💳 Contactless payment has made our lives easier, but did you know hackers exploit it to steal your money? Here’s how the Ghost Tap technique works and how to protect yourself.

❓ 𝐖𝐇𝐀𝐓 𝐈𝐒 𝐆𝐇𝐎𝐒𝐓 𝐓𝐀𝐏?

Hackers use a mix of technologies to carry out fraudulent contactless payments without your knowledge. Here’s the technical breakdown:

1️⃣ Bank data theft:

📩 Using phishing emails or malware, hackers steal your banking info or card details.

2️⃣ Virtual card cloning:

They use this data to create a virtual card, which they load onto a smartphone or NFC (Near Field Communication) device.

3️⃣ Remote payments:

→Accomplices use the virtual card on their phone in airplane mode, making it untraceable.

→They make small payments in physical stores, usually below the contactless payment limit (€50 or €100 depending on the region).

4️⃣ Evading detection systems:

↳ Low-value transactions mimic your typical purchases, making them undetectable by banks.

𝐓𝐇𝐄 𝐓𝐄𝐂𝐇𝐍𝐎𝐋𝐎𝐆𝐘 𝐁𝐄𝐇𝐈𝐍𝐃 𝐆𝐇𝐎𝐒𝐓 𝐓𝐀𝐏

↳ NFC (Near Field Communication): The key enabler of this scam, as it allows wireless payments.

𝐇𝐚𝐜𝐤𝐞𝐫𝐬 𝐞𝐱𝐩𝐥𝐨𝐢𝐭:

➡️The proximity requirement for payments (just a few centimeters), but with a virtual card.

➡️Airplane mode: No network connection means fewer traces for banks or mobile operators.

The following picture shows the scheme of interactions:

🛠️ 𝐒𝐭𝐞𝐚𝐥𝐭𝐡𝐲 𝐟𝐫𝐚𝐮𝐝:

⛔️Payments are designed to appear normal: small amounts, spread out over time.

⛔️Payment terminals don’t always verify identities, making it easier for hackers to succeed.

⚠️ 𝐖𝐇𝐘 𝐈𝐒 𝐓𝐇𝐈𝐒 𝐀 𝐁𝐈𝐆 𝐃𝐄𝐀𝐋?

→ Current banking security measures aren’t always fast or robust enough to detect this kind of fraud.

→ Hackers can operate internationally, with stolen data often sold on the dark web.

💡 𝐇𝐎𝐖 𝐓𝐎 𝐏𝐑𝐎𝐓𝐄𝐂𝐓 𝐘𝐎𝐔𝐑𝐒𝐄𝐋𝐅

1️⃣ Regularly check your accounts: Small, unusual transactions can be red flags.

2️⃣ Enable real-time notifications for every transaction.

3️⃣ Disable NFC services on your card if you’re not using them.

4️⃣ Report any suspicious activity to your bank immediately.