What Is Happening With Contactless Payments?
Cybersecurity experts have discovered a new wave of cyberattacks targeting contactless payments made using NFC (Near Field Communication) technology. This is the same technology that allows people to pay by simply tapping their card or phone at a store counter. The attacks were first noticed among bank users in the Czech Republic but are now spreading across the world at an alarming rate.
A recent report by security company ESET shows that NFC payment attacks have grown 35 times more frequent since the end of 2024. That’s a massive jump in just a few months. Criminals are getting smarter and are finding ways to break into systems that were once considered safe.
NFC works by sending signals over very short distances—just a few centimeters. It’s used in many mobile payment apps and credit cards. People love the convenience, and as a result, the market is growing fast. From $21.69 billion in 2024, it is expected to go over $30 billion in the next few years. But this growth is also attracting cybercriminals who are using newer tricks to get past the security walls.
How the Attacks Work
The attacks combine several sneaky tricks to fool people and steal their money. Criminals start by sending fake SMS messages that look like they’re from a bank. These messages contain a link that leads to a fake banking website. The website then asks the person to install something called a progressive web app, or PWA. This app doesn’t come from the app store, so it skips most safety checks.
Once the victim installs the app and types in their banking password, the criminals can enter their bank account. But they don’t stop there. The scammers then call the victim, pretending to be from the bank, and say they need to install another app to protect their money. This second app is actually a virus called NGate.
Lazarus Rises Again: $4.2 Million Crypto Stolen in NFT Scam and Solana-to-Ethereum Swindle
This virus uses a tool called NFCGate, which was originally created by university students to test how NFC works. But now, hackers are using it in bad ways. Once the NGate app is installed, it can read credit card data when the card is held near the infected phone. The hackers then copy this data and make fake cards or use it for digital payments. They can even withdraw cash without anyone knowing.
In some cases, a version of the attack called Ghost Tap is used. It takes things a step further. Here, stolen card details and special one-time codes are added to the criminals’ Apple Pay or Google Pay wallets. Using these, they make many fake payments using contactless methods. Cyber experts say that entire “farms” of Android phones can be set up by hackers to do this on a large scale.
How People Can Protect Themselves
Even though these attacks are clever and dangerous, there are still ways people can protect themselves. Most importantly, they should never click on suspicious links or download apps from unknown sources. Real banks will never ask customers to install an app from a text message.
People are also advised to use RFID-blocking wallets or card sleeves. These can help prevent anyone from secretly reading card data through a bag or pocket. It’s also a good idea to set daily or per-transaction limits for contactless payments. That way, if a criminal does manage to copy a card, they won’t be able to spend much.
In today’s world, where everything is going digital, it’s important to stay alert. NFC technology is useful and fast, but it must be used with care. By being cautious, people can stop these cyberattacks before they cause harm.
