What’s to prevent a nefarious merchant from masquerading as Apple for the transaction payee? Sounds like a great smokescreen for thieves.
Last edited:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Random Apple Pay Charges Affecting iPhone Users in Hungary
- Thread starter MacRumors
- Start date
- Sort by reaction score
Hi!
I am from Hungary.
So let’s be clear.
ApplePay and cards in your Wallet are not affected!
Only cards linked to your Apple ID that were used in the App Store in the past.
Some Hungarian guy on X said that the whole issue maybe linked to tokenization.
So when you register your card at a merchant (in this case Apple), and you buy a monthly/yearly subscription, they create a specific token linked to your card, so they can charge you in the future easily.
That is why all of the victims were charged with values same to previous subscriptions (iCloud, AppleTV+) and purchases (iTunes).
However there are victims who removed their cards years ago from their Apple ID account, or blocked their cards after the news broke out, and their bank accounts were still charged with previous purchases/subscriptions.
Somebody said his card already expired and still charged him, which slightly debunks the tokenization hypothesis.
So there are still a lot of questions. Why only Hungarian Apple users are affected? Why do these charges have same values only to Apple subscriptions and purchases? Is there a systematic issue/vulnerability with card tokenization?
I was also affected, I was charged for 399HUF (same as my iCloud subscription, that was already charged right on time a week earlier) and 249HUF (price of a song on iTunes that I purchased 1 year ago, no other song since then). It’s approximately $2, so not a big issue, and they are still just in frozen state on my bank account, so my bank can still easily reimburse it.
I don’t think that Apple will ever admit they did something wrong. But it seems the system has vulnerabilities. Your card data linked to your Apple ID should be completely safe. It seems it is not, which means Apple is not so reliable anymore.
Sorry for the long post.
I am from Hungary.
So let’s be clear.
ApplePay and cards in your Wallet are not affected!
Only cards linked to your Apple ID that were used in the App Store in the past.
Some Hungarian guy on X said that the whole issue maybe linked to tokenization.
So when you register your card at a merchant (in this case Apple), and you buy a monthly/yearly subscription, they create a specific token linked to your card, so they can charge you in the future easily.
That is why all of the victims were charged with values same to previous subscriptions (iCloud, AppleTV+) and purchases (iTunes).
However there are victims who removed their cards years ago from their Apple ID account, or blocked their cards after the news broke out, and their bank accounts were still charged with previous purchases/subscriptions.
Somebody said his card already expired and still charged him, which slightly debunks the tokenization hypothesis.
So there are still a lot of questions. Why only Hungarian Apple users are affected? Why do these charges have same values only to Apple subscriptions and purchases? Is there a systematic issue/vulnerability with card tokenization?
I was also affected, I was charged for 399HUF (same as my iCloud subscription, that was already charged right on time a week earlier) and 249HUF (price of a song on iTunes that I purchased 1 year ago, no other song since then). It’s approximately $2, so not a big issue, and they are still just in frozen state on my bank account, so my bank can still easily reimburse it.
I don’t think that Apple will ever admit they did something wrong. But it seems the system has vulnerabilities. Your card data linked to your Apple ID should be completely safe. It seems it is not, which means Apple is not so reliable anymore.
Sorry for the long post.
Apple did royally **** up no doubt, but I'm still more mad at the banks. How do they let 30-60 charges go through without any authentication? Why do they let charges on frozen cards go through? I lost my faith in the whole banking system tbh.
Yesterday night two transactions were cancelled, and the third that was charged got refunded on my wise card. Still nothing from apple. At least I got my money back.
As per the Hungarian National Bank there were 780,000 incorrect charges from Apple in the amount of approx 5 million EUR. Apple now fixed the issue and they will refund in the next days
Got my refund last night for all charges. It was probably initiated by Apple,because I was mailing with their support, and haven't complained at Revolut yet. But absolute silence besides that, which is kinda disappointing. Probably solves my dilemma between building a pc or getting a Mac Studio...