Sounds like a very interesting case. 1) Cardholders don't even know the physical card number. Even if used at a merchant, only the last for digits would be displayed on a receipt. 2) Cardholders are able to change virtual card number at will at anytime for these purposes. 3) Apple Card also allows automatic CVC number changing for added security in addition to locking the physical and virtual cards.
I'm sorry this has happened to you. Hope it all eventually works out for you. A complaint to the CFPB wouldn't provide a resolution in this case per se I don't think, in my opinion. As Goldman Sachs solution is close account and reapply. I could see if they were refusing to do so. I've never heard of an issuer telling consumer to reapply in fixing a fraudulent situation. Just my 2 cents.
So where is the card being used for the fraud? Can you find out? This sounds to me like it's someone that knows you considering all of the account protections that Apple Card has in place.
"Now earlier this month, I had 10+ charges that were again fraud, but never posted and were just pending (they were using the old card from January). Another virtual card was issued and the password was changed."
So if they were using old invalid information why did you need to reset anything again? They obviously didn't have your new information and you were no longer comprimised. This is where you went wrong I think. If the card information they were using was really cancelled then this should have been the end of it.
3/3/24
I've had credit cards for almost 40 years, @davyvfr, and I've had fraud issues countless times with numerous lenders. But this situation is highly unusual. Somebody is missing something. I've never had nor heard of an on-going fraud issue once it is reported to the lender.
I have many questions that might help you diagnose where the problem lies.
- You said you only used the card (virtually) for Door Dash. Is Door Dash the only place you've used it, or just the only place you've used it virtually?
- Do you use mobile wallet for payments?
- Do you have a physical titanium Apple card and if so, do you use it, know where it is, and would anyone else be able to access it?
- How are the all the fraudulent charges being made: virtually, Apple Wallet, or physical card? Did you ask Goldman Sachs?
- Have you tried the "Lock Card" feature in the Apple Wallet? (Open Apple Wallet > tap three dots in upper right corner > "Card Details" > Lock Card.
- Do you have your phone set to alert you to all transactions? (Go to Card Details link above; "Transactions > ON." This could give you real-time information as fraud is being committed. Make sure this is still "ON".
- WHERE are all the charges being made? Are they just from Door Dash?
Here are my thoughts of some further steps that could be helpful.
- Someone may have access to your physical iPhone or have changed settings without your knowledge. Check under Settings >> Face ID and Passcode. I was recently reading about this issue. If someone has your phone unlock code, they can go to this area and change preferences that could threaten security. They could turn off Face ID for phone unlock, or just for access to Apple Wallet. And they can turn off "Require Attention for Face ID" which means someone could hold it to your face while you're sleeping to unlock it.
- Have you tried changing you phone passcode and making it more complex?
- Does anyone have access/passcode to your MAC/laptop? Have you tried changing that passcode? Under Settings > Wallet and Apple Pay, you can deactivate "Use Apple Pay when Available", "Allow Payments on Mac", and "Add Orders to Wallet" features that could complicate someone's fraudulent use. Moreover, if someone got into your laptop, do you have your login information saved for accounts or do you have login information written somewhere that someone could easily access?
- You changed your Apple ID password but it didn't help. Have you seen any other unusual activity related to your Apple account beyond the Apple card fraud? Did you take it a step further and change your Apple ID, not just the password? HERE is how. For information about compromised Apple ID, read >THIS APPLE LINK<.
- If your phone is secure, and Apple ID is secure, then somebody appears to know your normal email and/or phone number that is associated with your credit cards. And you've tried changing the passwords. I know it's a hassle, but perhaps consider setting up a new email profile for general use. Use that when you set up your new Apple ID also. I would consider changing your phone number since lenders tend to use these for "verification" these days.
- Have you tried reporting the physical card stolen and requesting a new card? Since the "true" card number is hidden in the magnetic strip, this might break the connection to your account. I would definitely try this before I just closed the account.
- I know you said you don't think Door Dash is the issue since you didn't store a card profile there, you had no issues when you changed cards, and the fraudulent charges were not from YOUR Door Dash account. However, if many charges are from Door Dash, there might be a security connection. I would consider deleting your Door Dash profile and re-enrolling with a completely different profile, including the new email/phone number.
- If the charges (are) mostly or (all) Door Dash, have you contacted them about the fraud? Have you contacted any other merchants about the fraud? They might be able to give you further information about how/when/where the charges were made to your account or where orders were scheduled for delivery.
- Read THIS FORBES ARTICLE< about a type of fraud that can allow someone with access to your phone to access Apple Pay without authentication. The work-around is a convenience feature for express use on transit platforms. To disable it, go to Settings > Apple Wallet > Express Transit Card and change it to (NONE). This may not be directly related to your circumstances, but it is a potential security flaw.
- Besides changing passcodes or auto login, I would consider physically securing my computer and/or phone better in case someone is accessing the devices.
I don't know your living situation or relationships, but several of my suggestions have included the possibility of someone close to you who is physically accessing your devices. For now, I think it's best that you don't discuss your security plans with anyone or disclose new passcodes with anyone. Keep it all to yourself until you've broken the cycle.
Please keep us informed about your progress as I'm very curious to know how this all turns out. And if you are successful resolving it, what steps were necessary. I don't think that closing the account is necessary even though this has been a major inconvenience for you. Best wishes on a speedy resolution.
Every time I try to do anything related to my Apple ID with another device (like when I recently set up new phones/iPads) I get an authentication request sent to my other devices... "XXX is trying to access your ID. 123 456 is the code to authenticate."
Just makes me wonder how is it possible for someone to hack your phone and use your Apple Pay.
@davyvfr wrote:
@Lou-natic wrote:So where is the card being used for the fraud? Can you find out? This sounds to me like it's someone that knows you considering all of the account protections that Apple Card has in place.
"Now earlier this month, I had 10+ charges that were again fraud, but never posted and were just pending (they were using the old card from January). Another virtual card was issued and the password was changed."
So if they were using old invalid information why did you need to reset anything again? They obviously didn't have your new information and you were no longer comprimised. This is where you went wrong I think. If the card information they were using was really cancelled then this should have been the end of it.
The card was used for fraud in January and February for websites and these transactions were auto declined by Goldman Sachs. They may have been using the correct card number but incorrect billing information. At that point is when I requested a new card number.
In March there was purchases for the following websites (these were auto declined since they were using an old card number that was changed) :
gusxio.combdngth.com
happyupsoul.com
vonnenow.com
glowbliss.net
There are a lot more websites used like above, and thankfully these were all declined since they were using an old card number. Then the card was used virtually the end of March successfully for $44.80 on DoorDash (they got the new card number).
I don't even think those websites are real companies so it's pointless reaching out to them.
Have you yourself ever entered the new card number onto DoorDash? If so, definitely sound like a security issue with DoorDash.
@sznthescore wrote:Have you yourself ever entered the new card number onto DoorDash? If so, definitely sound like a security issue with DoorDash.
Gives me another reason to never use DoorDash. I've never used it or Uber Eats... I did check UE once and it was like $25 for a $10 meal from McD's...
I'm like wow... people really pay that?
No thanks... I'll drive to the Taco Time that's 1 mile away. 