Apple Augments iTunes Security After App Store Fraud Flimflams 400


Apple is bulking up the security of iTunes and its App Store to protect users in the wake of an iTunes hack that compromised 400 user accounts and costs users thousands of dollars.

The new, or refocused, security measures on Apple's part come one day after Apple banned a Vietnamese application developer from iTunes and the App Store that the company has said exploited user accounts in the Apple iTunes App Store to purchase his own applications in a bid to bump them up the ranks of popular apps. That developer, Thuat Nguyen, allegedly used 400 user accounts to buy his comic book applications to the tune of between $100 and $1,400 per user. Nguyen's ploy made boosted the visibility of his applications, with 42 of them placing in the top 50 of the App Store's book application listings.

According to Apple, iTunes and App Store users will now more frequently be prompted to enter the CCV code on their credit cards when making purchases or trying to access iTunes from a new computer. The CCV code, a three- or four-digit number, typically on the back of a credit card separate from the standard 16-digit number, is only available to the person holding the card. The CCV number also isn't stored by Apple with users' account and credit card information.

Along with more frequent CCV prompts, Apple is also urging users who suspect bogus purchases were made from their accounts to contact their bank and cancel the credit card in question. Apple suggested users also change their iTunes passwords.

It was still unclear Wednesday how Nguyen accessed 400 iTunes customer accounts. Some security experts have said the information may have been obtained via phishing scams or by hacking into Web mail applications.

While 400 users represents a very small fraction of Apple iTunes and App Store customers, which told more than 150 million, Nguyen's alleged hack and fraudulent charges have raised concerns over the security of Apple iTunes and the App Store.

In its statement first published by Engadget, Apple acknowledged that Nguyen and his apps were removed from the App Store "for violating the developer Program Licenses Agreement, including fraudulent purchase patterns."

Apple went on to note that its servers were not compromised and that developers do not receive any confidential iTunes customer data when one of their applications is downloaded. Apple is also pointing users to its iTunes security page for more tips on how to prevent fraud and hacks.