Safety researchers from Threatfabric have uncovered a new cashing technique known as “Ghost Tap”. This tactic enables cybercriminals to exploit NFC technology to conduct anonymous transactions with stolen data from credit cards linked to mobile payment services like Google Pay and Apple Pay.
The crux of this method lies in the relay transmission of NFC traffic between devices, allowing transactions to be carried out at a significant distance from the card’s actual location. Criminals utilize easily obtainable tools like NFCGATE, which was originally designed for research purposes. This strategy enables them to scale their operations by employing “mules” to make purchases at various geographical locations in a short span.
In the Ghost Tap scheme, fraudsters link stolen cards to devices and obtain OTP codes through phishing sites or mobile malware. These cards are then transmitted to Mula devices, which conduct purchases in stores. This process complicates the identification of criminals, as the transactions appear as normal operations from a single device.
A significant challenge for banks and payment systems is the difficulty in detecting these transactions. The use of “Airplane” mode and making small purchases hinders anti-fraud systems from being triggered. Meanwhile, criminals can swiftly spend large sums by dividing them into numerous small transactions.
The rise in NFC attacks can be attributed to the absence of effective detection mechanisms. To combat such schemes, financial institutions need to enhance their monitoring systems to account for inconsistencies in device and terminal locations, as well as suspicious customer behaviors.
The Ghost Tap tactic underscores how research-oriented technological tools can morph into potent fraudulent tools. Addressing such threats necessitates collaboration among financial institutions, technology developers, and law enforcement agencies. Only through collective efforts can the advancement of such schemes be thwarted.