A cybersecurity company has uncovered a new scam called “Ghost Tap” that uses NFC contactless payment technology to illegally cash out credit card data. Criminals activate stolen cards on mobile devices, linking them to payment services like Google Pay or Apple Pay, and then use sophisticated techniques to covertly and remotely transmit the data to make purchases.
During Operation Ghost Tap, fraudsters recruit so-called “mules” — individuals who make purchases in offline stores, creating the appearance of legitimate transactions. These actions are made more difficult to detect by using airplane mode on mobile devices and making small purchases that do not arouse suspicion in anti-fraud systems.
The main problem with combating this type of fraud is that current monitoring methods often do not take into account the possibility of a relay attack via NFC, which allows attackers to break large amounts into many small transactions to avoid detection. To more effectively monitor such transactions, financial institutions must develop technologies that can track mismatches between the location of the device and the payment terminal, as well as pay attention to anomalous behavior during transactions.
Countering this and similar threats requires coordinated cooperation between banking institutions, payment system developers and law enforcement agencies to protect users from financial losses.
Source
During Operation Ghost Tap, fraudsters recruit so-called “mules” — individuals who make purchases in offline stores, creating the appearance of legitimate transactions. These actions are made more difficult to detect by using airplane mode on mobile devices and making small purchases that do not arouse suspicion in anti-fraud systems.
The main problem with combating this type of fraud is that current monitoring methods often do not take into account the possibility of a relay attack via NFC, which allows attackers to break large amounts into many small transactions to avoid detection. To more effectively monitor such transactions, financial institutions must develop technologies that can track mismatches between the location of the device and the payment terminal, as well as pay attention to anomalous behavior during transactions.
Countering this and similar threats requires coordinated cooperation between banking institutions, payment system developers and law enforcement agencies to protect users from financial losses.
Source
