Android Tap-and-go Police warning

Europol warned against criminals using Android phones to trigger fraudulent tap-and-go payments.

16:26 29 September 2016

Europol’s annual Internet Organised Crime Threat Assessment report warned against Android tap-and-go thefts. Experts had previously anticipated that such fraudulent activity could happen during the rollout of smart wallet systems.

 

"The possibility of compromising NFC [near field communication] transactions was explored by academia years ago, and it appears that fraudsters have finally made progress in the area," the report says.

 

"Several vendors in the dark net offer software that uploads compromised card data on to Android phones in order to make payments at any stores accepting NFC payments."

 

It added: "Currently, when merchants detect a fraudulent transaction, they are requested to seize the card,"

 

"However, the confiscation may not be feasible when the compromised card data are recorded on the buyer's smartphone."

 

A spokeswoman for Google said: "Security is at the centre of Android Pay; we verify cardholders' identities with banks before enabling them on Android Pay, and we work closely with our banking and payments partners to suspend fraudulent cards."

 

Prof Alan Woodward, from Surrey University said that the threat did not mean people should stop using Android Pay but uses must be vigilant against unusual transactions.