Cybercriminals are increasingly exploiting NFC fraud to steal money from consumers using ATMs and POS terminals on a large scale
In Q1 2025, Resecurity (USA) investigated multiple cases of NFC fraud that led to millions of dollars in damages for a major Fortune 100 financial institution in the U.S. Tackling these cybercriminals, particularly those operating from China, is difficult due to geopolitical, technical, and organizational challenges.
Experts have found several Chinese cybercriminal groups targeting Google and Apple Wallet users, using NFC technology for fraud. These groups have been selling tools like Z-NFC on Telegram and previously offered King NFC on the Dark Web to facilitate fraudulent transactions. The fraudsters mostly use Android-based phones, loading numerous cards into mobile wallets to carry out their schemes. Some of the targeted institutions include Barclays, Bank of Scotland, Lloyds Banking Group, Halifax, HSBC, Santander, Wise, and Revolut.
The apps used for these attacks rely on Host Card Emulation (HCE), which mimics a physical NFC smart card by registering a service that responds to specific APDU commands. This allows fraudsters to process compromised credit card data using NFC technology.
NFC-enabled fraud remains possible because contactless payments under a certain value (the “Contactless CVM limit”) don’t require a PIN or signature for verification. Cybercriminals exploit this vulnerability by making multiple small transactions with a large number of compromised cards.
In addition to traditional POS terminals, fraudsters are also using Soft POS systems, which turn NFC-enabled Android devices like smartphones and tablets into payment terminals. With an estimated 1.9 billion NFC-enabled phones worldwide, this method of fraud continues to grow rapidly.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
