Back to Hub

iOS 26's Hidden Banking Risks: How Apple's New Card Storage Feature Could Expose Users

Imagen generada por IA para: Riesgos bancarios ocultos en iOS 26: cómo la nueva función de almacenamiento de tarjetas de Apple podría exponer a los usuarios

Apple's upcoming iOS 26 release includes a groundbreaking but potentially risky new Wallet feature that's drawing scrutiny from cybersecurity professionals. The update allows iPhone users to digitally store physical payment card details by simply scanning them with the device's camera - creating what some experts call a 'treasure trove' for hackers.

The technical implementation shows the system automatically captures card numbers, expiration dates, and in some cases even CVV codes when users opt for 'complete backup'. While Apple emphasizes this data is encrypted and protected by Secure Element technology, security researchers have identified multiple concerning aspects:

  1. Authentication Gaps: No additional verification is required when adding physical cards if the phone is unlocked, unlike Apple Card which requires identity confirmation
  2. Data Aggregation: Creates a single repository for all payment methods, increasing the potential damage from a single compromise
  3. Behavioral Risks: Encourages users to photograph cards they wouldn't normally store digitally

Financial institutions are reportedly split on the feature. Major banks like Chase and Citi are expected to support it, while regional banks and credit unions are hesitating due to PCI DSS compliance questions. 'This essentially turns every iPhone into a card data warehouse,' noted one banking security director who requested anonymity.

Cybersecurity professionals should recommend several mitigations:

  • Disable automatic CVV capture in enterprise device policies
  • Implement stricter MDM controls for corporate devices
  • Educate users about the risks of storing corporate cards
  • Monitor for new phishing lures targeting the feature

The feature is currently in beta testing with expected wide release in September. Security teams should prepare advisories now as the convenience-focused rollout may outpace proper risk awareness.

Original source: View Original Sources
NewsSearcher AI-powered news aggregation
Published: 08/08/2025 Mobile Security

Comentarios 0

¡Únete a la conversación!

Sé el primero en compartir tu opinión sobre este artículo.