Thieves are using stolen credit card data to make bogus purchases on Apple Pay, Apple’s mobile payment system.
The stolen card data is believed to have come from recent hacks on major retailers including Home Depot and Target, according to a report by the Wall Street Journal.
Here’s what’s happening: Apple’s system hasn’t been hacked. But cyber thieves are taking stolen credit card data, entering it into smartphones, and making purchases — all without the use of an actual credit card or signature.
It’s unclear how many Apple Pay transactions are fraudulent. About 80% of the unauthorized purchases have actually been bought with smartphones at Apple stores, the Journal reports, citing sources familiar with the matter.
Related: What’s the difference between Apple Pay and Samsung Pay?
This isn’t good news for Apple Pay, which launched last fall, highlighting just how much damage cyber thieves can create.
Apple Pay’s network includes major merchants such as Whole Foods (WFM), McDonald’s (MCD), Bloomingdale’s and Walgreens (WBA).
Apple didn’t immediately respond to a request from CNNMoney for comment.
Read next: JetBlue to be the first airline to accept Apple Pay payments in flight