Last week we heard from a reader who experienced a fraudulent charge coming from a clone of his Apple Card. It was a good reminder that even with its security focus and lack of printed numbers, the physical Apple Card is just as susceptible to skimming and cloning as any other credit or debit card. Now we’ve heard from another reader who just had a fraud issue with Apple Card, but more surprising, he says he’s never used the physical titanium Apple Card.
Update 10/14: Our reader who shared this experience wrote back today to share a new piece of information. He discovered his Apple Card was used for one online purchase (with a virtual number) through his daughter’s school. So it’s possible the school’s payment system was hacked.
For those who are highly security-conscious, the virtual number for Apple Card is semi-permanent and can be changed manually at any time. This means users get the functionality of being able to use a virtual number and unique CVV code for websites that don’t take Apple Pay without having to reenter card details for recurring purchases, etc., while being able to reset the virtual number in the event of a security breach at a retailer or even just periodically to stay as secure as possible.
Notably, the virtual number is separate from the Apple Pay number for Apple Card, which is separate from the number of the physical titanium Apple Card that is not printed on it.
A 9to5Mac reader shared today that he had to deal with a fraudulent Apple Card charge that happened in Chicago while he lives on the West Coast. With the previous case we heard about, the most likely explanation was the information of the titanium Apple Card being skimmed and cloned by a thief. However, since with this latest case the user claims he has only ever used Apple Pay with his Apple Card and never used the physical one, the skimming theory would be out the window.
Thieves trying to intercept card details during an Apple Pay transaction doesn’t seem likely and even if they did get the info, Apple uses a unique security code for each transaction, so it shouldn’t be useful for future transactions. Here’s how Apple describes how Apple Pay works:
When you make a purchase, Apple Pay uses a device-specific number and unique transaction code. So your card number is never stored on your device or on Apple servers, and when you pay, your card numbers are never shared by Apple with merchants.
When bringing up his concerns with Apple Support, just like the last story we heard about, the representative was confused and didn’t have any answers.
I understand this can be concerning, especially regarding your financial security, however it is the most secure system of credit cards I’ve ever seen. Not only is it extremely hard to get a hold of credit card information, but if somehow there are fraudulent charges, you will never be held responsible for unauthorized transactions on Apple Card.
The support rep went on to express his bewilderment on how it happened but the statement makes it sound like Apple Card fraud is something that they’re seeing multiple cases of.
I’m not entirely sure how this happens. My team is in charge of taking care of unrecognized transactions and we can only see where the transaction was made and what card was used, details of that sort.
FTC: We use income earning auto affiliate links. More.