You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

User profile for user: Kingilby
Kingilby Author
User level: Level 1
12 points

Apple wallet Compromised

This is what seems like happend to me, someone attempted to send the amount of 168.39 from my credit karma debit card through apple wallet the card had 0 balance so it declined then they tried 161.39 and that also declined neither of them i got notifications for. the date of these were 9/29/24 then they moved to my chase debit card which does have money on it and they successfully made a transaction for 168.39 the merchant details on Credit Karma is “ APPLE CASH SENT MONEY, CUPERTINO, CA 95014

US “ it wasn't until yesterday i realize this and made my claim with my bank i got my money back but chase let me know that no future chase debit card can be used with my apple wallet. And then today i get an email from apple telling me because i disputed the charge i will never be allowed to receive or send money using apple pay. Im so confused on how the heck this even happend. Also i have no clue who this money was sent to i have no info on any recipient. Or destination the only bit of info i have is from chase and it says “APPLE CASH SENT MONE1INFINITELOOP CA” how can this be my fault and why am i getting the short end of the stick. This is clearly an on going issue with apple and their security, if this is happening to multiple people then this cant be an end user issue. Im extremely frustrated with how apple is handling this issue. How is this possible i check my accounts often and i didn't get any notifications. I would never use a card that has no money on it and for it to change values by 7$ and then attempt again. If it was me i would love to see more info but apple nor my bank account can give me any more info then what i have provided.

iPhone 14 Pro, iOS 18

Posted on Oct 7, 2024 6:42 PM

Reply
Question marked as Top-ranking reply
User profile for user: Jeff Donald
Jeff Donald
User level: Level 7
25,551 points

Posted on Oct 9, 2024 8:20 AM

I’m happy to explain.


Your account numbers are stored on your iPhone or in your Wallet app. When you submit your card information in Apple Wallet it’s encrypted and sent to Apple Servers. All data and photo, if used, are deleted off your iPhone. Apple servers send the encrypted data to your bank and possibly the Payment Network Operator (Visa, Mastercard, etc.) and you and your data are verified. The bank encrypts the data again using their own encryption and sends it to the TSP (Token Service Provider) who decrypts the data and produces a dynamic token. The token is then encrypted and sent to Apple Servers. Apple servers then bind the token to the secure element in your iPhone.


The Secure Element has never been hacked. Not even in theory. It’s a SOC (System on a Chip) that is separate from the processor, memory and all other elements of the iPhone. It runs an entirely different OS and meets ISO standards approved by banks etc. Again, never been hacked.


The token contains a dynamic account number generator that creates a unique account number for every transaction with a merchant. The only thing each number has in common is the last 4 numbers, which you can see in the Card details in your Apple Wallet app.


The merchant does not receive your name, decrypted account number, expiration date or CVV2 number. If the merchant were hacked, there’s no useful data.


But who has the data? Your bank and you and also anyplace you inserted your chip or swiped your cards. All it takes is a skimmer in a transaction terminal or ATM.


So, please explain how a chip that’s never been hacked got hacked, encrypted data was taken, decrypted and matched to your expiration date and CVV2 number.



View in context
16 replies

Apple wallet Compromised

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up