My husbands credit card has been used without permission. They say it was used with my IP address and will not do anything about this. I have not used anything and have never had an issue with other cards and banks. Please help? I did not do anything and it is starting to cause issues for us and I don't want to loose my family. Any help is appreciated.
[Re-Titled by Moderator]
Original Title: Apple Wallet
iPhone 16 Pro Max, iOS 26
I will do my best, but not nearly as knowledgeable in this field as you are, please correct or add to anything I provide when you are available.
The DAN/DPAN is the last 4 digits that you would see on a receipt when making a purchase with Apple Pay. Those same 4 digits should be able to be provided to you when asking about the details of the transaction. It will identify the device that was used for the purchase. You will find this number on a device by going to the Wallet app, choose the card used, and tap the 3 dots on top of the screen and Card Number. The DAN/DPAN is the 4 digits seen under Apple Pay.
Each device will have a different DAN/DPAN for the same card, so you can verify if the purchase was made from your phone, or your husband's phone. If that number does match your device, then the purchase was made from your phone. Anyone that has the Passcode to your phone could have made the purchase, so it would not necessarily mean it was made by you, but it was made from your phone by someone that can unlock it.
If the number does not match your phone or your husband's phone, then that would reinforce the idea that the card number had been compromised through phishing or skimming on a retail terminal, and that card was added to someone else's phone.
I will do my best, but not nearly as knowledgeable in this field as you are, please correct or add to anything I provide when you are available.
The DAN/DPAN is the last 4 digits that you would see on a receipt when making a purchase with Apple Pay. Those same 4 digits should be able to be provided to you when asking about the details of the transaction. It will identify the device that was used for the purchase. You will find this number on a device by going to the Wallet app, choose the card used, and tap the 3 dots on top of the screen and Card Number. The DAN/DPAN is the 4 digits seen under Apple Pay.
Each device will have a different DAN/DPAN for the same card, so you can verify if the purchase was made from your phone, or your husband's phone. If that number does match your device, then the purchase was made from your phone. Anyone that has the Passcode to your phone could have made the purchase, so it would not necessarily mean it was made by you, but it was made from your phone by someone that can unlock it.
If the number does not match your phone or your husband's phone, then that would reinforce the idea that the card number had been compromised through phishing or skimming on a retail terminal, and that card was added to someone else's phone.
If you dispute the transaction, the issuer must investigate and must prove that the transaction was made with the consent - or by lack of appropriate card security applied by - the cardholder.
While the investigation is in-progress, the requirement to pay the disputed transaction is held in abeyance.
The cardholder does NOT have to prove that he didn’t make - or authorize - the transaction.
(As It’s impossible to prove a negative)
First off, what - if anything - does this have to do with Apple ???
Who is “they” ???
Generally everyone on the household’s local network shares the same Public IP address. (which is technically that of your router)
Generally, if a fraudulent charge is made on a credit card … the cardholder should dispute it. (although credit laws vary country to country)
However, any ApplePay transaction (if it indeed were an ApplePay transaction ???) can be traced to an individual device.
So … which device was it ?
This could be some kind of IP Spoofing. Here is how such a scam could work. The scammer gains access to the husband’s credit card details, either through a data breach, phishing, or skimming. To make fraudulent purchases or create accounts using the stolen card, the scammer uses a proxy or VPN to spoof the IP address so that it appears to come from the spouse’s iPhone IP or the same general geographic location. This is done to bypass merchant fraud detection systems that flag suspicious transactions coming from unexpected locations.
The fraudulent orders or transactions then appear as if they originated from the spouse’s iPhone IP address, tying the husband’s credit card fraud to the spouse’s IP. Sometimes scammers add stolen credit cards to digital wallets (like Apple Wallet) quickly after acquiring the card details, making unauthorized purchases appear as if done from a trusted device. Since IP addresses are regularly used by merchants for geolocation and fraud assessment, spoofing an IP address within the home or spouse’s network helps the scammers avoid triggering alarms about unusual activity.
The scam may also include social engineering or phishing to gather more personal info to make the fraud harder to detect and trace. Thus, the scam is not about hacking the iPhone itself, but about using the spouse’s IP address as a trusted geolocation proxy to hide fraudulent credit card activity and make it appear legitimate to merchants and fraud detection algorithms.
The IP address is obtained by several possible means, but in this scenario the OP’s iPhone probably connected to a compromised public WiFi network. Sometimes scam websites are used to capture IP addresses. Social engineering is always a possibility too.
Hi, are you following any of this? I’m happy to explain more detail if you feel it will help. Are you talking to your banks fraud department or just the customer support team? Have you disputed the charge(s) as Chattanoogan suggests? That will force the fraud department to investigate the situation.
Because it is from apple wallet/pay. was tried to be disputed through the card but because of an IP address they won't do anything. These were not our transactions. We have never had an issue with cards in wallet too. Was just looking to see if there was any way to help prove this was not done by us since we have to have something besides word of mouth from us.
This is what I was thinking, but how do we prove this? I have no need to lie or do anything like this. I work hard and can ask if there is anything that I ever want and he provides. He knows this but when things look bad, they look bad. I understand this. I did not do it though. So far I am just not getting any help on how to get to that point.
Jeff Donald wrote:
And what about the Device Access Number (DAN). Shouldn't that be visible on the transaction and be used to positively ID the device that was used to make the charge. I understand you would not be able to gain information from a user through the DAN, but should be able to determine if it was a specific device in the household where the transactions originated. Also not susceptible to spoofing like an IP Address. Correct?
I understand that this would be specific to an Apple Pay purchase and would have no bearing on a account number skimmed/shimmed from a retail terminal.
In what country are we discussing?
Yes, the DPAN/DAN would be different. Have you got time to explain it to the OP? I’m at my cardiologists for annual stress test etc. and between tests.
Thanks Jim, excellent explanation.
Great advice Chattanoogan!
I too was quite impressed by Jim’s “Pinch Hitting” on the subject. 👏
Unauthorized credit card use via Apple Wallet with my IP address
