their phones that don't belong to them. Probably not what's going on in the OP's case, because,

2. Banks require verification before a card is fully activated. For Chase and TDBank, you have to call in and verify that you're doing this in order for Apple Pay on your card to start working. On Capital One, you either have to call in, or get verification using their app (which requires to log in with your online account).

In other words, this type of fraud requires not just having physical access to the card, but also access to key parts of a person's idendity, including login credentials or verifiable personal details (social security numbers, verification questions, etc.). And if a thief has that, then Apple Pay is the least of your troubles.
 
I agree with scaredpoet. My bank required verification with information only I could know about my bank account before authorizing the card. If your bank does not require some sort of authorization with information only you should know, then bad on them, and I would switch banks immediately. The article writer (Chris Mills from Gizmodo) seems to be very anti-Apple with many of his articles. Just another scaremonger looking for attention that they don't deserve.
 
Two problems with this article:

1. The fruaud being discussed here is people adding cards to their phones that don't belong to them. Probably not what's going on in the OP's case, because,

2. Banks require verification before a card is fully activated. For Chase and TDBank, you have to call in and verify that you're doing this in order for Apple Pay on your card to start working. On Capital One, you either have to call in, or get verification using their app (which requires to log in with your online account).

In other words, this type of fraud requires not just having physical access to the card, but also access to key parts of a person's idendity, including login credentials or verifiable personal details (social security numbers, verification questions, etc.). And if a thief has that, then Apple Pay is the least of your troubles.

Well, there are clearly some cards that don't require those security steps.
 
Hi all,

In the last week, I've had fraudulent charges appear on two different cards issued by two separate banks. The only connection I can find between the two is I registered both for Apple Pay. Has anyone else had similar issues? I'm trying to not jump to the paranoid conclusion that it must be Apple Pay and delete all my cards there, but I am trying to figure out some other way the information from both of these cards could have been compromised.

Thanks!

Mike

This isn't apple pay. The common link is you your address and your mailbox.
 
Two problems with this article:

1. The fruaud being discussed here is people adding cards to their phones that don't belong to them. Probably not what's going on in the OP's case, because,

2. Banks require verification before a card is fully activated. For Chase and TDBank, you have to call in and verify that you're doing this in order for Apple Pay on your card to start working. On Capital One, you either have to call in, or get verification using their app (which requires to log in with your online account).

In other words, this type of fraud requires not just having physical access to the card, but also access to key parts of a person's idendity, including login credentials or verifiable personal details (social security numbers, verification questions, etc.). And if a thief has that, then Apple Pay is the least of your troubles.

They didn't have me call. I was emailed a verification code...

This was with chase and amex. I entered my card info and was emailed a verification code to enter.
 
the biggest factor is which store you used the physical card at. Most people visit the same vendors.

It's crazy cause my Amex has been getting hammered with fraud often since 2014 til now. Have a feeling it's this kabob store near me, but the food is too delicious. Gotta start carrying cash.

Pay cash for your kebab's. Kebab's are my fave. Off to Daphne's for lunch with cash in-hand. 😛
 
They didn't have me call. I was emailed a verification code...

This was with chase and amex. I entered my card info and was emailed a verification code to enter.

Same here but calling in is probably required if they don't have an email address linked to their accounts (e.g., don't have an online account set up or they refuse to provide the email address to prevent spams).

My Citi Dividend card didn't require a verification, although I did get a letter confirming the activation.
 
Interesting on the different ways cards are registered--even with the same banks. I registered cards from Chase, Bank of America, Capital One, and American Express but didn't need to call any banks. Don't remember if I needed any online verification. I did get verification from all the banks that the cards were successfully registered with Apple Pay.

I've had several fraud issues pop up now and again--I use Mint to monitor all my accounts. For me, I think using a card with a less established online business is where my cards were compromised.
 
Interesting on the different ways cards are registered--even with the same banks. I registered cards from Chase, Bank of America, Capital One, and American Express but didn't need to call any banks. Don't remember if I needed any online verification. I did get verification from all the banks that the cards were successfully registered with Apple Pay.

I've had several fraud issues pop up now and again--I use Mint to monitor all my accounts. For me, I think using a card with a less established online business is where my cards were compromised.

How is mint? I have thought about using it in the past.
 
I have a bunch of cards registered with apple pay on my 6 plus and they have been there for months with no issues.
My guess is they got your account info some other way.
A few weeks ago I had a credit card that I opened just to do some balance transfers cause it had 0% interest for a year.
I never used the card anywhere, that bank does not support apple pay yet and its been sitting in my draw not touched at all since the day I activated it but somehow they attempted to put on some fraudulent online charges.
Weird how hackers get that info sometimes.
 
How is mint? I have thought about using it in the past.

Mostly ok--and their support is usually pretty good as long as you use email to open a trouble ticket. Having problems with my Dreyfus accounts but that seems to be related to recent changes on the Dreyfus site--and I'm sure there is only so much Mint can do to resolve it. Mint is owned by Intuit so you have to be ok with that--but it is free and they really don't try and sell you anything--just a few helpful hint ads here and there. I have all of my accounts in their system and except for the recent Dreyfus problems, it makes for a very easy way to check all of your accounts in one place. I've used it for a couple of years now. Works fine on my Mac as well as iPhone and iPad. I've come to rely on it.
 
Well, there are clearly some cards that don't require those security steps.

Which ones? I've tried barclaycard, Capital One, TD Bank, and Chase. All of them required some verification.

And in any case, this fraud isn't a symptom of Apple Pay, nor is it unique. Anyone with access to someone's credit cards, even for a moment, could copy down the relevant numbers (or take pictures) and use the info to make fraudulent transactions. Maybe not in a store with a smartphone, but definitely online.

----------

They didn't have me call. I was emailed a verification code...

This was with chase and amex. I entered my card info and was emailed a verification code to enter.

... which means a thief would still need to have access to more than just your card.

Presumably, if Apple Pay didn't exist, the thief could still use your e-mail address to say they forgot your username and password, and ask to be e-mailed the name and a password reset. And then you're still pretty bad off. Again, not a problem that Apple Pay itself has created, nor uniquely susceptible to.
 
Which ones? I've tried barclaycard, Capital One, TD Bank, and Chase. All of them required some verification.

And in any case, this fraud isn't a symptom of Apple Pay, nor is it unique. Anyone with access to someone's credit cards, even for a moment, could copy down the relevant numbers (or take pictures) and use the info to make fraudulent transactions. Maybe not in a store with a smartphone, but definitely online.

----------



... which means a thief would still need to have access to more than just your card.

Presumably, if Apple Pay didn't exist, the thief could still use your e-mail address to say they forgot your username and password, and ask to be e-mailed the name and a password reset. And then you're still pretty bad off. Again, not a problem that Apple Pay itself has created, nor uniquely susceptible to.

Well, if they are able to do this, clearly some companies don't use those measures.
 
Thanks all for all the suggestions - I can't figure it out. There are not common vendors between them, they were used in different stores. One I only use online, so it was never used in a physical location. I am just trying to figure out how the card information the two cards was obtained. Apple Pay seemed the only link I could think of. And no, I didn't add my credit card information to any phone other than my own.
 
It's crazy cause my Amex has been getting hammered with fraud often since 2014 til now. Have a feeling it's this kabob store near me, but the food is too delicious. Gotta start carrying cash.

Likewise, twice we had a credit or debit card compromised... and the only common event that we could think of, was using them at a nearby full service laundry the day before. We only use cash there now 🙂

I've had several fraud issues pop up now and again--I use Mint to monitor all my accounts. For me, I think using a card with a less established online business is where my cards were compromised.

Interesting. Mint has been my alert source several times as well. I monitor with it almost daily.

It's really nice to be able to check all my accounts at once, although there'll be hell to pay if Mint ever gets hacked !!
 
My bank offers several different types of credit cards. All I did was request one with a low rate, and the other with better cash back offers. When both came, one went directly into Apple Pay, and then I destroyed the physical card. The other I carry in my wallet. I won't have to worry about fraud with the one on my phone, as it will never be physically used. The other card came with a chip in it already. That one will also not be swiped, but inserted into the card reader, and then enter my pin. I also have alerts set up through my bank that sends me a text anytime a purchase of $1 or more are made on the cards. The alerts are sent almost instantly after a purchase. A few months ago, I had a card compromised, with a fraudulent charge made at a Macy's in California. It popped up immediately on my phone, and in less than 10 minutes the charge was removed from my card after calling the bank.
 
Last edited:
A few months ago, I had a card compromised, with a fraudulent charge made at a Macy's in California. It popped up immediately on my phone, and in less than 10 minutes the charge was removed from my card after calling the bank.

I take it your bank hasn't implemented point of sale fraud monitoring? All my cards are from banks that do this and the last three attempted fraudulent charges were stopped cold at point of sale. I received notifications right after saying they weren't approved and to give them a call if was an authentic charge.
 
I take it your bank hasn't implemented point of sale fraud monitoring? All my cards are from banks that do this and the last three attempted fraudulent charges were stopped cold at point of sale. I received notifications right after saying they weren't approved and to give them a call if was an authentic charge.

They do if it's over a certain amount. This was a charge that was only around $25.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.