Concerns Rise Over New NFC Fraud Tactic "Ghost Tap"
/ 4 min read
Quick take - Financial institutions are increasingly alarmed by the emergence of a cash-out tactic called “Ghost Tap,” which utilizes NFC technology to facilitate fraudulent transactions remotely by linking stolen payment card information to new devices, posing significant challenges for detection and prevention in financial cybercrime.
Fast Facts
- Emerging Threat: “Ghost Tap” is a new cash-out tactic using NFC technology to execute fraudulent transactions without physical presence at the point of sale.
- Fraudulent Process: Cybercriminals link stolen credit cards to new devices by obtaining a one-time password (OTP) from victims, often through mobile banking malware or phishing.
- Operational Tactics: Tools like NFCGate enable criminals to relay transactions between stolen cards and POS terminals, allowing them to operate from a distance and complicate detection.
- Detection Challenges: Financial institutions face difficulties in identifying these frauds due to low transaction amounts, simultaneous purchases from multiple locations, and the use of devices in “airplane” mode.
- Need for Enhanced Security: To combat Ghost Tap and similar threats, financial institutions must improve anti-fraud measures and develop advanced detection models for suspicious activities.
Ghost Tap: A New Threat in Financial Cybercrime
Financial institutions are increasingly concerned about a new cash-out tactic known as “Ghost Tap,” which has emerged as a significant threat in the realm of financial cybercrime. This tactic involves the use of Near Field Communication (NFC) technology to relay payment card information and execute fraudulent transactions without the need for physical presence at the point of sale.
How Ghost Tap Works
Cybercriminals have been discussing Ghost Tap on underground forums, claiming they can send payment card information between devices for NFC operations. To successfully link a stolen credit card to a new device, these fraudsters typically require a one-time password (OTP) from the victim’s bank, which is often transmitted via SMS. They employ various methods to obtain this OTP, including the use of mobile banking malware that intercepts SMS messages or tricking victims into entering their card credentials on phishing websites.
Once a stolen card is successfully linked to a mobile device, criminals can utilize it to make significant purchases at offline retailers. However, using the device directly poses risks, as law enforcement can trace the fraudster if the cardholder reports the theft. As a result, these criminals aim to operate from a distance, leveraging tools like NFCGate, which was initially developed for research purposes but has since been weaponized. This tool allows criminals to create a relay between a device with the stolen card and a point-of-sale (POS) terminal, facilitating cash-outs while they remain physically distant from the transaction site.
The Accessibility of Ghost Tap
The execution of the Ghost Tap tactic requires relatively accessible resources: a mobile device with NFC capabilities, a stolen card linked to a mobile payment system, two devices equipped with NFCGate, and a server to relay the traffic. As these resources do not necessitate specialized knowledge or skills, the barrier to entry for cybercriminals is significantly lowered, enabling them to scale their operations. This method allows for multiple mules to conduct purchases in different locations simultaneously, further complicating detection efforts.
The rise of NFC-based attacks, coupled with the evolution of communication networks and the insufficient detection mechanisms at ATMs and POS terminals, has made it increasingly difficult for financial organizations to identify these fraudulent activities. Factors that complicate detection include transactions that appear to be originating from the same device, low transaction amounts that, when aggregated, become significant, and the possibility of the device being in “airplane” mode, complicating location tracking.
Combating the Threat
To combat these emerging threats, financial institutions must enhance their anti-fraud measures. Awareness of the Ghost Tap tactic can facilitate the implementation of advanced detection models aimed at identifying suspicious customer behavior. Potential indicators of fraud include a card being linked to a new device, particularly if malware is detected on the customer’s device, and multiple transactions occurring in geographically unreachable locations within a short time frame.
The emergence of the Ghost Tap method underscores a concerning trend in financial cybercrime, as more actors recognize the potential for fraud using NFC relay techniques. Financial institutions and retailers will need to adopt robust security measures to effectively address this evolving threat landscape.
Original Source: Read the Full Article Here
