Apple Card Hacked, but how?

[Pequod23]

Somehow, my Apple Card information was stolen, apparently along with my identity information. I've had credit cards compromised in the past, but this was very unusual. The perpetrator got the number that is associated with the physical card and used it to charge nine transactions at a wine store in Wallingford Connecticut. All of the transactions took place over the course of about 10 minutes. It's not clear yet whether these were actual physical transactions, but the Wallet app says that they were "card present" transactions meaning that according to the system, someone had a physical card with my info on it. I spoke to the store manager and to the police and they are following up with potential video of the transactions.

Of course, I notified Goldman Sachs and they are looking into it. But I am puzzled by several things. First, while the charges were apparently made in Wallingford Connecticut, the record in the Wallet app shows them as having been made in my hometown in Massachusetts, approximately 100 miles away from Wallingford. Both the transaction list and transaction detail screens have my home town, but the map shows the details of the actual physical location in Wallingford. Clicking on the map on the transaction detail screen takes you to the Yelp page for that merchant, which has the actual physical address and phone number for the store were the charges were made in Wallingford. The puzzling thing is, how can they change the merchant location?

The card present indication means that there was a physical card presented (unless that is hacked, too). I have had it suggested that my physical card was scanned somehow by an RFID scanner, or was compromised in a card skimmer. That may be the case, but I have only used the card for Apple services transactions except for the first month that I had it, which was last September.

With the changes to the merchant information, this seems more like a digital hack. Searched the Internet and have not seen anything like this, and in fact very few reports of Apple Cards being compromised. Ideas are welcome.

 

[chscag]

With the changes to the merchant information, this seems more like a digital hack.

I suspect you're correct. I have had both my personal and business Visa cards hacked the same way. One particular hack showed items purchased from a store in Ireland.... I live in Texas.

 

[tkukoc]

I'd check is make sure you have two factor authentication on your Apple account associated with your card. I would then change my passwords for anything and everything just in case. Sorry you had that happen, no fun at all.

 

[jaytv111]

The Apple Card (in its physical form at least) is not a contactless card at all. It won't do anything with any RFID reader. It can however be easily skimmed, then copied to a physical card, then it can be used like it was the real card. Or it's possible there was an online hack and the card number was taken and used in the same way (as far as I know, there's two separate numbers, one for online, one in the magstripe).

The Wallet app probably had something unexpected on the backend which caused it to have wrong location data in the one view and then the right location in the other view. It probably defaulted to your home address with this unexpected condition.

 

[Rigby]

It's not clear yet whether these were actual physical transactions, but the Wallet app says that they were "card present" transactions meaning that according to the system, someone had a physical card with my info on it.

Most likely a card with a cloned mag stripe, and they found a retailer that still accepts mag stripe.

But I am puzzled by several things. First, while the charges were apparently made in Wallingford Connecticut, the record in the Wallet app shows them as having been made in my hometown in Massachusetts, approximately 100 miles away from Wallingford. Both the transaction list and transaction detail screens have my home town, but the map shows the details of the actual physical location in Wallingford. Clicking on the map on the transaction detail screen takes you to the Yelp page for that merchant, which has the actual physical address and phone number for the store were the charges were made in Wallingford. The puzzling thing is, how can they change the merchant location?

I don't really know how Apple handles this, but they may use different methods to determine location in the transaction list and in the maps. Note that there isn't a 100% reliable method to determine the location of physical card transactions. There is a registry that links merchant IDs to locations, but it is voluntary and smaller retailers may not participate. The map could be based on scraping the regular transaction data for an address or store number. This works with many 3rd party credit cards provisioned in Apple Pay too, BTW.

With the changes to the merchant information, this seems more like a digital hack. Searched the Internet and have not seen anything like this, and in fact very few reports of Apple Cards being compromised. Ideas are welcome.

Most likely there was a data breach at either a retailer where you used the card before, or perhaps a payment processor.

 

[ZipZap]

Applecard is a credit card. If you make purchases with it those purchases are subject to fraud. So, to say Applecards cannot be hacked is crazy. One of your merchants has been hacked. I thought Applecards had digitally generated numbers. Have a new one assigned and move forward. The exempt from this type of fraud per Visa/MC rules. Its a GS issue once you report the loss.

 

[Rigby]

I thought Applecards had digitally generated numbers. Have a new one assigned and move forward.

The DAN (virtual card number) is only used when you use it through Apple Pay (just like any other credit card). The physical card has a fixed number (also like any other credit card). The Apple Card is no more or less secure than any other card that can be used with Apple Pay.

 

[ZipZap]

The DAN (virtual card number) is only used when you use it through Apple Pay (just like any other credit card). The physical card has a fixed number (also like any other credit card). The Apple Card is no more or less secure than any other card that can be used with Apple Pay.

Fair enough, then Goldman Sachs should generate a new card for use. Don’t understand why that’s not happening.

 

[R3k]

Had something similar 2 hours ago. Within a few minutes I had 1000 emails in my inbox for new mailing list subscriptions along with 2 wallet notifications telling me I’d been charged about 2k by the Apple store.

Totally freaked me out that they got both CCinfo and email address and hit both at the same time.

 

[TiggrToo]

Had something similar 2 hours ago. Within a few minutes I had 1000 emails in my inbox for new mailing list subscriptions along with 2 wallet notifications telling me I’d been charged about 2k by the Apple store.

Totally freaked me out that they got both CCinfo and email address and hit both at the same time.

Sounds like a vendor was hacked. Have you checked with Goldman Sachs to see if it was the physical or virtual card that was used?

 

[R3k]

Sounds like a vendor was hacked. Have you checked with Goldman Sachs to see if it was the physical or virtual card that was used?

4th time Ive tried messaging them. Noone is picking up in the text chat at the moment. My question has been hanging there for 30 minutes. Weird. But yeah, I'm guessing a vendor. Not sure which card type.

 

[TiggrToo]

4th time Ive tried messaging them. Noone is picking up in the text chat at the moment. My question has been hanging there for 30 minutes. Weird. But yeah, I'm guessing a vendor. Not sure which card type.

How odd, just chatted to them on a separate question. Took 4 minutes for a reply.

 

[R3k]

How odd, just chatted to them on a separate question. Took 4 minutes for a reply.

Yeah, had to call them for a conversation in the end. They then transferred me to 1800-Apple, who transferred me to Apple sales, and on hold with them atm.

 

[TiggrToo]

Yeah, had to call them for a conversation in the end. They then transferred me to 1800-Apple, who transferred me to Apple sales, and on hold with them atm.

Good luck!

 

[V_Man]

What liquor store. I’m in Wallingford