Security News > 2021 > September > Apple Pay with VISA lets hackers force payments on locked iPhones
Academic researchers have found a way to make fraudulent payments using Apple Pay from a locked iPhone with a Visa card in the digital wallet with express mode enabled.
Apple Pay solved the problem with Express Transit, a feature that allows a transaction to go through without unlocking the device.
In combination with a Visa card, "This feature can be leveraged to bypass the Apple Pay lock screen, and illicitly pay from a locked iPhone, using a Visa card, to any EMV reader, for any amount, without user authorisation."
During the experiment, the researchers were able to make a GBP 1,000 transaction from a locked iPhone.
With Mastercard, a check is performed to make sure that a locked iPhone accepts transactions only from card readers with a transit merchant code.
Trying the method with Samsung Pay, the researchers found that transactions are always possible with locked Samsung devices.