Update on Apple Pay / bank - Fraud (UK)

Ok so just thought I would bring everyone up to speed on what’s happened with my fight with Monzo bank for unauthorised transactions from our joint account without us knowing and paid to 5 separate Revolut payment cards ..


we have been fighting this since March 24 when the alarm was raised when the transactions started leaving our account showing on our Apple Watches while we sat and watched TV .. we immediately emptied the account of all remaining funds and contacted MONZO , who froze all cards associated immediately and then started to look into it .. we contact Revolut who told us to go away as we are not customers , we contacted Apple support who said that the payments had not shown up on our account history .. however have now said they should have not said that ? … that same day Monzo fraud specialist team …LOL we have authorised it and they will not pay the money back (£650)


The whole case eventually after arguing with Monzo was sent across to the financial ombudsman who have looked into it and said that they will rule in favour of the bank saying that the payment token was set up in September 2024 on my wife’s iPhone and approved via the Monzo app !!!!!!! So in nut shell we have done it which is total nonsense!


we have no dealings with revolut , the money was leaving our account one after the other £100 then £150 the £100 etc while my wife was screaming at me someone is taken money out of our account ! and no one can explain how !! All we can assume we have been subject to a very clever set of fraudsters who have accessed our account wither Apple Pay , iPhone or bank without us knowing set up a payment token and used it 6 months later ..


we have checked our payment history back in September and everything looks in order , no dodgy payments , in fact my wife never really uses Apple Pay online , last used was July 2024 , and always uses her phone as tap and pay .


some have said that her card has been skimmed yet this does not explain how they have been able to access Apple Pay to set up this so called payment token


in a nutshell we have lost £650 ($893) in 13 min’s and can’t prove this is fraud !


we are about to close our Monzo bank accounts and stop using Apple Pay as somewhere down the line one of these is to blame for all this ! So please please be very careful what you do only have minimal funds in your debit account and have the rest in a savings account that can be used to move money around as and when needed


we shouted out to Apple support again for help and as expected we got passed from one advisor to another , one said one thing and the other said another , it was basically go away we don’t want to know … thanks allot ! Small fish in big ocean springs to mind !!


So don’t use Apple Pay and don’t bank with Monzo



one last evidence I’ve supplied yesterday , I put my wife’s email account which is her Apple account in NORD VPN and this has come back with a dark web breach back in September 2024 ? Possible details been leaked from a website that sells left over tickets for shows in London , I’ve send this to the ombudsman so hopefully this will help our case , yet it still does not explain how they have been able to set up the payments , my wife never used this company and never paid for anything just simple registered with NO payment . Who knows !


thanks for your time if you have read this right to the bottom


take care and be careful we are always under attack ! and the so called financial institutions won’t help us , yet want our money !


Andy





iPhone 13 Pro Max, iOS 18

Posted on Jun 27, 2025 1:18 AM

Reply
Question marked as Top-ranking reply

Posted on Jun 27, 2025 8:35 AM

I don’t see where anything has changed from our previous conversations.


Your wife’s debit card number/details were skimmed. The fraudulent actors added you wife’s card details into their Apple Wallet and the issuing bank verified and added the card to their Apple Wallet. Scammers then used the virtual number to purchase or reload prepaid debit cards. This is very typical fraud these days. I’m sorry you’ve experienced this.


Any recovery of funds will come from the bank that issued your wife’s debit card. They verified adding the card to the scammer’s device and authorized the transactions that took your funds.

35 replies
Sort By: 
Question marked as Top-ranking reply

Jun 27, 2025 8:35 AM in response to Smigglechops

I don’t see where anything has changed from our previous conversations.


Your wife’s debit card number/details were skimmed. The fraudulent actors added you wife’s card details into their Apple Wallet and the issuing bank verified and added the card to their Apple Wallet. Scammers then used the virtual number to purchase or reload prepaid debit cards. This is very typical fraud these days. I’m sorry you’ve experienced this.


Any recovery of funds will come from the bank that issued your wife’s debit card. They verified adding the card to the scammer’s device and authorized the transactions that took your funds.

Reply

Jun 28, 2025 7:17 AM in response to Smigglechops

OK, let me explain tokens to you. Tokens might be considered the backbone of the Apple Pay system. There are basically 6 types of tokens. Not all are used at the same time. Several are always used, as you’ll see.


The first is the DAN (Device Account Number). DAN is a unique token for each card in your Apple Wallet. Here are a few key concepts.


  • Replaces your actual card number when making purchases.
  • Stored in Secure Element (hardware-based secure chip) on the Apple device.
  • Used for in-store (NFC) and in-app purchases.
  • Looks similar to a credit card number but is unique per card/device.


The second is the Payment Token. It’s a complete data package that includes encrypted payment information. It includes the DAN token.


Payment Token is used during a transaction to provide payment credentials securely to the merchant/payment processor. It’s transmitted via NFC through the merchant’s transaction terminal. The Payment Token contains the following:


  • The DAN (Device Account Number)
  • A cryptogram (dynamic security code)
  • Transaction-specific data (purchase amount, merchant ID etc.)
  • Merchants and payment processors to authorize the transaction. Merchants and their card processor use this information to approve or decline the transaction.
  • A cryptogram AKA dynamic security code. The dynamic security code changes for each transaction and can only be used for one transactions/payment. It has a limited lifetime or its voided.




The third type is Cryptographic Token (Cryptogram) and it may be included in different data packages. A one-time-use dynamic cryptogram.


  • The token is used to authenticate the transaction originated from the user’s device.
  • It’s unique to each transaction.
  • Prevents replay attacks and fraud by ensuring tokens cannot be reused.


The Merchant Token is the fourth type and is a token used to represent a payment method (card) for a specific merchant.


  • Used primarily for recurring or card-on-file payments such as subscriptions. I usually refer to merchant tokens as subscription tokens because that’s how most Apple Pay users encounter them.
  • Helps merchants securely store a representation of the card for future charges, without storing real card data. This protects the card holder against data be lost if the merchant is hacked.


The fifth and sixth type are Transit Tokens and Express Transit Tokens. They don’t apply here so I won’t go into details.


Your situation involves either Payment Token or Merchant (subscription) Token. If the token used was setup on a prior date it was a Merchant Token. Merchant Tokens expire but not within the time frame you’re experiencing. Merchant Tokens are reusable to facilitate additional transactions.


So, your wife entered the data on a fraudulent merchant website. A merchant token was issued. A small trial transaction was successful. The scammers used the merchant token at a future date and transferred funds from your bank account.


Some banks use a velocity detection algorithm to slow or stop transactions like what was used to partially drain your account. Some banks believe velocity detection/prevention causes friction (upsets customers) and don’t use it or set higher amount thresholds.

Reply

Jun 27, 2025 4:46 AM in response to Smigglechops

Apple Pay works with merchants. Whatever these payment cards are wouldn’t be associated with Apple Pay.


I have a small merchant account for a specialized travel service business I own. I can be paid using Apple Pay. When someone uses tap-to-pay (Apple Pay) funds are almost immediately deposited into my merchant account, setup by the credit card processor. It works essentially the same way when they use my online store or pay an invoice.


I’m not understanding where the 5 payment cards come in to this.

Reply

Jun 28, 2025 8:12 AM in response to Jeff Donald

Thanks for the well explained use of Tokens to process payments. I have a couple of questions for my knowledge of their use that may also help the OP that I think only you can answer.

  • Can a merchant request a Merchant Token used for subscriptions to keep the information as a card on file transaction that can be used for later charges, instead of a Payment Token for a one time use charge? It does not appear as a user we have the choice of what type of token we want to send.
  • If a merchant has their information hacked that contains your Merchant Token, can a scammer use the token for other purchases or can the future charges only be made by that merchant?
  • With the latest iOS, we are supposed to be able to revoke Merchant Tokens in the Wallet app when viewing the cards recurring charges, is this at all helpful? Since the OP removed the card, that would be no longer possible to view, but would those tokens reappear if the card was added back to the Wallet app? And lastly, since the bank knows the token used for the transactions, is there anyway on your device to see if that token is one used for a recurring charge in the Wallet app?
Reply

Jun 27, 2025 3:51 AM in response to Smigglechops

There are some things that don’t make sense. What does “paid to 5 separate Revolut payment cards” have to do with this? You mention it in your first paragraph, but don’t explain what the payment cards are, and what 5 separate cards means. Where are you getting this information?

Reply

Jun 27, 2025 4:32 AM in response to Jeff Donald

5 unauthorised payments started transferring out of our account via apple pay to 5 different payment cards at a bank called Revolut ( the are cards that you put money onto them ) while we sat at watched TV all via Apple Pay online transactions to who we don’t know .. this was not authorised by us , all this information has been supplied by MONZO who are claiming we have done it !! The investigation by the ombudsman has said that a token was set up in September 2024 and authorised by my wife’s device (Apple iPhone) and within the Monzo app , I can confirm that this did NOT happen and we are at a total loss at how this has occurred ! Yesterday I put my wife’s iPhone account email into NORD VPN and straight away this identified a breach in data on the black web back in September 2024 , which seems abit coincidental that’s when the so called token was set up ?

Reply

Jun 27, 2025 4:43 AM in response to Smigglechops

In fact Jeff we had this discussion back when we disputed the transactions and I used all the information you supplied and help me understand how Apple Pay works … no one can explain how it’s happened and keep blaming us , the truth is we have been defrauded out of £650 ($891) ny what I would say are some very sophisticated fraudsters who have somehow got into our account and made the payments disguised them as Apple Pay why I am saying this we spoke to Apple on the day this happened and they confirmed that no payments had been made via Apple Pay as these did not show up in the history however now Apple are now saying that they should not have told us that and will not help us endless phone calls being passed from one agent to another and just keep getting the door shut in our face when you search the net you find case after case after case of people who have had this type of transaction on their account and can’t explain how it’s happened even this week I have a colleague who I work with her dad has had £30 taken out of his account via Apple Pay at a butchers he goes to and no one can explain how that has happened. It all seems very very suspicious that something is wrong with Apple Pay and fraudsters today are able to get into this system collect the data and then set up payments without the anyone’s knowledge.

Reply

Jun 27, 2025 4:59 AM in response to Jeff Donald

Who ever took the money transferred the money out of our account one after the other within 13 min


card 1 was transferred £ 150

card 2 was transferred £ 100

card 3 was transferred £ 150

card 4 was transferred £ 100

card 5 was transferred £ 150


basically we paid Revolut bank from our account which showed as Apple Pay online transactions , we only know now that they are prepaid cards because this is what the back have told us , each one had different Authority codes and transaction numbers

Reply

Jun 27, 2025 5:18 AM in response to Jeff Donald

The transactions were made via online payment via Apple Pay to these accounts in Revolut bank our bank account shows five transactions to Revolut bank when you go into the transaction history it shows where it’s gone which was five prepaid cards so someone somewhere was able to get into our account and use our Apple Pay to make a payment as an online transaction, similar to if you were purchasing an item online

However, the bank and the ombudsman are saying that we set up the transaction in September 2024 and approved a token which then allowed these transactions to be made on that day which we have disputed as we have not done this so basically someone somewhere has hacked into either the banking app and used our Apple Pay or has hacked into the Apple Pay and used my wife’s debit card which is loaded within Apple Pay , and made the five payments. The payments only stopped once I emptied our account or otherwise I truly believe that this type of payment via Apple Pay would’ve continued until the account was emptied and we would’ve been looking at an awful lot more money

Reply

Jun 27, 2025 5:23 AM in response to JM-Master

Hi thanks for taking the time to reply. Yes we have already done that on the day that the money was taken. The guy we spoke to was very helpful and looked into my wife’s account and said that these payments were not made via Apple Pay and advised us to continue with the dispute with our bank and tell our bank to contact Apple who would tell them that these payments did not happen However the bank did not do this which is also part of our dispute and when we have re-contacted Apple support via this method. They have passed us to one agent to another and basically in so many words have told us that this guy should not have told us that . Due to the nature of this attack on our account, we removed all payment cards from Apple Pay which unfortunately unknown to us removed all the history as we thought at the time we were under attack and all payment cards within the Apple Pay system was vulnerable. We have re-contacted Apple and made an official complaint And requested the taped conversation with this guy to be provided to us so we can prove that Apple have said that these transactions were not present unfortunately they have refused to contact us and are ignoring us .

Reply

Jun 27, 2025 5:32 AM in response to Smigglechops

The bottom lane is that the bank and the financial ombudsman have said that we made these payments to Revolut bank yet my wife was standing next to me with her phone in her hand screaming that our bank account was being emptied and when I logged onto our banking app, the money was just depositing out of it. It was only until I moved the remaining funds from our joint account to my own personal account. This stopped the bottom line is we have been victims of fraud but no one can tell us how this has been done everybody says Apple Pay is secure however this happened so something is not adding up and the bank will not accept what we are saying because we’re talking that’s associated with this payment was authorised on my wife’s device. When you look at my wife’s history with Apple Pay she has only used it once to purchase some clothing online every other payment is made via her phone via Apple Pay as tap and pay. It’s me that uses Apple Pay as a payment method online constantly. I also use my watch and my phone when I’m out she only uses her phone and her phone is never been left anywhere or security is up-to-date face recognition and two factor authorisation yet this still happened so you can imagine we just don’t know what is safe anymore.

Reply

Jun 27, 2025 6:20 AM in response to Jeff Donald

I put the information onto a post but the post has been deleted .


all we know as I’ve said ,


5 online transactions using my wife’s debit card via Apple Pay to revolut bank , on investigation this turn out to be 5 prepaid Revolut debit cards , now originally Apple said this could not be done , then later on said this could be so I’m lost still how this has actually been done .

Reply

Update on Apple Pay / bank - Fraud (UK)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.