Security News > 2021 > September > How to steal money via Apple Pay using the “Express Transit” feature
Apparent flaw allows hackers to steal money from a locked iPhone, when a Visa card is set up with Apple Pay Express Transit.
Express Transit makes Apple Pay and your iPhone work a bit like a regular credit card, which doesn't need unlocking with a PIN code for low-value transactions.
Just tapping your credit card on or near a payment terminal - any terminal, whether it's at a supermarket, in a newsagent, or at a coffee shop - triggers a rapid and entirely automated cryptographic exchange via the chip in your card that bills your account for the amount shown on the terminal's screen.
Even our home-made shield hastily folded from tin foil stopped our cards being activated, no matter how close we came to the reader or how many times we tried.
Whether it's allowing notifications and personal messages to appear while your phone is locked, or using the Apple Pay Express Transit feature to authorise tap-and-go payments while your phone is locked.
Avoid using Visa cards with Express Transit if you are worried.