What you need to know
- An Apple Card user noticed fraudulent activity.
- Normally that would be after a physical card was skimmed and cloned.
- But they never used their phsyical card so it can't have been skimmed.
UPDATE - 9to5Mac has updated its original post. The user has remembered that they did use their card's virtual number online when making a non-Apple Pay payment via a school website. It's possible that website was compromised. Our original post follows.
Keeping credit card users safe isn't an easy job, something Apple Card partner Goldman Sachs should already know. But now Apple is learning it, too. We've already heard of someone having their titanium Apple Card cloned, but now someone else has been a victim of fraud. But they've never used their card, so it can't have been skimmed.
Normally when a credit card is cloned it's because it was skimmed during a payment. If you give your card to someone and they take it out of sight, they could be skimming it. Not every time, obviously, but that's how easily it can happen. Once they have your card details they create a cloned card and go to town using it.
But 9to5Mac has heard of someone who has experienced fraud despite having never used their physical card. Which means it can't have been skimmed. So how did someone get his card details?
The story goes that the person found an Apple Card trasnsaction from Chicago, despite him living on the West Coast. So again, how did someone get his card details?
When the card owner asked Apple (it's possible he was forwarded to a Goldman Sachs representative) the respose was one of confusion rather than being able to offer any answers.
There was at least a crumb of comfort. "Not only is it extremely hard to get a hold of credit card information, but if somehow there are fraudulent charges, you will never be held responsible for unauthorized transactions on Apple Card," the support agent went on to say.
It's currently unknown exactly what went on here. Banks have previously had issues with support teams selling data to crooks for the purpose of card cloning and that can't be ruled out here. It's highly unlikely an Apple Pay transaction was compromised, too. Even if it was, Apple generates a unique authentication code for each transaction which means the details couldn't be used a second time anyway.
So for the third time, how did someone get this person's card details?
Get the best of iMore in in your inbox, every day!
Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.
Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.
This may seem too obvious, but I have to ask: did the person give their CC out in any other way, such as entering it online or verbally?
Yeah I didn’t buy it when they said they’ve never used the physical card. People forget their transactions. Try to remember your last 5. It’s hard There’s some detail missing here. It would be good to know what the fraudulent transaction was, that can tell how the card was compromised. For example. If the fraud transaction was an online transaction then Skimming is not the way it was compromised. They admit to using the card on the school website which could mean a couple of things. 1. The school website is storing card numbers without encrypting them and the school website is breached. 2. The computer the person used to input the card details was itself compromised and had a key logger on it recording all the necessary information. 3. It’s a card number sequence error made by GS. Meaning Goldman issued the card numbers in a sequence making easily guessable. This is not likely as we would be hearing about many people as this usually affects a large group. Not going to be the last Fraud that occurs on an Apple Card. For sure Banks deal with this on a daily basis
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.