Apple Sending Confirmation Emails To Combat App Purchase Fraud
Apple has begun sending emails when AppleID's are used to make purchases on iOS devices not previously associated with the account. It is likely these emails are being used as one way to combat increasingly frequent app purchase fraud.
MacRumors reader Michael had his iPhone replaced at an Apple Retail Store. After the first App Store purchase on the replaced phone, he received the above email. The email doesn't require confirmation of the purchase, but is instead a simple notification that a new device has been used and requests the user change their password if they don't recognize the activity.
Apple already requires credit card users to reenter the 3 or 4 digit CID number from the back of their credit card (front in the case of American Express) to authenticate the new device, however users with balances from iTunes Store Gift Cards aren't required to perform any special authentication other than entering their AppleID password.
MacRumors reader Michael had his iPhone replaced at an Apple Retail Store. After the first App Store purchase on the replaced phone, he received the above email. The email doesn't require confirmation of the purchase, but is instead a simple notification that a new device has been used and requests the user change their password if they don't recognize the activity.
Apple already requires credit card users to reenter the 3 or 4 digit CID number from the back of their credit card (front in the case of American Express) to authenticate the new device, however users with balances from iTunes Store Gift Cards aren't required to perform any special authentication other than entering their AppleID password.
Top Rated Comments
(View all)
24 months ago
It's a step in the right direction, but seems incomplete without an easy way to contact Apple regarding a fraudulent charge.
Doesn't this email sort of send the message that "we know your account may have been jeopardized, but we don't want to help you fix it"? :confused:
Doesn't this email sort of send the message that "we know your account may have been jeopardized, but we don't want to help you fix it"? :confused:
24 months ago
To all the folks that said they got these emails a while ago and that it isn't new:
Why didn't you send it in? :-)
Why didn't you send it in? :-)
24 months ago
To all the folks that said they got these emails a while ago and that it isn't new:
Why didn't you send it in? :-)
Didn't think it was new worthy tbh... still not convinced it is...
24 months ago
Did the user print out the e-mail, scribble marker over their name and Apple ID, scan the paper and upload it? LOL :eek:
24 months ago
Does anybody know if it's possible to transfer your purchase history and account into a new username?
You can simply change your Apple ID on your account. You can't create a new account (with new ID) and transfer the purchases with it. Making a second account is a bad idea because they can not be merged together. Just change the Apple ID on your account to save you a lot of hassle.
Follow this link:
https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/69/wa/directToSignIn?wosid=ex52wgHT0SbfvcBuEHQosM&localang=en_US
sign into your account, and where it says Apple ID, there should be a small 'edit' link in the right corner. Edit the Apple ID as you wish. (If no 'edit' then this means the ID is in use with, or has been in use with mobile me and can not be changed at all)
if you have devices, sign out of your iTunes account on all of them, and sign back in using your new ID.
24 months ago
I had my account hacked (a very old email account was compromised, and used to access the password recovery function).
As soon as I got the email, I knew something was up. My iTunes credit was drained (I participated in the gift card promotion for education this summer).
The CVV code entry is easily bypassed, if someone has the account password - all an attacker needs to do is remove the credit card. When the card information is removed, there is no barrier to the confirmation of the account on a new device. (No CVV needs to be entered) Of course, this is only worthwhile if you have iTunes credit on your account, but if you do, an attacker can buy apps with your account freely.
As a side note, it seems that Apple's been rolling this out - my email was for modification of the account info. Perhaps it's only done when a new device is activated without the CVV code, or when a potential attack vector is recognized.
Happy ending, though, Apple refunded all of the iTunes credit.
As soon as I got the email, I knew something was up. My iTunes credit was drained (I participated in the gift card promotion for education this summer).
The CVV code entry is easily bypassed, if someone has the account password - all an attacker needs to do is remove the credit card. When the card information is removed, there is no barrier to the confirmation of the account on a new device. (No CVV needs to be entered) Of course, this is only worthwhile if you have iTunes credit on your account, but if you do, an attacker can buy apps with your account freely.
As a side note, it seems that Apple's been rolling this out - my email was for modification of the account info. Perhaps it's only done when a new device is activated without the CVV code, or when a potential attack vector is recognized.
Happy ending, though, Apple refunded all of the iTunes credit.
[ Read All Comments ]
Best Buy has recalled 5,100 third-party replacement MacBook batteries after at least 13 reports of the batteries catching fire.
Both the black and white varieties sold between September 2008 and...
In an interview with design magazine Dezeen, German industrial designer Richard Sapper revealed that he was once recruited by Steve Jobs to do design work for Apple. The interview doesn't specify...
Parallels has posted instructions on how to install the developer release of OS X Mavericks into its virtualization software. Installing the beta in a virtual machine allows developers to test their...
After releasing OS X Mountain Lion 10.8.4 to the public in early June, Apple has seeded the first beta of OS X 10.8.5, Build 12F9, to developers. According to 9to5Mac, Apple has also seeded the...
Firaxis and 2K Games’ XCOM: Enemy Unknown is already available in several App Stores around the world and will hit the U.S. App Store later tonight. The game, which was first released for the Mac in...
The Lytro Light Field Camera, which was released in late 2011, is designed to capture refocusable images, allowing the perspective of the picture to be changed at will. Today Lytro announced that it...
Google Reader is set to shut down on July 1, and while several companies have stepped in to fill the void, Feedly has been one of the most successful replacements with more than 12 million users, up...
EverySteveJobsVideo (via The Loop) today released a never-before-seen video of Steve Jobs in 1994, while he was at NeXT, pondering his legacy in the personal computer field and whether he thought he...
