“There’s a hack for that”: how iPhone users might be scammed out of £1,000!

Do you use a Visa credit or debit card with Apple Pay? If you do, there’s an Apple security hack you should know about. Here’s how the latest contactless payment hack works, and how you can protect your money.

What is the Apple Pay contactless hack?

The hack takes advantage of Apple Pay’s ‘Express Travel‘ mode.

With Express Travel set up, you can quickly pay for a journey on your Apple Watch or iPhone without opening an app or using a passcode of any kind. You don’t even need to unlock your device! All you do is hold your iPhone or Apple Watch over the contactless reader and, just like that, your travel’s paid for (assuming there’s money in your account, of course!). 

Essentially, the hack allows criminals to steal £1,000 from a Visa credit card or debit card, which is worrying news.

How does the hack work?

For security reasons, some details remain secret. However, the gist is that hackers ‘trick’ your device by using some unobtrusive, readily available radio equipment. Your device thinks you’re paying for a ticket via Express Travel and makes the payment. 

To our knowledge, the hack only works on Apple devices if you have both:

• A Visa card set up in your Apple Wallet
• Express Travel mode enabled

So, if you don’t use Express Travel, you’re probably unaffected by the Apple Pay hack (for now, at least). 

Is Mastercard affected?

From the tests performed so far, the hack only affects Visa contactless payments. So, as far as testing goes, Mastercard payments through Express Travel appear safer. 

However, that’s not to say Mastercard contactless payments are not vulnerable. No payment method is 100% safe, after all. Always stay vigilant, particularly on busy commutes. 

How can I protect my money if I use Apple Pay on my iPhone?

If you use Apple Pay on your iPhone, here are a few ways to keep your money a little safer in light of these findings. 

• Rather than using Express Travel, consider finding another way to pay. 
• Change your Apple ID if you suspect your details have been compromised.

If your device is lost or has been stolen, go to your iCloud and activate ‘Lost Mode’ for the affected device. Call your bank immediately and report your card stolen, too, so they can block the card. The quicker you do this, the less chance there is of someone skimming money from your device through the Express Travel feature. 

Should I keep using a Visa card with Apple Pay?

At the moment, it’s probably best if you make a few changes. 

• If you only have a Visa credit or debit card for making payments, turn off Express Travel. This way, hackers can’t trick your Apple Watch or iPhone into releasing the payment so easily.
• Alternatively, if you can, switch to another provider like Mastercard or American Express for contactless payments.  

While there’s no evidence (yet) that hackers are actually exploiting this vulnerability, don’t make it easy for them. Take a few extra steps to safeguard your payments and protect your hard-earned cash.

And, if you’re worried about fraudulent activity, contact your bank and Action Fraud UK immediately for advice. 

About the author

Some offers on MyWalletHero are from our partners — it’s how we make money and keep this site going. But does that impact our ratings? Nope. Our commitment is to you. If a product isn’t any good, our rating will reflect that, or we won’t list it at all. Also, while we aim to feature the best products available, we do not review every product on the market. Learn more here. The statements above are The Motley Fool’s alone and have not been provided or endorsed by bank advertisers. John Mackey, CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool’s board of directors. The Motley Fool UK has recommended Barclays, Hargreaves Lansdown, HSBC Holdings, Lloyds Banking Group, Mastercard, and Tesco.

This post was originally published on Motley Fool