Yesterday I got an alert on my phone “Apple Card - Unusual Activity Detected”. I looked at there were 29 charges that were flagged. The first was an order at a Papa Johns Pizza in Milwaukee (I’m in NYC). An hour later a charge at a gun store in California. Then there were 20 something PlayStation charges. So of course I quickly reached out to Apple support and they changed my virtual card number. After that was done, someone tried to charge the same Papa Johns Pizza in Milwaukee, but it was rejected as “Declined - Card Replaced”.
So my question is, how was someone able to get my Apple Card number? I only use the number in websites that don’t support Apple Pay, like Amazon, Spotify, etc. Is it possible one of these websites was hacked? Apple support also told me to change my iCloud password, which I did. But I assume if someone hacked into my iCloud account, they would’ve done more than just take my Apple Card number.
The one I suspect is a local place where I play pickleball. It’s a mom and pop kind of website. I wish there was a way to have a unique card number I can use on just one website. After my number was changed I had to spend an hour updating it in all the websites I use regularly.
Privacy.com. It takes a bit of fiddling to set up, but once you do you can have cards with monthly limits, merchant limits, “one time only” cards, etc. It’s free for very low-volume usage.
I, for example, have a “Laundry” card. It’s merchant-locked with a $30/month cap. So my laundry room app that I have to use auto-reloads my balance when it falls below $25, but even if it gets hacked the number can’t fall into somebody else’s hands and get charged $100 for gas or beer.
I also have a “Temu” card, since I wanted to order some stuff and didn’t want to give my real card number to that site. Again, monthly cap, merchant-locked.
Anyone who takes card payments should be complying with a standard called PCI-DSS, this is often outsourced by smaller concerns to companies like Stripe, Paypal, or Worldpay so that the small company never has access to your actual card number, they merely log into their payment vendor and download their takings.
Banks report when this happens and I’d be amazed if there isn’t some form of process which recognises patterns and launches investigtions where there is a common course.
My anecdotal experience is that banks don’t care. The cost of actually investigating is far outweighed by simply writing off the fraud almost all the time.
(I had a debit card I truly never used. I used it one time at a gas station in a somewhat sketchy nearby town. A few days later I got fraudulent transactions which were refunded fine by my bank.
I reported the details and they arrogantly told me I could file a police report if I wanted, but they weren’t going to do anything.
Later I read various online postings that this particular gas station was notorious for being the victim of credit card skimmers. Leads one to believe the owner/operator was in on the scam, but still no action taken.)
I suspect a lot of that may be automated these days. Several years ago I got a call from my travel card company saying they had noticed suspicious activity on my account, had cancelled my card and issued a new one that I should receive in X days. And that my new card number was already active and I could use it immediately. I don’ t recall if they told me the new number then or sent it overnight.
Automated fraud detection yes. But I doubt they do any investigation or follow-up.
FWIW, the detections and early shut-off of your card (temporarily) is always to benefit the bank/card issuer, not the card holder.
I’ve bought electronics for personal or business use and had my card rejected or put on hold many times because of some pattern recognition or high-risk vendor/company I was purchasing from.
Always a hassle to unfreeze my card and explain to the vendor "it’s not me (bad credit risk), it is you (target of frequent fraudulent transactions).
I’ve been lucky, I received this card a couple of months before I graduated college and never had that happen. I once complained about a camera company in NY that had promised delivery of a lens I needed for a job, then said it was backorderd. The card company told me to purchase it from someone else if I could, and to ignore the charge when I received my bill. And I think I reported a fraudulent charge once.
Again, monthly cap, merchant-locked.