Criminals 'Ghost Tap' NFC for Payment Cash-Out Attacks

Tactic Uses Stolen Cards Added to Apple Pay and Google Pay Digital Wallets Mathew J. Schwartz (euroinfosec) • November 20, 2024

An academic project turned criminal tool lets criminals remotely cash-out stolen payment cards with the assistance of an on-site money mule, warn researchers.

Hackers who trade in stolen payment card data have long sought ways to minimize their physical footprint, recruiting teenagers and unemployed or desperate individuals to do the risky work of using stolen cards in the real world.

See Also: 2024 Fraud Insights Report

An active scam in criminal forums allows hackers to transmit in real time stolen card data onto the smartphone of a money mule, keeping themselves well removed from the site of the actual transaction.

At the center of the scam is NFCGate, an application developed in 2015 by students at the Technical University of Darmstadt ...