Apple wallet Compromised

I’m happy to explain.

Your account numbers are stored on your iPhone or in your Wallet app. When you submit your card information in Apple Wallet it’s encrypted and sent to Apple Servers. All data and photo, if used, are deleted off your iPhone. Apple servers send the encrypted data to your bank and possibly the Payment Network Operator (Visa, Mastercard, etc.) and you and your data are verified. The bank encrypts the data again using their own encryption and sends it to the TSP (Token Service Provider) who decrypts the data and produces a dynamic token. The token is then encrypted and sent to Apple Servers. Apple servers then bind the token to the secure element in your iPhone.

The Secure Element has never been hacked. Not even in theory. It’s a SOC (System on a Chip) that is separate from the processor, memory and all other elements of the iPhone. It runs an entirely different OS and meets ISO standards approved by banks etc. Again, never been hacked.

The token contains a dynamic account number generator that creates a unique account number for every transaction with a merchant. The only thing each number has in common is the last 4 numbers, which you can see in the Card details in your Apple Wallet app.

The merchant does not receive your name, decrypted account number, expiration date or CVV2 number. If the merchant were hacked, there’s no useful data.

But who has the data? Your bank and you and also anyplace you inserted your chip or swiped your cards. All it takes is a skimmer in a transaction terminal or ATM.

So, please explain how a chip that’s never been hacked got hacked, encrypted data was taken, decrypted and matched to your expiration date and CVV2 number.

It sounds like someone got you Chase debit card information. They added the Chase card to their Apple device, opened an Apple Cash account and then used Apple Cash to send themselves funds using the Chase card as the funding source.

The information was most likely skimmed off the Chase card when you inserted the chip or swiped the card at an ATM, gas station, convenience store or grocery store. The information was the sold on the Dark Web and fraudsters purchased the information and made counterfeit cards and added it to electronic Wallets.

Any notifications would come from the bank when your Chase debit card was used for the transfer. The Apple Cash receipt would have gone to the fraudster’s device.

Excellent explanation provided by Jeff Donald and to add, any transaction that is made on a compromised account is going to show up in the Wallet app. It is your bank that provides this information and it does not mean that the transaction occurred from the Wallet app or that it has been compromised.

The most likely is a skimmer or a merchant got hacked. Chips and magstripes have full data. Merchants know your name, card number, expiration and CVV. In some cases even addresses. If the merchant ever shipped you anything, your full address and phone number are recorded.

If you’re a hacker do you spend time trying to hack an iPhone and then decrypt data and then create a dynamic token? Or may hack a merchant and get tens of thousands of accounts that may not even be encrypted.

What shows up in the Wallet is what the bank shares. Some banks share more information than others. Discover shares a lot, Capital shares next to nothing.

im no techie, but after reading all the threads here- what about a compromised browser? perhaps a browser that stored your account infos and passwords had a breach? i am constantly getting messages from google that my account information "has appeared in a data breach". just an idea.

I explained that. The bank that issued the card, adds that data to the Wallet, not Apple. All Apple has is encrypted data about the transaction and the bank has the key to decrypt the data. Apple doesn’t know who the merchant is, what was purchased etc.

As I previously stated, some banks share more information than others. Discover and American Express share more data than most (all?). The big 4 banks, Chase, Bank of America, Citibank and Wells Fargo, share the least in my experience. The information is not Apple’s to share. Just because your iPhone encrypts data and is part of the transaction data submission system, does not make the data Apple’s.

It’s starting to sound like your Credit Karma account is compromised. Have you entered your accounts into Credit Karma? Many people enter their various accounts into their app or website.

Hello~ Thanks for adding a more comprehensive and concise explanation. It has added to my knowledge!! 🙏🏻🙏🏻

~Katana-San~

Are you referring to Apple Cash transactions?

You’re welcome!