Apple has stated it's working to enhance App Store security in the wake of claims user accounts are being hijacked in order to commit fraud.

Reports of users being charged for in-app purchases they hadn't made started hitting the web at the end of 2011, with Chinese-language titles riding high in the top grossing charts in both the US and UK as a result of fraudulent payments.

The problem now appears to have spread to English-language games from western studios, with The New York Times detailing the plight of a user from Texas who was billed for $437.71 worth of in-game currency for in Storm 8's iMobsters – a game he claims he never downloaded.

Bad debts

Contrary to early takes, however, the app developers themselves are seemingly not to blame.

Hoolai Games – a Chinese developer whose games have been associated with such fraudulent activity – has claimed, at its peak, the practice cost the studio hundreds of thousands of dollars in lost revenue a month.

In the case of Hoolai's Three Kingdoms, fraudulent credit cards were used to purchase in-game items that were then sold on to players at a discounted price via online auction sites.

Another unnamed studio also impacted by hijacked iTunes accounts told PocketGamer.biz the problem was only spotted when revenues received from Apple were lower than the value of virtual goods sold.

When the company contacted Apple to query the disparity, it was told it was the result of "bad debts". The firm only later discovered that those "bad debts" were purchases of in-app items made using stolen credit card information.

Let's get crazy

"This kind of thing just happens any time a platform is successful," Spry Fox CEO David Edery told the paper.

"People start flooding into it and it starts to get crazy."

For Apple's part, The New York Times claims the company declined a request for an interview, but said in a statement that it was "working to enhance security".

 

Apple also advised customers "whose payment information had been stolen to change their iTunes passwords and to contact their financial institutions."

[source: The New York Times]