I Broke All of Bank of America's Card Terminals With Apple Pay

[JulesJam]

I don't bank with BofA so not sure what they have.

Yet you were commenting on this thread as if you were not only a BoA expert, but a technical, statistical and legal expert. *snort*

 

[KPOM]

A "serious" problem because someone foolishly attempted to use Apple Pay at a bank branch as unadvertised? Surely you're exaggerating big time

It's a serious problem in that anyone with an iPhone 6 and malicious intent can basically wreak havoc on a BofA branch in an instant, potentially even if he or she does not have a BofA card that they could trace to a particular user. And until BofA figures out what is going on we can't rule out the possibility that this could be exposing some other exploit.

 

[KPOM]

Not entirely out of the question as some newer credit and debit cards have RFID/NFC chips. I don't bank with BofA so not sure what they have.

I have a BofA checking account and 2 credit cards. They haven't yet upgraded my cards to NFC or EMV chips, though the latter will happen by October. I have added my credit cards to Apple Pay but don't use my debit card except at ATMs and so have not added it.

BofA, much more so than the other big banks, grew through a series of smaller acquisitions, and so they are more decentralized than either Chase or Wells, and have lots of disparate systems. I became a BofA customer two times over through acquisition (my credit cards when they bought MBNA back in 2006, and my checking account when they bought LaSalle Bank back in 2007). To this day they have not integrated LaSalle's legacy system into the system they use in the rest of the country, as I found out when I went to make a deposit at a branch while I was living in NYC. I had to use a completely different deposit slip and the teller had to follow a separate set of procedures. My point here is that this bug may not be systemic to all of BofA. It might work in Hollywood, CA but not Hollywood, FL for all anyone knows. But it is a problem and hopefully word gets to the higher ups sooner rather than later.

 

[KPOM]

No it's not. Otherwise, we'd be hearing about far more incidents of this. Like lordofthereef said, it's been two months and the OP is the only one we've heard of this? Unless of course there's more to the story than the OP is telling us.

The OP posted 2 days ago. For all we know, BofA rolled out a system upgrade that had a bug in it, causing this issue. As one of the "several thousand" people who had my perfectly fine iPhone 6 temporarily bricked by the 8.0.1 upgrade a couple of months ago, I can personally attest that sometimes "bug fixes" introduce some new bugs unintentionally.

 

[KPOM]

Yeah, it is a SERIOUS problem when you can so EASILY take down the terminals in a bank and the tellers aren't educated enough to even understand why

For real dude? You don't get why this is serious to a bank?

----------

Um, we were all telling him this could be coincidence, explaining correlation vs. causation, etc. Now it can be reported with confidence to those who can fix it.

Hey guys, I'm sitting outside in my car right now outside of another Bank Of America and the same thing happened, this one is in studio city. Just wanted to update you guys.

I second JulesJam in that you should contact BofA. Let them know what happened, and that it happened twice. Contact their customer service department and/or consider sending an email to the CEO at Brian.t.Moynihan@bankofamerica.com (it will be re-routed before ever getting to him, but someone important will read it and should respond to you).

 

[JayLenochiniMac]

Yet you were commenting on this thread as if you were not only a BoA expert, but a technical, statistical and legal expert. *snort*

Just the typical personal attack response I'd expect from someone advocating taking the matter into their own hands and shutting down an entire branch the second time in the middle of the day and inconveniencing other customers.

 

[Newtons Apple]

I know how the OP feels as when I was a kid, I stuck a plastic airplane propeller in the key hole of a street corner US Mail box and to my surprise the lock turned and the door fell open and hundreds of pieces of mail fell out and started blowing all over the intersection! It bought traffic to a halt and people were running all over to collect the mail. The police and the postal people arrived and I thjnk I wet my pants!

I was pretty sure I was going to jail?

 

[JulesJam]

Just the typical personal attack response I'd expect from someone advocating taking the matter into their own hands and shutting down an entire branch the second time in the middle of the day and inconveniencing other customers.

Get over yourself, lol!

----------

I know how the OP feels as when I was a kid, I stuck a plastic airplane propeller in the key hole of a street corner US Mail box and to my surprise the lock turned and the door fell open and hundreds of pieces of mail fell out and started blowing all over the intersection!

Now that actually qualifies as tampering!!!

 

[Rigby]

Props to the OP. It would never even have occurred to me to try this. My guess is that the payment terminals enter some sort of security shutdown mode since they don't know how to deal with the tokenized credit card number from Apple Pay. I'd report it to both Apple and BoA.

 

[JulesJam]

Props to the OP. It would never even have occurred to me to try this. My guess is that the payment terminals enter some sort of security shutdown mode since they don't know how to deal with the tokenized credit card number from Apple Pay. I'd report it to both Apple and BoA.

That is a really bad system design if they just shut down instead of merely rejecting the unexpected input. Sounds like they have nitwits in their IT department. Makes me glad I am not a BoA customer!!!!

 

[lordofthereef]

Just thought I would update here. I tried using Apple pay. It simply wouldn't go through. Didn't take the servers crashing down or anything thogh, so I am unsure what issues the OP was actually having. I asked if authenticating via Apple Pay was something that was supposed to work or if it was coming. They said they had no idea if it was coming, but it was turned off at this time.

This was a rather small branch in North Reading, MA, for whatever that is worth.

----------

I have a BofA checking account and 2 credit cards. They haven't yet upgraded my cards to NFC or EMV chips, though the latter will happen by October.

One of our cards got upgraded in october (without notice). The other still has not. Go figure.