Apple Pay used in fraudulent transactions involving stolen credit card data

Apple Pay used in fraudulent transactions involving stolen credit card data
Stolen credit card data has been used in some fraudulent transactions involving Apple Pay, according to a report that was published on Thursday by the Wall Street Journal. The Journal says that the data was stolen from retailers like Home Depot and Target. 80% of the fraudulent purchases were for high-priced items bought using an iPhone, at Apple's own stores.

Apple Pay is only a few months old, but has already raised the public's awareness of mobile payment systems in general. Apple Pay accounted for 67% of all mobile payment transactions on the top three credit card networks in the U.S. That level of quick success has led Apple's rivals to concentrate more on their own 'tap to pay services'. For example, Samsung has just announced Samsung Pay for the U.S. and Korea.

The banks that issued the credit cards used in Apple Pay are ultimately responsible for making the ripped-off retailers whole. The stolen credit card data is being entered into Apple Pay in lieu of a physical card, allowing the fraudsters to use Apple's mobile payment service to make these purchases. If there is a bright side to this as far as Apple is concerned, Apple Pay itself was not hacked into.

source: WSJ



1. bugsbunny00

Posts: 2264; Member since: Jun 07, 2013

bad apple....bad!

4. seven7dust unregistered

it's the same as stolen credit cards , no difference , the banking system is the one that needs to be blamed mostly sure Apple gets some blame for being lenient with the banks and their outdated methods of security.

36. j2001m

Posts: 3061; Member since: Apr 28, 2014

It is a Apple probelm and it them That have made this happen, they need to make it so you enter your pin when you add your card to there sytem, to they do this all hacks are there problem

42. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

This is why Verizon banded Google Wallets from its devices. Verizon wanted to be in the transaction to prevent this from happening to their customers. It wasn't until VZW put the secure element in the phones SIM that Google Wallet was allowed. It ensures the data is properly encrypted and that the purchase is tied to a single device to prevent something like, using other device to make a fraudulent purchase.

13. maherk

Posts: 6879; Member since: Feb 10, 2012

This has nothing to do with Apple. It's not their fault that the data was stolen from Home Depot and Target. Btw, why does this crap always happen with Target? Last year when i was in the States, the same thing happened to their customers, luckily my data wasn't stolen but i had to change my debit card because of it.

25. LoneVagrant

Posts: 1; Member since: Dec 30, 2014

Well apple has a lot to do with it - making everything easy, even when it's not supposed to be. If only some kind of confirmation transaction was required (ie. pay pal like) to activate virtual card, which would require you to log in to your bank account and do this manually (because as far as I understand - data on card is enough to add your card to AP? )

27. xondk

Posts: 1904; Member since: Mar 25, 2014

The issue with Apple Pay in this case, is that in this case basically apple works off the info on your card, number date ccc and such. Samsung Pay also allows this via nfc but the primary feature that people likely will use is the magnetic feature, which requires you to scan your card to make use of it, meaning you need the physical card to make use of it in shops and such. Granted nfc is still possible which will likely use the card info rather then magnetic stripe, so at least in terms of general in store usage, it is going to be less of an issue with samsung pay. Though yeah it is still possible it can happen with the nfc part.

37. j2001m

Posts: 3061; Member since: Apr 28, 2014

Yes it is, they need to make it so you have to enter your pin when you 1st add a card to Apple pay, to then it's there problem, U.K. card system is more secure than Apple pay.

2. cncrim

Posts: 1588; Member since: Aug 15, 2011

Create by men, can and will hack by men.

3. Tajiseo

Posts: 48; Member since: Mar 03, 2015

and still talking about Apple's security is taboo

5. techperson211

Posts: 1280; Member since: Feb 27, 2014

Well as technology evolves so does criminal. Why would rob a bank where you can just steal smartphone with credit card stored in it, worse case your bank information.

8. techperson211

Posts: 1280; Member since: Feb 27, 2014

Funny how PA writer praises apple in every article and defend them as well. Hopefully you'll do the same to all article.

15. Napalm_3nema

Posts: 2236; Member since: Jun 14, 2013

If you enter stolen credit card data into an iPhone and use it to buy something it's no different than just using the cards. This isn't about Apple, it's about vulnerabilities in the systems of Home Depot and Target. The fact that Apple Pay was used is incidental.

18. hung2900

Posts: 966; Member since: Mar 02, 2012

You're right, but the Apple Pay requires one step of verification from the phone to the bank, which is the loophole. Samsung pay, as I guess, is basically 100% replacement of a card, meaning that loophole doesn't exist.

19. willard12 unregistered

It's not the same if the criminal doesn't actually have the cards but only has the data. But I agree it's not an Apple problem. It's a problem with banks and how they secure data and allow the verification.

32. j2001m

Posts: 3061; Member since: Apr 28, 2014

I think you have to scan the cards with samsung pay ( or it will be like that after this) I.e. This makes it so you have to own the cards and makes it more secure, I am lost to why you do not do this with apple

31. TBomb

Posts: 1485; Member since: Dec 28, 2012

a debit card woudl require you to type in a PIN... not 100% sure how AP wokrs in that dept. but my current understanding is you dont need to type anything in.

39. jroc74

Posts: 6023; Member since: Dec 30, 2010

Now...whats happened with Apple Pay sounds alot like if you just had the CC info and bought something off a website. I would think that a service thats on a phone would offer a lil more security than just using a website.. Those saying with Samsung Pay you have to have the actual card to enter info.....whats your answer to that?

40. InspectorGadget80 unregistered

There's not SUCH THING as a SECURED phone. I will never put my credit card in my phone. some one can pick it up and used to buy what they see. and people still praise apple.

6. Furbal unregistered

it was only a matter of time. This is going to happen with any payment method as long as they take care of it, all is well. cncrim is right, anything can and will be hacked.

7. Derekjeter

Posts: 1492; Member since: Oct 27, 2011

Here come the Apple haters to complaint even though it's not Apples fault. I had my credit card info stolen from Target 4 years ago I purchased $56 and 15 minutes later somebody spent $3700 on another Target 500 miles away. At the same time I was in the WF bank signing my signature about 200 times to make sure it wasnt me who flew 500 miles in 15 minutes there was a 62 year old lady who had $1200 stolen from the same Target. Banks shouldn't do business with Target any longer. I stopped shopping at that store.

33. j2001m

Posts: 3061; Member since: Apr 28, 2014

It is Apple fault as they do not do a card scan like samsung does.

9. dirtydirty00

Posts: 428; Member since: Jan 21, 2011

They can't track which iPhone was used to make the transaction???? That seems like it would be an obviously easy bit of data to attach to each transaction that would make it hard for crooks to use this as a vehicle for credit card fraud

12. arch_angel

Posts: 1651; Member since: Feb 20, 2015

ikr i was thinking the same thing. it should be easy to trace the fraud back to the iphone that was used

16. Napalm_3nema

Posts: 2236; Member since: Jun 14, 2013

No, because for the very same reason Apple Pay wasn't and hasn't been hacked, it was foolproof for using with the fraudulent data. The system creates a virtual, one-time token and makes the payment. No information is transferred to the retailer about the buyer.

23. arch_angel

Posts: 1651; Member since: Feb 20, 2015

good to know bro thanks for the info.

34. j2001m

Posts: 3061; Member since: Apr 28, 2014

I looking at the way Apple does this, why there end is secure it's open to fraud big time as you do not have to have the card to setup the payments, but apples backend is secured for now, but Apple pay is less secure than chip and pin In the uk for banks that need your pin to work witht the card being there, I.e.min the uk if Apple was to offer this you will need to enter your pin when you add your card to there system, needs to be the same in the usa, I.e. Add your pin when you add the card, that the one used to get cash from wall, just in cash the usa as no idea what I am on about, this will lock thee system down

20. AlikMalix unregistered

Apple does NOT track this data unlike Google would likely do. That's actually the beauty of applr pay - they don't care what u buy, where u buy it, and what you spend to buy it.

28. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

You speak as if you know that for certain. Where your source? Tired of Apple fan... know very little but do make many bold claims.

30. RebelwithoutaClue unregistered

I'm not an Apple fan but it has been on so many news sites that Apple will not track your expenditures.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.