App Store fraud allegedly impacting major mobile payment firms in China

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Two major mobile payments companies in China have asked Apple to help reduce theft on their platforms, where customers' funds are being drained by criminals using stolen Apple IDs connected to their payment accounts for fraudulent App Store purchases.

The Alibaba-owned Alipay and Tencent-owned WeChat Pay have confirmed a number of their customers have been the subject of fraudulent App Store purchases. Alipay has, for the last few days, posted a warning online advising iPhone users of the thefts, and to secure their accounts where possible.

Alibaba's payments firm claims it has contacted Apple "multiple times" over the fraud, reports the Wall Street Journal, requesting the company to find out how they are taking place. Apple advised it was investigating the issue.

Customers have recently complained they received notifications of purchases in the App Store that they did not authorize, according to reports by the state media-controlled China National Radio. Social media posts from affected customers also note the notifications arrive at unusual times of day, and for some users has led to losses worth hundreds of dollars.

The notice by Alipay advised the affected customers included those who owned iPhones and had connected their accounts to other payment systems. Customers are "exposed to the risk of financial loss," until Apple deals with the issue, the notice warned, while also advising the losses could be minimized by lowering how much could be transferred in a transaction without requiring a password to be entered.

It is unknown exactly how the Apple IDs are being acquired by the fraudsters, nor how they are performing the App Store purchases. Alipay and WeChat Pay have to be registered to the Apple ID, potentially along with credit cards and other payment details, in order to perform the transactions.

While WeChat Pay didn't issue a notice to users about the issue, a statement from the company described similar circumstances.

An Apple spokeswoman advised there are instructions on the Apple support website explaining how to protect the Apple ID against fraud, including how to set up two-factor authentication.

WeChat Pay and AliPay are the largest payment services in the country, with approximately 800 million and 700 million users respectively as of the summer. Combined, the two companies handled in the region of $15 trillion in mobile transactions in the country during 2017, with the services used to pay for a vast number of everyday items and bills.