• Cyber Syrup
  • Posts
  • Ghost Tap: A Rising Threat to NFC Mobile Payments

Ghost Tap: A Rising Threat to NFC Mobile Payments

Threat actors are adopting a sophisticated attack technique called Ghost Tap to exploit near-field communication (NFC) technology and steal funds from victims at scale

In partnership with

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

Hire Ava, the Industry-Leading AI BDR

Ava automates your entire outbound demand generation so you can get leads delivered to your inbox on autopilot. She operates within the Artisan platform, which consolidates every tool you need for outbound:

  • 300M+ High-Quality B2B Prospects

  • Automated Lead Enrichment With 10+ Data Sources Included

  • Full Email Deliverability Management

  • Personalization Waterfall using LinkedIn, Twitter, Web Scraping & More

Ghost Tap: A Rising Threat to NFC Mobile Payments

Threat actors are adopting a sophisticated attack technique called Ghost Tap to exploit near-field communication (NFC) technology and steal funds from victims at scale. This new method targets mobile payment services like Google Pay and Apple Pay, enabling cybercriminals to make fraudulent transactions globally without the victim’s physical card or phone.

Who Is at Risk?

Anyone using mobile payment services such as Google Pay or Apple Pay with NFC-enabled devices is at risk. Key targets include:

  1. Consumers: Individuals who store credit or debit card information on mobile wallets.

  2. Retailers: Businesses that use point-of-sale (PoS) terminals relying on NFC technology.

  3. Financial Institutions: Banks and card issuers face increased pressure to prevent fraudulent transactions and mitigate customer losses.

Cybercriminals exploit mobile banking malware to compromise credentials, making this threat particularly dangerous for users with inadequate cybersecurity awareness or outdated protections.

How Ghost Tap Works

The Ghost Tap technique involves multiple stages:

  1. Credential Theft:

    • Victims are tricked into downloading banking malware that captures sensitive information such as credit card details, one-time passwords (OTPs), and banking credentials.

    • Attackers may use overlay attacks (mimicking legitimate banking apps) or keyloggers to steal this information.

    • Alternatively, attackers use voice phishing (vishing) to manipulate users into sharing their data.

  2. Mobile Payment Linking:

    • Using the stolen credentials, attackers link the victim's credit or debit card to mobile payment services like Google Pay or Apple Pay.

  3. NFC Traffic Relay:

    • Using a tool like NFCGate, attackers relay NFC data between devices. One device acts as a "reader," capturing the NFC tag information, while another device emulates the NFC tag at a PoS terminal.

    • This allows attackers to initiate a transaction at a retail store, even if the victim’s phone or card is far away—or even offline.

  4. Cash-Out at Scale:

    • Cybercriminals employ mules to make purchases or withdraw funds from PoS terminals using the relayed NFC data.

    • They often buy gift cards to further obscure the stolen funds.

Why Ghost Tap Is Hard to Detect

Anonymity

  • Transactions appear legitimate because they seem to originate from the victim's device.

  • Attackers can keep the victim's device in airplane mode, making location tracking impossible.

Scalability

  • Multiple fraudulent transactions can be carried out simultaneously in different locations, complicating detection for anti-fraud systems.

Bypassing Anti-Fraud Mechanisms

  • Transactions mimic genuine user activity, leveraging the same linked card and mobile wallet credentials.

How to Protect Yourself

For Consumers

  1. Enable Strong Security Measures:

    • Use two-factor authentication (2FA) for banking and mobile payment services.

    • Regularly update your smartphone’s operating system and apps to patch vulnerabilities.

  2. Avoid Phishing Traps:

    • Be cautious of unsolicited messages or links that prompt you to download apps or share sensitive information.

    • Verify app legitimacy through official app stores.

  3. Monitor Transactions:

    • Regularly review your account statements and report unauthorized activity immediately.

    • Set up alerts for every transaction made using your cards.

  4. Disable NFC When Not in Use:

    • Turn off NFC functionality when it’s not needed to prevent unauthorized access.

For Retailers

  1. Upgrade PoS Terminals:

    • Invest in PoS systems with advanced fraud detection capabilities, including time-based transaction analysis.

  2. Employee Training:

    • Train staff to identify suspicious transactions, such as multiple purchases within a short time frame.

For Financial Institutions

  1. Enhance Fraud Detection:

    • Develop algorithms to analyze the timing and geography of NFC transactions.

    • Flag anomalies, such as transactions occurring far from a cardholder's usual location.

  2. Educate Customers:

    • Raise awareness about Ghost Tap attacks through outreach and educational resources.

  3. Strengthen Mobile Payment Verification:

    • Require additional authentication layers for adding cards to mobile wallets.

The Broader Implications

Ghost Tap highlights the increasing sophistication of cybercriminals leveraging mobile technology for fraud. ThreatFabric suspects that faster communication networks and inadequate time-based transaction detection at PoS terminals have enabled these attacks. This development poses challenges for financial institutions and retailers, as attackers continue to exploit vulnerabilities in mobile payment ecosystems.

By raising awareness and implementing robust security measures, stakeholders can mitigate the risks associated with Ghost Tap and ensure a safer mobile payment experience.

As mobile payments continue to grow in popularity, proactive measures from both individuals and institutions are essential to outpace evolving cyber threats.