PSA: AppleCard fraud, card replacement, and how to get Apple Store charges to work again

So, some of you might one day find yourselves in this unfortunate situation that charges show up on your AppleCard that you didn’t initiate. Fortunately, Apple’s slick AC interface on iPhone makes it very easy to alert Goldman Sachs who runs AC behind the scenes.

Tap on the fraudulent charge, select Report an Issue, and select Dispute Charge. This will dump you into a Messages thread with Apple (that’s what it claims, but really you’ll be talking to somebody at GS). You’ll explain to the rep there that you never made that purchase and it therefore must be fraudulent. They’ll go over a couple of questions with you and assuming there’s nothing special (and assuming here the fraudulent charge was made to your virtual AC, not the actual metal card—the rep will know), they will tell you that they are blocking your AC and setting up a new one. What this means is that the CC number associated with your AC will change (along with exp date and security code). This is a good thing. It means the scammer(s) can no longer charge you and if they try, it will be rejected right away. The rep will also flag that charge as fraudulent which means it will either never go from pending to charged, or, if it already became permanent, they will issue you what they term a “Balance Adjustment”. Bottom line, you should not lose any money (or sleep). Your iPhone’s AC interface will show the new CC number you can from now on use (or update with services where you had previously used the old CC number), and that should be the end of it. All good.

Except not quite.

If you happen to use your AC to pay for Apple Store purchases (music, books, TV/movies) you could be in for a surprise. You of course remembered that those purchases get billed to your AC so you also remembered that you have to update that. And so you went to Settings > Apple ID > Payment & Shipping where it shows AppleCard as your primary payment method. But which CC number? The new one or the old one? If you guessed the new one, you’d be wrong. You’d notice when next time Apple tries to charge your AC, you’d see the charge show up with a strikethrough and “Declined - Card Replaced” in red below. OK, so obviously, you still need to update that AppleCard. But how?

Easy! Head over to Wallet > AppleCard > … > Make Default at Apple and then tap the button Use as Default Card. And voila, you’ll get a little feedback message telling you all is good. So you dance off merrily into the sunset and think all is great in your little walled Apple garden.

Bummer is, that actually didn’t do jack for you and you have no direct way of noticing. Until you perhaps get another charge from Apple get declined in Wallet. Now the head scratching starts. And it only gets worse from here. The bottom line is that you need to remove the AC from Store entirely so you can add it from scratch again and only in that way will you be able to supply the new CC number to Store so that it finally starts charging the right card number and no longer gets declined. But how? Turns out it’s not as trivial as you might think.

1. You cannot just delete it. In the iOS Payment & Shipping section there is a Remove button and you can tap it. It’s just that this button (at least in iOS 15) does nothing at all. And there is zero feedback about this. You think you did it, but in reality nothing happened. Joke’s on you.

2. You cannot delete it in macOS either (at least not in Monterrey). Payment & Shipping in the Apple ID Sys Prefs, unlike iOS, offers no such interface.

3. Then you remember appleid.apple.com and decide to use that web interface to get rid of the old AC number. Alas, its Payment Methods panels will only show you what you are using (the AC, and of course the old one—even though it won’t tell you so). It won’t allow you to change anything.

4. Then you remember that iTunes used to offer an interface to your Store account. So you head over there to finally get rid of this old AC. Except, rats, no more iTunes! But because you’re Apple savvy and smart you know that Music must offer something like that in its place. So you head over there and search its never ending menus for the right thing. Presto: Accounts > Account Settings is what you’re looking for (for kicks, the same thing exists in TV or Books [although there it’s called View my Account and it will eventually dump you—of all places—into the Mac App Store, I kid you not]). Now you see a Manage Payments link and the great thing about this is that only here can you finally see the CC number attached to your listed AC and you’ll see it’s still the old one so you know it’s wrong. You now know the solution to all your trouble must be close.

Except it isn’t. Because although there is an Edit link, that will only show you your address details, but no means of changing from old CC to new CC number for your AC. But there’s a Remove button. Success!

LOL, forget it. That Remove button is again broken, just like the iOS widget. But at least this time there is some feedback (at least there was in my case as the Family Sharing user who pays the bills). This time it will tell you that you need to have at least one payment method on file.

And that, my friends, is the final clue. So in order to work around this mess of broken GUI, lack of logic, and missing user feedback, you need to first give the Apple Store a new CC (or debit card) to charge to. Once you have successfully supplied it with a new card, you can in fact remove the Apple Card using the Account Settings interface in Music or MAS. And once you have done that, you can use the same interface to again add your Apple Card (this time it will be attached with the correct new CC no.) and delete the other CC/DC you just supplied. And once you have finally done that, then using this interface, you will be able to verify that the CC number displayed is the one that matches your updated AC. From now on you will see charges from the Apple Store for your books, music, or TV/movies again correctly go through to your AC. Congrats, you’ve finally made it. You now deserve a chilled glass of quality beer (or whatever else floats your boat).

Apple, please fix your broken GUI. And please give users relevant feedback so they can understand how to fix a problem themselves without having to either a) spend hours on the phone with your support people or b) reverse engineer your broken process. Thank you.

And the real irony is that the system actually doesn’t need any card on file.

My Apple ID/Store account has never had an associated credit card. I created it back when one wasn’t required, and have never added one. I add gift cards to the account for making purchases.

And you can do this today. You can create a new account with a gift card instead of a credit card, and aside from needing to click a different button during account creation, it works just like an account with a card.

But it appears that once you add your first credit card, you can’t remove it again. Dumb, dumb, dumb, and dumb.

I set up my account many years ago like you did using a gift card. I hardly download any expensive apps and no music or movies so gift cards work just fine.

This mess is why I cancelled my Apple Card. I went through the process of reporting fraudulent charges, getting a new CC number. Then that card got hacked too, and I had to report fraud and change again. One interesting thing was that after I changed to a new CC number, I could still see attempted fraudulent charges appearing on my iPhone (they were all declined). This was such a mess that I canceled the card completely. The card was used for a very limited number of purchases (using Apple Pay) - my suspicion was that someone in the bank was stealing CC numbers. I have two other Visa cards and have only had one incidence of fraudulent charges (and I know how the happened - a trip to New Orleans); easy to get a new card and no fraudulent charges since.

David

Why oh why can’t Apple fix their broken interfaces?? It’s really a disgrace and not something you would think they’d want to be known for!!

This is indeed annoying.

Even after the old AC number has been blocked, fraudulent charges to that old number will still appear in Wallet under your AC with the red byline “Declined - Card Replaced” [including the wrong em dash].

Will it ever stop? Who knows. But why would this be displayed to the user at all? It’s just cluttering the transaction log with useless data without offering any value. No other CC company I have ever dealt with does it this way. Once your CC has been blocked, that’s the end of it. No more charges go through hence no more reason to display attempts.

Looks like GS and Apple still have some learning to do on how to run a consumer facing CC biz.

Oh my. If I get any fraudulent activities on my AC, I’ll be cancelling it immediately. I’ll just continue to use my Amazon Prime visa which only pays 1% for non Amazon purchases but it has NEVER caused any problems in the 15-20 years I’ve had it.

You nailed it. Exactly same scenario I went through after Thanksgiving. I still don’t understand all I did to correct issue, but invested 2-3 hours with the bank and Apple.

Good job explaining the process!

Unfortunately, this chicken-egg-chicken-card endless loop is NOT purely an Apple problem. And I now have even more reason to avoid Amazon!

About a month ago I got a nice email from Amazon reporting that my CC had been charged $119 to renew my Prime membership. I promptly called Amazon and reminded them that I have never had nor ever want a Prime Membership. They kindly responded that I did not have a PM. "You’ll have to take up that (fraudulent?) charge with my CC company.

Visa lady claimed that the PM is an annual, recurring charge by Amazon and I should take up canceling it with Amazon. Round 1.

Several rounds later, I moved up the chain of supervisors until I got one at Amazon that agreed to send me a “registered” email saying someone had fraudulently used my CC no. But I still needed to report it to the CC company.

In the end I got a new card over the Christmas weekend. Now come the part of editing every place that had that canceled card! That’s when the “broken” Edit/Remove/Add New/Now Delete routines started.

All I can think of is that all (maybe only 90% ) banks use the same terrible software. I wish it were only Apple. Apparently, Apple simply ties into the Goldman Sachs software via AC/Wallet/iTunes/App Store/Apple ID/etc. Point I’ve learned; Take Names and Ask for the Next Higher Level of Support, Just Do It Nicely But Firmly. “Customer = Lowest Form of Human”

In such a case I refuse to play along.

If you did not make the purchase (and you are 100% certain about it), it’s a fraudulent charge. Report it as such.

If the CC company tells you something about how this was an annual or recurring charge and to take it up with some company (that perhaps you have never done business with) simply refuse. Tell them it’s fraudulent. Require them to show you your signature on a bill or digital log to show that you actually made the purchase. They won’t be able to. It’s fraudulent and they have to allow you to dispute the charge as such.

You are required to inform the CC company of fraudulent charges. You are not required to argue with a random 3rd company you have perhaps never done business with.

Interesting. My AppleCard was hacked twice in 2021. I have 5 other credit/debit cards (2 European) which have NEVER been hacked. The last time my AC was hacked, Goldman Sachs said the fraudster used a physical card for a rental car charge, which is hard to imagine (they scan your driver’s license!). They issued provisional credit, but even after the “up-to” 60-day deadline I haven’t received notification of final resolution.

It’s worth noting that you can now (iOS 15) turn on a feature that changes your CVV every time it’s accessed. Tap the AC, then the little credit card icon at top, then turn on Advanced Fraud Detection; you’ll see a rotating clock icon next to the CVV security code. Apparently, a merchant only accesses the CVV once, so rotating doesn’t interfere with repetitive charges, like subscriptions. Not sure why it wouldn’t be on by default; it would have protected me from the fraud.

Of course, when using ApplePay, the merchant never even gets your physical AC number (and it doesn’t appear on the card), so you can request a new “physical” AC number anytime you suspect your current one may have been compromised.

I doubt there are many who can say they “have never done business with” Amazon. This is the same problem I had with them a bit over a year ago. The problem was with the information used by Amazon. I will not be surprised to ‘hear’ from Amazon, in about a month, that my (canceled) CC has “expired”.