New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Sending Confirmation Emails To Combat App Purchase Fraud

Apple has begun sending emails when AppleID's are used to make purchases on iOS devices not previously associated with the account. It is likely these emails are being used as one way to combat increasingly frequent app purchase fraud.


MacRumors reader Michael had his iPhone replaced at an Apple Retail Store. After the first App Store purchase on the replaced phone, he received the above email. The email doesn't require confirmation of the purchase, but is instead a simple notification that a new device has been used and requests the user change their password if they don't recognize the activity.

Apple already requires credit card users to reenter the 3 or 4 digit CID number from the back of their credit card (front in the case of American Express) to authenticate the new device, however users with balances from iTunes Store Gift Cards aren't required to perform any special authentication other than entering their AppleID password.

Top Rated Comments

(View all)

44 months ago
It's a step in the right direction, but seems incomplete without an easy way to contact Apple regarding a fraudulent charge.

Doesn't this email sort of send the message that "we know your account may have been jeopardized, but we don't want to help you fix it"? :confused:
Rating: 4 Votes
44 months ago
This isn't new...:rolleyes:
Rating: 3 Votes
44 months ago
I got this months ago... not new like the others said.
Rating: 3 Votes
44 months ago
I had my account hacked (a very old email account was compromised, and used to access the password recovery function).
As soon as I got the email, I knew something was up. My iTunes credit was drained (I participated in the gift card promotion for education this summer).

The CVV code entry is easily bypassed, if someone has the account password - all an attacker needs to do is remove the credit card. When the card information is removed, there is no barrier to the confirmation of the account on a new device. (No CVV needs to be entered) Of course, this is only worthwhile if you have iTunes credit on your account, but if you do, an attacker can buy apps with your account freely.

As a side note, it seems that Apple's been rolling this out - my email was for modification of the account info. Perhaps it's only done when a new device is activated without the CVV code, or when a potential attack vector is recognized.

Happy ending, though, Apple refunded all of the iTunes credit.
Rating: 2 Votes
44 months ago
Glad Apple are getting wise to this.
Rating: 2 Votes
44 months ago

Does anybody know if it's possible to transfer your purchase history and account into a new username?


You can simply change your Apple ID on your account. You can't create a new account (with new ID) and transfer the purchases with it. Making a second account is a bad idea because they can not be merged together. Just change the Apple ID on your account to save you a lot of hassle.

Follow this link:
https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/69/wa/directToSignIn?wosid=ex52wgHT0SbfvcBuEHQosM&localang=en_US

sign into your account, and where it says Apple ID, there should be a small 'edit' link in the right corner. Edit the Apple ID as you wish. (If no 'edit' then this means the ID is in use with, or has been in use with mobile me and can not be changed at all)

if you have devices, sign out of your iTunes account on all of them, and sign back in using your new ID.
Rating: 2 Votes
44 months ago

To all the folks that said they got these emails a while ago and that it isn't new:

Why didn't you send it in? :-)


Didn't think it was new worthy tbh... still not convinced it is...
Rating: 2 Votes
44 months ago

To all the folks that said they got these emails a while ago and that it isn't new:

Why didn't you send it in? :-)


Because it didn't seem news worthy?
Rating: 2 Votes
44 months ago
Along with a few here, have had such an email ages ago when buying on a different device. Perhaps we can back date the story to when it was new :p
Rating: 1 Votes
44 months ago
Wouldn't have considered this newsworthy. Also, just a few points... it's Apple ID, not AppleID (saying for the sake of consistency, as the article uses AppleID while the email in the image clearly says Apple ID). Also, things like stating the numbers being on the front of American Express cards is completely arbitrary and just isn't needed.
Rating: 1 Votes

[ Read All Comments ]