Hi Guys,

Researchers from the University of Birmingham and the University of Surrey have found a significant security flaw in Apple Pay that allows an attacker to make unauthorized credit card payments with a locked iPhone by taking advantage of the Express Travel mode set up in the device’s wallet. 

For an attacker to steal money via Apple Pay, they only have to be in range of your phone. Your phone could be in your pocket or your handbag, and once the crook gets within a few inches, they can run as many transactions as they want until your account is empty. 

According to Apple, Express Pay allows you to quickly pay for journeys with Apple Pay on your iPhone and Apple Watch without having to wake or unlock your device or open an app. You don’t even need to validate with Face ID, Touch ID, or your passcode.

How To Protect Yourself Now

While either Visa or Apple implements a fix for this problem, I recommend that you disable the Express Travel feature on your device. You will still be able to use Apple Pay with this feature disabled. To turn off Express Travel for your card, follow these steps:

For iPhone

* Open Settings.

* Scroll down and tap Wallet & Apple Pay.

* Tap Express Travel Card.

* Tap None or Off.

For Apple Watch

* Open the Watch App on your iPhone.

* Tap the My Watch tab.

* Scroll down and tap Wallet & Apple Pay.

* Tap Express Travel Card.

* Tap None.

Please let me know if you need any assistance with this or with anything else.

All the best,
Max Roberts