App Store fraud allegedly impacting major mobile payment firms in China
Two major mobile payments companies in China have asked Apple to help reduce theft on their platforms, where customers' funds are being drained by criminals using stolen Apple IDs connected to their payment accounts for fraudulent App Store purchases.
The Alibaba-owned Alipay and Tencent-owned WeChat Pay have confirmed a number of their customers have been the subject of fraudulent App Store purchases. Alipay has, for the last few days, posted a warning online advising iPhone users of the thefts, and to secure their accounts where possible.
Alibaba's payments firm claims it has contacted Apple "multiple times" over the fraud, reports the Wall Street Journal, requesting the company to find out how they are taking place. Apple advised it was investigating the issue.
Customers have recently complained they received notifications of purchases in the App Store that they did not authorize, according to reports by the state media-controlled China National Radio. Social media posts from affected customers also note the notifications arrive at unusual times of day, and for some users has led to losses worth hundreds of dollars.
The notice by Alipay advised the affected customers included those who owned iPhones and had connected their accounts to other payment systems. Customers are "exposed to the risk of financial loss," until Apple deals with the issue, the notice warned, while also advising the losses could be minimized by lowering how much could be transferred in a transaction without requiring a password to be entered.
It is unknown exactly how the Apple IDs are being acquired by the fraudsters, nor how they are performing the App Store purchases. Alipay and WeChat Pay have to be registered to the Apple ID, potentially along with credit cards and other payment details, in order to perform the transactions.
While WeChat Pay didn't issue a notice to users about the issue, a statement from the company described similar circumstances.
An Apple spokeswoman advised there are instructions on the Apple support website explaining how to protect the Apple ID against fraud, including how to set up two-factor authentication.
WeChat Pay and AliPay are the largest payment services in the country, with approximately 800 million and 700 million users respectively as of the summer. Combined, the two companies handled in the region of $15 trillion in mobile transactions in the country during 2017, with the services used to pay for a vast number of everyday items and bills.
The Alibaba-owned Alipay and Tencent-owned WeChat Pay have confirmed a number of their customers have been the subject of fraudulent App Store purchases. Alipay has, for the last few days, posted a warning online advising iPhone users of the thefts, and to secure their accounts where possible.
Alibaba's payments firm claims it has contacted Apple "multiple times" over the fraud, reports the Wall Street Journal, requesting the company to find out how they are taking place. Apple advised it was investigating the issue.
Customers have recently complained they received notifications of purchases in the App Store that they did not authorize, according to reports by the state media-controlled China National Radio. Social media posts from affected customers also note the notifications arrive at unusual times of day, and for some users has led to losses worth hundreds of dollars.
The notice by Alipay advised the affected customers included those who owned iPhones and had connected their accounts to other payment systems. Customers are "exposed to the risk of financial loss," until Apple deals with the issue, the notice warned, while also advising the losses could be minimized by lowering how much could be transferred in a transaction without requiring a password to be entered.
It is unknown exactly how the Apple IDs are being acquired by the fraudsters, nor how they are performing the App Store purchases. Alipay and WeChat Pay have to be registered to the Apple ID, potentially along with credit cards and other payment details, in order to perform the transactions.
While WeChat Pay didn't issue a notice to users about the issue, a statement from the company described similar circumstances.
An Apple spokeswoman advised there are instructions on the Apple support website explaining how to protect the Apple ID against fraud, including how to set up two-factor authentication.
WeChat Pay and AliPay are the largest payment services in the country, with approximately 800 million and 700 million users respectively as of the summer. Combined, the two companies handled in the region of $15 trillion in mobile transactions in the country during 2017, with the services used to pay for a vast number of everyday items and bills.
Comments
This is also a problem because AFAIK, Apple provides no method for deleting, consolidating or changing Apple ID's anywhere. This has always bugged me. My Apple ID's have been screwed up for a decade or more, going back to when Apple stopped people from using their old AOL ID's as Apple ID's. I also had a problem recently where an app would not update, even though the update was listed, because the program was purchased originally with a different Apple ID. There was no error messaging - it just wouldn't update. I called Apple Support and we figured out what the issue was, but IMO, if that app was purchased with a different Apple ID, it shouldn't have even displayed, even though that would have been even less helpful. I also seem to remember getting stuck in loops when I tried to change passwords on Apple ID's.
Seems to me Apple has to secure those servers and if this scheme is widespread, assign new Apple ID's to everyone in China or at the very least, force everyone in China to pick a new password for their Apple ID the next time any type of purchase is made in the App Store. I don't know if Apple Pay is used in China but if it is, wouldn't users be in danger of having fraud on purchases outside the App Store as well?