chushpan
Professional
- Messages
- 996
- Reaction score
- 845
- Points
- 93
Chinese nationals have been arrested in the United States for allegedly using a new tap-to-pay scam using mobile wallets, Krebsonsecurity reports. Authorities say the wallets were created through online phishing, and the transactions involved using a special Android app that transmitted a signal from devices located in China.
On March 16, 2025, authorities in Knoxville, Tennessee, reported the arrest of 11 Chinese nationals who are charged with purchasing tens of thousands of dollars in gift cards from local retailers using mobile wallets created through online phishing scams. The Knox County Sheriff’s Office said the arrests were the first in the United States to be made for a new type of tap-to-pay fraud.
When asked what makes the scheme particularly notable, Knox County authorities explained that at first glance, the scammers’ actions look like a normal gift card purchase. But in reality, they are making multiple transactions to purchase different gift cards and have spread their operations across the country, moving from state to state.
“These criminals have been traveling across the country using stolen credit card information to purchase gift cards and launder the money,” Knox County Sheriff’s Deputy Bernie Lyon said. “During the operation, we seized over $23,000 in gift cards purchased using unsuspecting victim user information”.
When asked about the details of the mobile devices seized from the suspects, Lyon said “the tap-to-pay scam involves a group of individuals using Android phones to conduct Apple Pay transactions using stolen or compromised credit and debit card information.” Lyon declined to provide further details about the mechanics of the scam, citing the ongoing investigation.
Analysis of the scheme
Ford Merrill, a security researcher at SecAlliance, part of the CSIS Security Group, noted that there are few legitimate scenarios in which Android phones could be used to transmit Apple Pay transactions. According to him, this is only possible if the devices have a specialized Android app installed. These groups are giving new impetus to the development of the IT industry of payment card fraud, also known as “carding,” i.e. a type of fraud in which hackers carry out a transaction using a payment card without the participation of its owner.
The essence of the scheme
The victim user initially receives messages allegedly from the US postal services or toll road operators demanding a small payment. These messages are sent not via regular SMS messages, but via iMessage and RCS — channels that allow bypassing operator filters.
The entered card data is immediately used to send a request to the bank to link the card to a new mobile wallet. The bank sends a one-time confirmation code, and if the victim enters it, the card is at the complete disposal of the fraudsters.
Each device can contain five or a dozen such wallets. After loading the wallets, such phones are sold wholesale via Telegram, which has long been known as an IT platform for trading IT tools for cybercrime due to its anonymity and convenience, according to journalists from Krebsonsecurity.
Experts confirm to the media the existence of the Z-NFC Android application, which is capable of remotely emulating transactions: the user brings the phone to the terminal, and the application transmits a signal to the device in China, where the real data transfer takes place. The software sells for $500 per month, including 24/7 technical support.
Similar Case
According to ABC10, a similar incident occurred in Sacramento, where two Chinese nationals tried to use an app to buy gift cards at Target, going through more than 80 stolen cards. They managed to buy $1,400 worth of cards, despite the fact that most of the transactions were declined. After their arrest, they admitted to making $250 per day from such transactions. One of the men tried 42 cards - 32 of them were declined, but he still managed to spend $855. His partner tried 48 cards, of which 11 worked, allowing him to spend another $633.
On March 16, 2025, authorities in Knoxville, Tennessee, reported the arrest of 11 Chinese nationals who are charged with purchasing tens of thousands of dollars in gift cards from local retailers using mobile wallets created through online phishing scams. The Knox County Sheriff’s Office said the arrests were the first in the United States to be made for a new type of tap-to-pay fraud.
When asked what makes the scheme particularly notable, Knox County authorities explained that at first glance, the scammers’ actions look like a normal gift card purchase. But in reality, they are making multiple transactions to purchase different gift cards and have spread their operations across the country, moving from state to state.
“These criminals have been traveling across the country using stolen credit card information to purchase gift cards and launder the money,” Knox County Sheriff’s Deputy Bernie Lyon said. “During the operation, we seized over $23,000 in gift cards purchased using unsuspecting victim user information”.
When asked about the details of the mobile devices seized from the suspects, Lyon said “the tap-to-pay scam involves a group of individuals using Android phones to conduct Apple Pay transactions using stolen or compromised credit and debit card information.” Lyon declined to provide further details about the mechanics of the scam, citing the ongoing investigation.
Analysis of the scheme
Ford Merrill, a security researcher at SecAlliance, part of the CSIS Security Group, noted that there are few legitimate scenarios in which Android phones could be used to transmit Apple Pay transactions. According to him, this is only possible if the devices have a specialized Android app installed. These groups are giving new impetus to the development of the IT industry of payment card fraud, also known as “carding,” i.e. a type of fraud in which hackers carry out a transaction using a payment card without the participation of its owner.
The essence of the scheme
The victim user initially receives messages allegedly from the US postal services or toll road operators demanding a small payment. These messages are sent not via regular SMS messages, but via iMessage and RCS — channels that allow bypassing operator filters.
The entered card data is immediately used to send a request to the bank to link the card to a new mobile wallet. The bank sends a one-time confirmation code, and if the victim enters it, the card is at the complete disposal of the fraudsters.
Each device can contain five or a dozen such wallets. After loading the wallets, such phones are sold wholesale via Telegram, which has long been known as an IT platform for trading IT tools for cybercrime due to its anonymity and convenience, according to journalists from Krebsonsecurity.
Experts confirm to the media the existence of the Z-NFC Android application, which is capable of remotely emulating transactions: the user brings the phone to the terminal, and the application transmits a signal to the device in China, where the real data transfer takes place. The software sells for $500 per month, including 24/7 technical support.
Similar Case
According to ABC10, a similar incident occurred in Sacramento, where two Chinese nationals tried to use an app to buy gift cards at Target, going through more than 80 stolen cards. They managed to buy $1,400 worth of cards, despite the fact that most of the transactions were declined. After their arrest, they admitted to making $250 per day from such transactions. One of the men tried 42 cards - 32 of them were declined, but he still managed to spend $855. His partner tried 48 cards, of which 11 worked, allowing him to spend another $633.
