What Is Apple Pay and Why Do Scammers Use It?
Apple Pay is a digital wallet and a contactless payment technology that allows you to use your phone to make payments. For many people, it’s become a convenient way to speed up the payment process in stores by simply tapping their phone on the card reader. And with reports suggesting that 75% of Apple users have activated Apple Pay, it’s fast becoming the default method of payment for consumers.
However, an increase in popularity means an increase in scammers trying to commit fraudulent purchases. Apple Pay is a particularly good target for scammers, since it is very difficult for victims of these scams to get their money back. This is partly because the service does not offer buyer protection, so users are not protected in the same way they would be if their bank accounts were hacked.
In this article, we’ll take a look at Apple Pay scams in more detail and explain how you can protect your iPhone from potential security breaches.
Protect your iPhone from scammers
Download Certo Mobile Security for free to help protect your iPhone against cyber-attacks.
How Does Apple Pay Work?
Apple users can set up an Apple Pay account by linking it to a credit or debit card.
Apple Pay can be used anywhere you see an Apple Pay logo. You can pay by simply opening your Apple wallet, selecting the linked card, and tapping it on the card reader.
If you have biometric recognition (Face ID or Touch ID) set up on your phone, you can use this to verify the payment.
Although the obvious difference between using Apple Pay and paying with a card is that you don’t use the physical card with Apple Pay, there are some important differences happening behind the scenes.
When you pay with a bank card, your bank details are shared with the merchant.
But when you use Apple Pay, Apple encrypts the transaction. This means that your bank details are never shared with the merchant or stored on Apple’s servers, which makes it more difficult for hackers to access them.
Other payment processing apps that are similar to Apple Pay include Google Pay, PayPal, and Venmo—but with Apple Pay accounting for almost half of all digital wallet purchases, it has the lion’s share of the market.
Is Apple Pay Safe and Secure for Online Purchases?
Since your card details are not stored on Apple’s servers, it’s particularly difficult for hackers to use Apple Pay to scam you. Apple is renowned for prioritizing their users’ privacy and security, and Apple Pay has a number of features designed to protect you from being scammed or hacked.
Let’s take a look at some of these features in more detail.
Advanced layers of authentication
Apple Pay uses biometric recognition to make sure that you are the only person who can authorize payments. Before you make a payment using Apple Pay you’ll be asked to use Touch ID (fingerprint) or Face ID to approve it. If you haven’t enabled these features on your iPhone, you’ll need to enter a passcode.
If your phone gets stolen, this level of security makes it very difficult for others to access your phone or use it to make purchases.
Tokenization
“Tokenization” refers to the process that Apple uses to protect your card details. Instead of storing and sharing your card details such as card number, expiration date, and CVV code with merchants, Apple creates a unique passcode, or “token,” that can only be used once.
This ensures that your card details are kept secure and Apple doesn’t store them on your device or in the iCloud, either. If a hacker does manage to intercept the one-time passcode or “token,” they won’t be able to use it to access your money.
Find My iPhone
If your phone is lost or stolen, you can use the Find My iPhone app to temporarily freeze your Apple Pay account so that no one can use it to make fraudulent purchases.
This smart feature gives Apple Pay users peace of mind that their personal information is still secure even if their phone is compromised.
How Can You Get Scammed with Apple Pay?
Although Apple Pay has advanced security features to protect its users, it’s unfortunately still possible for scammers to trick you. Below we list the most common ways to get scammed with Apple Pay.
Phishing
Phishing scams are those which “fish” for personal information and bank details under the guise of being genuine. Common phishing scams include text messages or emails inviting you to claim a prize or a refund that you are owed.
The recipient is usually asked to follow a link to input sensitive information, which hackers can then use to make fraudulent purchases.
In a recent Apple Pay phishing scam, users received a message saying that Apple Pay had been suspended on their device. The message included a link to a fake Apple Pay website, inviting people to input their card details again to reactivate their account. In reality, those card details were being used to commit fraud.
Online marketplace scams
If you’re selling items via online marketplaces like Facebook Marketplace, be cautious about who you’re selling to.
Hackers sometimes connect stolen credit cards to an Apple Pay account and use them to buy expensive items on online marketplaces like Facebook Marketplace.
Once the rightful owner of the card has noticed the transaction and raised a dispute, the fraudulent transaction comes as a nasty shock to the seller—who loses both the product they sold and the money they expected to receive.
Since Apple Pay doesn’t offer buyer protection, it can be very difficult to get your money back in these situations.
Unsecured Wi-Fi
Public Wi-Fi is a handy way to stay connected, but it’s not without its risks. Public Wi-Fi networks are much easier to hack than private ones, so you should avoid making any changes to your Apple Pay account details while connected to public Wi-Fi.
If you really need to change something in your Apple Pay profile when you’re away from home, use a VPN (virtual private network) for increased security. We would highly recommend NordVPN.
Fake lottery or sweepstakes scams
Some scammers try to convince people that they have won a prize, a lottery, or a sweepstake from Apple. The messages usually come with a link directing you to a fake Apple Pay website, where you’ll be invited to fill in personal details that match your Apple Pay account to claim your prize.
But in reality, the scammer can use the information you provide to try to steal money from your Apple wallet.
Overpayment scams
This type of scam can occur when you’re trying to sell something online, on Facebook Marketplace for example. The fraudster will message you about an item you’re selling, and you’ll agree to a price.
Then they’ll buy the item, but send you too much money “by accident.” They’ll ask you to refund them the difference using Apple Cash or another digital wallet like PayPal or Venmo.
What really happened though is that the buyer used stolen credit card details to make the original payment. When the true owner of the card realizes that they have been scammed and raises a dispute, you’ll lose the product you sold, the original payment you received, and the amount you refunded to the scammer.
Unsolicited payments or requests
Scammers may also try to target you by sending you payments, or requests for payment, on Apple Cash. Apple Cash is built into the Wallet app on iPhones, and is designed to let you send and receive money with people you know.
If you receive money you weren’t expecting via Apple Cash, it’s probably a scammer using stolen credit card details. If you accept the payment, the scammer will likely contact you and ask you for a refund. Sometimes they’ll tell you that you can keep some of the money as a kind of reward, but when the real card owner then files a dispute, the money will be withdrawn from your account.
Similarly, be very wary of unexpected payment requests via Apple Cash. Scammers will often pretend to be a trusted company, like Amazon or Netflix, to try to get you to send them money.
The fact that neither of these companies accepts Apple Pay should be a huge red flag. The bottom line is that if you receive a payment or a request for payment that you weren’t expecting, it’s probably a scam.
Bots stealing your two-factor authentication (2FA) codes
Hackers are now using automated bots to call your phone and trick you into telling them your Apple Pay 2FA codes. A 2FA code is a passcode you receive, often by text message, after you’ve logged into your Apple Pay account using your password.
This two-factor authentication method is designed to make it harder for criminals to hack into your phone. However, if you unwittingly give them access to your 2FA code, they will be able to access your Apple Pay account and use it to make fraudulent purchases.
How to Avoid Getting Scammed
Although scammers will always come up with ways to try to steal money, the best way to protect yourself is by being cautious and vigilant. Here are a few of our top tips to avoid scams:
- Be suspicious of anyone “accidentally” sending you money, or of any unexpected payments or payment requests on Apple Cash. These are red flags, and someone is probably trying to scam you.
- Don’t click on links in text messages or emails telling you that you’ve won a prize or are due a refund. You should also be wary of messages that say they are from an established business like Amazon, for example, telling you that your account has been suspended. Never give away personal information in response to these links.
- Never give out your 2FA codes. No genuine business or person would ever request them, and they can be used to compromise your account.
- Be careful when using public Wi-Fi. Don’t make any changes to your Apple Pay account or profile while using public Wi-Fi, and use a VPN if you have to do anything confidential online.
What to Do If You Are Scammed on Apple Pay or Apple Cash
In the unfortunate event that you do get scammed, there are a few things you can do to try to recover your money and protect your account.
However, the process is a little different depending on whether you were scammed via Apple Pay or Apple Cash.
Apple Cash scams
Apple Cash payments do not include buyer protection, since it’s designed to be a peer-to-peer money transfer service to be used between friends and family. If you authorize a transaction on Apple Cash that turns out to be fraudulent, it’s very difficult to get your money back.
However, if the scammer has not yet accepted the payment you still have a chance. Find your conversation with the scammer in iMessage, and select Payment. Go to the Wallet app and click Latest Transaction. If the Cancel Payment option is still there, you can use it. If not, it’s too late and Apple will not refund you.
Apple Pay scams
If you used Apple Pay to send money to a scammer or a fraudulent account, you can dispute the transaction in the Wallet app, under Latest Transaction.
You should also contact your bank to tell them you’ve been a victim of a scam. They can freeze your card and advise you about the next steps.
Make sure you change your passwords, too, and enable 2FA authentication if you haven’t done so already.
Get Peace of Mind with Certo Mobile Security
Apple Pay scams are becoming more and more prevalent. If you’re an iPhone user, you need to remain vigilant and secure your device against potential attacks.
One of the best ways to protect your iPhone against Apple Pay scams is by using an app like Certo Mobile Security. Our easy-to-use app has a handy security and privacy checklist that you can use to make sure your device is as secure as possible. Download it for free today and start protecting your device now.
Frequently Asked Questions (FAQs)
Are there Apple Pay scams?
Yes, it’s possible to be scammed via Apple Pay. If a hacker is able to gain access to your personal details, they may be able to access your account and make fraudulent payments.
Can I get my money back from Apple Pay if I get scammed?
In some circ*mstances it may be possible to get money back from an Apple Pay scam, although it’s not guaranteed.
If you used Apple Pay to send money to a scammer or a fraudulent account, you can dispute the transaction in the Wallet app, under Latest Transaction.
Can money be stolen from Apple Pay?
Yes, if someone is able to access your Apple Pay account they will be able to spend your money on fraudulent purchases.
