How did Apple know this?

[Ronstar]

DW's credit card was hacked. Credit card Co sent her a new card with a new number. She started the process of changing all of her online accounts to access the new card. She changed one account, then went into Apple to change her info. She didn't need to change anything at Apple - the new card info was already there without her having to enter it.

 

[audreyh1]

ApplePay stays linked with the banks. Some update card info immediately, others don’t.

Unless it wasn’t ApplePay

 

[GrayHare]

The big guys are always snooping. Did she use an iphone to update the one account? If not, it could have been via Apple javascript at that account.

 

[latexman]

What the . . . !

 

[Ronstar]

Ah. I think she does have ApplePay. And she is updating from an iPad. So the connection is probably through one of these.

 

[audreyh1]

Ah. I think she does have ApplePay. And she is updating from an iPad. So the connection is probably through one of these.

Yes, ApplePay aways has links to the banks. Some banks update stuff right away, others don’t and you have to delete the card and re-enter it.

 

[PaunchyPirate]

Right. One of the reasons that ApplePay is considered very secure is that it doesn’t store actual card info on the phone. It uses a virtual token identifier on the phone that is linked to the bank. If the bank changes the actual card number without breaking the token link, it can update the phone with whatever details it needs for the new card. It’s a feature, not a privacy invasion.

 

[CardsFan]

I am not sure this is just an Apple thing. I don't recall all the details, but last time I had a compromised card I do remember several of my on line accounts had already been updated.

 

[Kork13]

I just went through this with one of our credit cards that somehow got compromised last week. On the phone with the fraud guys, I was told that they have a system out there to notify & automatically update credit card info with service companies on customers' behalf in the event of fraud. It's used largely (though not exclusively) by companies that do auto-billing type stuff (think Netflix, cable company, etc.) to prevent charges to the old card from getting denied. But not everyone does it, so you need to call everyone just to verify that they have the updated info. However, between the time the old card got shut down & we received the new one (hadn't called anybody yet), our cable company & our insurance both charged to the new card just fine. So it seems that it works fairly well. I'll still call everyone to verify, but it's certainly a helpful service to reduce the flail after a fraud event.

 

[donheff]

I had no idea they could do this. It is a PITA to update CC info at autopay companies. Maybe when I kick the bucket they will be able to automatically switch to one of DW's cards.