Last week we heard from a reader who experienced a fraudulent charge coming from a clone of his Apple Card. It was a good reminder that even with its security focus and lack of printed numbers, the physical Apple Card is just as susceptible to skimming and cloning as any other credit or debit card. Now we’ve heard from another reader who just had a fraud issue with Apple Card, but more surprising and concerning, he says he’s never used the physical titanium Apple Card. Could there be a bigger security issue for Apple Card than skimming?
A 9to5Mac reader shared today that he had to deal with a fraudulent Apple Card charge that happened in Chicago while he lives on the West Coast. With the previous case we heard about, the most likely explanation was the information of the titanium Apple Card being skimmed and cloned by a thief. However, since with this latest case the user claims he has only ever used Apple Pay with his Apple Card and never used the physical one, the skimming theory would be out the window.
Thieves trying to intercept card details during an Apple Pay transaction doesn’t seem likely and even if they did get the info, Apple uses a unique security code for each transaction, so it shouldn’t be useful for future transactions. Here’s how Apple describes how Apple Pay works:
When you make a purchase, Apple Pay uses a device-specific number and unique transaction code. So your card number is never stored on your device or on Apple servers, and when you pay, your card numbers are never shared by Apple with merchants.
So for this latest case, could the next best logical explanation be a bad actor at Goldman Sachs (or Apple? ?) selling customer Apple Card details for thieves to make cloned cards?
When Larry brought up his concerns with Apple Support, just like the last story we heard about, the representative was confused and didn’t have any answers.
I understand this can be concerning, especially regarding your financial security, however it is the most secure system of credit cards I’ve ever seen. Not only is it extremely hard to get a hold of
credit card information, but if somehow there are fraudulent charges, you will never be held responsible for unauthorized transactions on Apple Card.
Notably, those words don’t mean much after you’ve experienced fraud with the “most secure system of credit cards.”
The support rep went on to express his bewilderment on how it happened but the statement makes it sound like Apple Card fraud is something that they’re seeing multiple cases of.
I’m not entirely sure how this happens. My team is in charge of taking care of unrecognized transactions and we can only see where the transaction was made and what card was used, details of that sort.
What do you think? Assuming Larry’s physical card hasn’t ever been used, does criminal activity inside Goldman Sachs or Apple seem like the most likely way fraud could be happening for Apple Card customers in the same situation? Share your thoughts in the comments below!
Update 10/14: Our reader who shared this experience wrote back today to share one new piece of information. His Apple Card was used for one online purchase (with a virtual number) through his daughter’s school. So it’s possible the school’s payment system was hacked. But even if that was the case there’s still the question of the rotating CVV Apple Card code and how the thief was able to get around it.