What you need to know
- An Apple Card user noticed fraudulent activity.
- Normally that would be after a physical card was skimmed and cloned.
- But they never used their phsyical card so it can't have been skimmed.
Credit card security is hard. Even for Apple.
UPDATE - 9to5Mac has updated its original post. The user has remembered that they did use their card's virtual number online when making a non-Apple Pay payment via a school website. It's possible that website was compromised. Our original post follows.
Keeping credit card users safe isn't an easy job, something Apple Card partner Goldman Sachs should already know. But now Apple is learning it, too. We've already heard of someone having their titanium Apple Card cloned, but now someone else has been a victim of fraud. But they've never used their card, so it can't have been skimmed.
Normally when a credit card is cloned it's because it was skimmed during a payment. If you give your card to someone and they take it out of sight, they could be skimming it. Not every time, obviously, but that's how easily it can happen. Once they have your card details they create a cloned card and go to town using it.
But 9to5Mac has heard of someone who has experienced fraud despite having never used their physical card. Which means it can't have been skimmed. So how did someone get his card details?
The story goes that the person found an Apple Card trasnsaction from Chicago, despite him living on the West Coast. So again, how did someone get his card details?
When the card owner asked Apple (it's possible he was forwarded to a Goldman Sachs representative) the respose was one of confusion rather than being able to offer any answers.
I'm not entirely sure how this happens. My team is in charge of taking care of unrecognized transactions and we can only see where the transaction was made and what card was used, details of that sort.
There was at least a crumb of comfort. "Not only is it extremely hard to get a hold of credit card information, but if somehow there are fraudulent charges, you will never be held responsible for unauthorized transactions on Apple Card," the support agent went on to say.
It's currently unknown exactly what went on here. Banks have previously had issues with support teams selling data to crooks for the purpose of card cloning and that can't be ruled out here. It's highly unlikely an Apple Pay transaction was compromised, too. Even if it was, Apple generates a unique authentication code for each transaction which means the details couldn't be used a second time anyway.
So for the third time, how did someone get this person's card details?