New report details rising risks of phone tap-to-pay fraud. Learn how hackers exploit vulnerabilities in NFC technology and what you can do to protect your finances.

A new report details the increasing vulnerabilities associated with using smartphones for tap-to-pay transactions. The report, compiled by cybersecurity researchers , highlights how hackers are exploiting weaknesses in Near Field Communication (NFC) technology to steal financial information. This raises serious concerns about the security of mobile payment systems widely used today.

The report focuses on several attack vectors. One method involves intercepting NFC signals. Researchers demonstrated how a nearby device can capture the radio waves used in tap-to-pay transactions. This allows criminals to obtain credit card details, transaction history, and other sensitive data. The researchers used readily available hardware and software to perform this interception. They successfully captured data from multiple test phones during simulated transactions.

Another vulnerability lies in malware disguised as legitimate apps. The report describes cases where malicious apps request unnecessary NFC permissions. Once granted, these apps can monitor tap-to-pay activity, steal card numbers, or even initiate unauthorized transactions. The report cites a recent instance where a popular flashlight app was found to contain code capable of stealing payment information. The app had been downloaded millions of times before the malicious code was discovered.

The report also addresses the risk of relay attacks. In this scenario, a hacker intercepts the NFC signal from a victim’s phone and relays it to another location. This allows the hacker to make a purchase using the victim’s card without physically possessing it. The report details a case where researchers successfully purchased items from a store using a relay attack over a distance of several meters. This highlights the potential for remote exploitation of tap-to-pay technology.

Researchers further explored vulnerabilities related to lost or stolen phones. They found that even with screen locks and biometric authentication, determined hackers could sometimes bypass security measures. They achieved this by exploiting software flaws or using specialized hardware to access the phone’s secure element, where payment information is stored. The report emphasizes the need for robust device security measures and quick action in case of loss or theft.

The report also examines the role of default settings. Many phones ship with NFC enabled by default. This makes users vulnerable without their knowledge. The researchers recommend that users disable NFC when not actively using it. They also suggest regularly reviewing app permissions and avoiding downloading apps from untrusted sources.

The report’s findings raise questions about the long-term security of tap-to-pay systems. While convenient, the technology presents new opportunities for fraud. The researchers call for stronger security measures from both phone manufacturers and financial institutions. They suggest implementing tokenization, which replaces actual card numbers with temporary tokens, as a potential solution. They also recommend increased user education about the risks associated with mobile payments.

The report acknowledges that tap-to-pay technology is constantly evolving. However, it argues that security must keep pace with these advancements. The researchers urge developers to prioritize security in the design and implementation of mobile payment systems. They also call for regular security audits and penetration testing to identify and address vulnerabilities.

The report concludes with a series of recommendations for consumers. These include:

Disabling NFC when not in use.
Reviewing app permissions regularly.
Downloading apps only from trusted sources.
Using strong passwords and biometric authentication.
Reporting any suspicious activity to their bank immediately.
Keeping phone software updated.

The researchers believe that by raising awareness of these vulnerabilities, consumers can take steps to protect themselves from fraud. They also hope that their findings will spur the development of more secure mobile payment systems. The report serves as a timely reminder that convenience should not come at the expense of security.

About the author

View All Posts

Tyler Cook

He is the Editor-in-Chief and Co-owner at PC-Tablet.com, bringing over 12 years of experience in tech journalism and digital media. With a strong background in content strategy and editorial management, Tyler has played a pivotal role in shaping the site’s voice and direction. His expertise in overseeing the editorial team, combined with a deep passion for technology, ensures that PC-Tablet consistently delivers high-quality, accurate, and engaging content. Under his leadership, the site has seen significant growth in readership and influence. Tyler's commitment to journalistic excellence and his forward-thinking approach make him a cornerstone of the publication’s success.