Apple Pay Credit Card Fraud?

Discussion in 'iPhone' started by dcmike, Jan 27, 2015.

  1. dcmike macrumors member

    Joined:
    Jan 18, 2009
    Location:
    DC
    #1
    Hi all,

    In the last week, I've had fraudulent charges appear on two different cards issued by two separate banks. The only connection I can find between the two is I registered both for Apple Pay. Has anyone else had similar issues? I'm trying to not jump to the paranoid conclusion that it must be Apple Pay and delete all my cards there, but I am trying to figure out some other way the information from both of these cards could have been compromised.

    Thanks!

    Mike
     
  2. JayLenochiniMac macrumors G5

    Joined:
    Nov 7, 2007
    Location:
    New Sanfrakota
    #2
    Did you happen to use these same cards at a particular retailer or even a vending machine?

    This past year, I used an Amex card and the merchant pretended it didn't work so I handed him a Mastercard (obviously issued by a different bank). Apparently both were skimmed at the same time because someone tried to use both of them at Best Buy (for the same charge no less), but were stopped cold at point of sale. A few months also passed between the skimming and attempted fraudulent use. Yours could have been skimmed several months ago.
     
  3. wesk702 macrumors 68000

    wesk702

    Joined:
    Jul 7, 2007
    Location:
    The hood
    #3
    the biggest factor is which store you used the physical card at. Most people visit the same vendors.

    It's crazy cause my Amex has been getting hammered with fraud often since 2014 til now. Have a feeling it's this kabob store near me, but the food is too delicious. Gotta start carrying cash.
     
  4. Chatter macrumors 6502a

    Joined:
    Jun 10, 2013
    Location:
    Uphill from Downtown
    #4
    Its easier to steal off a physical card versus :apple:pay so focus on where you may have shown or used both cards. Also, just call the bank and get a new card/number. There is no reason to mess around with credit issues in todays world!
     
  5. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #5
    You're going to have to delete the cards anyway, and re-enroll as soon as you get new cards.

    In any case, if it was Apple Pay, the bank would know right away. Apple Pay doesn't give out your actual credit card number, but generates a different, device-specific number. If you look at your credit card slips, you'll see that the last four digits of the "card number" don't match your actual credit card number. The merchant never sees your actual card number if you use Apple Pay.

    So, if the fraud was coming from Apple Pay (which is doubtful for other technical reasons), the number used would be the device-generated number, not your actual credit card number.

    In any case, almost certainly the fraud occured from a skim that happened long before you started using Apple Pay. I had my card numbers stolen last year when on a trip (parent's funeral, actually... thanks thieves, appreciate it!), but the actual fraudulent use didn't start happening until several months later. Apparently the thieves sometimes sit on the card numbers for a while before they start using them.
     
  6. miamialley macrumors 68030

    miamialley

    Joined:
    Jul 28, 2008
    Location:
    Los Angeles, CA
    #6
    See article:

    http://www.cultofmac.com/310173/apple-pay-actually-makes-really-easy-commit-credit-card-fraud/
     
  7. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #7
    Two problems with this article:

    1. The fruaud being discussed here is people adding cards to their phones that don't belong to them. Probably not what's going on in the OP's case, because,

    2. Banks require verification before a card is fully activated. For Chase and TDBank, you have to call in and verify that you're doing this in order for Apple Pay on your card to start working. On Capital One, you either have to call in, or get verification using their app (which requires to log in with your online account).

    In other words, this type of fraud requires not just having physical access to the card, but also access to key parts of a person's idendity, including login credentials or verifiable personal details (social security numbers, verification questions, etc.). And if a thief has that, then Apple Pay is the least of your troubles.
     
  8. goofy1958 macrumors regular

    Joined:
    Oct 7, 2011
    #8
    I agree with scaredpoet. My bank required verification with information only I could know about my bank account before authorizing the card. If your bank does not require some sort of authorization with information only you should know, then bad on them, and I would switch banks immediately. The article writer (Chris Mills from Gizmodo) seems to be very anti-Apple with many of his articles. Just another scaremonger looking for attention that they don't deserve.
     
  9. miamialley macrumors 68030

    miamialley

    Joined:
    Jul 28, 2008
    Location:
    Los Angeles, CA
    #9
    Well, there are clearly some cards that don't require those security steps.
     
  10. Gav2k macrumors G3

    Gav2k

    Joined:
    Jul 24, 2009
    #10
    This isn't apple pay. The common link is you your address and your mailbox.
     
  11. mattopotamus macrumors G5

    mattopotamus

    Joined:
    Jun 12, 2012
    #11
    They didn't have me call. I was emailed a verification code...

    This was with chase and amex. I entered my card info and was emailed a verification code to enter.
     
  12. ET iPhone Home macrumors 68040

    ET iPhone Home

    Joined:
    Oct 5, 2011
    Location:
    Orange County, California USA
    #12
    Pay cash for your kebab's. Kebab's are my fave. Off to Daphne's for lunch with cash in-hand. :p
     
  13. JayLenochiniMac macrumors G5

    Joined:
    Nov 7, 2007
    Location:
    New Sanfrakota
    #13
    Same here but calling in is probably required if they don't have an email address linked to their accounts (e.g., don't have an online account set up or they refuse to provide the email address to prevent spams).

    My Citi Dividend card didn't require a verification, although I did get a letter confirming the activation.
     
  14. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #14
    Interesting on the different ways cards are registered--even with the same banks. I registered cards from Chase, Bank of America, Capital One, and American Express but didn't need to call any banks. Don't remember if I needed any online verification. I did get verification from all the banks that the cards were successfully registered with Apple Pay.

    I've had several fraud issues pop up now and again--I use Mint to monitor all my accounts. For me, I think using a card with a less established online business is where my cards were compromised.
     
  15. mattopotamus macrumors G5

    mattopotamus

    Joined:
    Jun 12, 2012
    #15
    How is mint? I have thought about using it in the past.
     
  16. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #16
    I have a bunch of cards registered with apple pay on my 6 plus and they have been there for months with no issues.
    My guess is they got your account info some other way.
    A few weeks ago I had a credit card that I opened just to do some balance transfers cause it had 0% interest for a year.
    I never used the card anywhere, that bank does not support apple pay yet and its been sitting in my draw not touched at all since the day I activated it but somehow they attempted to put on some fraudulent online charges.
    Weird how hackers get that info sometimes.
     
  17. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #17
    Mostly ok--and their support is usually pretty good as long as you use email to open a trouble ticket. Having problems with my Dreyfus accounts but that seems to be related to recent changes on the Dreyfus site--and I'm sure there is only so much Mint can do to resolve it. Mint is owned by Intuit so you have to be ok with that--but it is free and they really don't try and sell you anything--just a few helpful hint ads here and there. I have all of my accounts in their system and except for the recent Dreyfus problems, it makes for a very easy way to check all of your accounts in one place. I've used it for a couple of years now. Works fine on my Mac as well as iPhone and iPad. I've come to rely on it.
     
  18. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #18
    Which ones? I've tried barclaycard, Capital One, TD Bank, and Chase. All of them required some verification.

    And in any case, this fraud isn't a symptom of Apple Pay, nor is it unique. Anyone with access to someone's credit cards, even for a moment, could copy down the relevant numbers (or take pictures) and use the info to make fraudulent transactions. Maybe not in a store with a smartphone, but definitely online.

    ----------

    ... which means a thief would still need to have access to more than just your card.

    Presumably, if Apple Pay didn't exist, the thief could still use your e-mail address to say they forgot your username and password, and ask to be e-mailed the name and a password reset. And then you're still pretty bad off. Again, not a problem that Apple Pay itself has created, nor uniquely susceptible to.
     
  19. miamialley macrumors 68030

    miamialley

    Joined:
    Jul 28, 2008
    Location:
    Los Angeles, CA
    #19
    Well, if they are able to do this, clearly some companies don't use those measures.
     
  20. JayLenochiniMac macrumors G5

    Joined:
    Nov 7, 2007
    Location:
    New Sanfrakota
    #20
    Citi Dividend didn't require a verification when I added it, although I did get a confirmation letter in the mail after the activation.
     
  21. dcmike thread starter macrumors member

    Joined:
    Jan 18, 2009
    Location:
    DC
    #21
    Thanks all for all the suggestions - I can't figure it out. There are not common vendors between them, they were used in different stores. One I only use online, so it was never used in a physical location. I am just trying to figure out how the card information the two cards was obtained. Apple Pay seemed the only link I could think of. And no, I didn't add my credit card information to any phone other than my own.
     
  22. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #22
    Likewise, twice we had a credit or debit card compromised... and the only common event that we could think of, was using them at a nearby full service laundry the day before. We only use cash there now :)

    Interesting. Mint has been my alert source several times as well. I monitor with it almost daily.

    It's really nice to be able to check all my accounts at once, although there'll be hell to pay if Mint ever gets hacked !!
     
  23. wxman2003, Jan 29, 2015
    Last edited: Jan 29, 2015

    wxman2003 Suspended

    Joined:
    Apr 12, 2011
    #23
    My bank offers several different types of credit cards. All I did was request one with a low rate, and the other with better cash back offers. When both came, one went directly into Apple Pay, and then I destroyed the physical card. The other I carry in my wallet. I won't have to worry about fraud with the one on my phone, as it will never be physically used. The other card came with a chip in it already. That one will also not be swiped, but inserted into the card reader, and then enter my pin. I also have alerts set up through my bank that sends me a text anytime a purchase of $1 or more are made on the cards. The alerts are sent almost instantly after a purchase. A few months ago, I had a card compromised, with a fraudulent charge made at a Macy's in California. It popped up immediately on my phone, and in less than 10 minutes the charge was removed from my card after calling the bank.
     
  24. JayLenochiniMac macrumors G5

    Joined:
    Nov 7, 2007
    Location:
    New Sanfrakota
    #24
    I take it your bank hasn't implemented point of sale fraud monitoring? All my cards are from banks that do this and the last three attempted fraudulent charges were stopped cold at point of sale. I received notifications right after saying they weren't approved and to give them a call if was an authentic charge.
     
  25. wxman2003 Suspended

    Joined:
    Apr 12, 2011
    #25
    They do if it's over a certain amount. This was a charge that was only around $25.
     

Share This Page