The convenience of paying by simply tapping your card or phone on a reader has become part of everyday life. But that same technology is now being exploited by cybercriminals to drain bank accounts in seconds.
A new Kaspersky report has revealed a fraud scheme known as “Ghost Touch,” which allows criminals to steal contactless (NFC) payments by intercepting the unique codes generated during each transaction. The alarming part? This attack can be executed without you noticing—and without losing your card.
What Is “Ghost Touch”?
Ghost Touch is a digital fraud method that exploits vulnerabilities in Near Field Communication (NFC) technology, used for proximity-based payments.
When you hold your card or mobile device near a payment terminal, the system generates a unique token—a temporary code that validates the transaction. Criminals have found a way to intercept this token, relay it in real time, and complete a fraudulent purchase as if they had your physical card in hand.
Kaspersky warns that this type of fraud is spreading rapidly across Latin America, where contactless payments have become extremely popular since the pandemic.
How the Theft Works
The attack can be carried out in two ways: in-person or remotely—both fast, silent, and difficult to detect.
In-Person Mode
In crowded areas—cafés, concerts, public transport, or checkout lines—criminals can get close enough to their victims without drawing attention.
They use two smartphones:
- One device is brought discreetly near the victim’s card or phone to capture the NFC token.
- The second device receives the token in real time and retransmits it to a payment terminal, completing the fraudulent purchase.
The entire process takes just a few seconds. The victim feels nothing, their card never leaves their possession, and because the token is temporary, the transaction looks legitimate—rarely triggering fraud detection systems.
Similar titles: Malware Godfather Uses Virtualization to Steal Banking Data
Remote Mode
This version combines social engineering with malicious apps.
The attacker impersonates a bank or card issuer representative and convinces the victim to install a fake app under the pretext of “account verification” or “security activation.”
Once installed, the app asks the user to tap their card against the phone “to verify the data.” At that moment, the app intercepts the NFC token and sends it to the attacker, who immediately uses it to authorize a transaction elsewhere.
This method mostly targets Android users, as the system allows app installations from outside Google Play, making malware distribution easier.
A Global Scam Centered in Latin America
Although “Ghost Touch” has been detected worldwide, Brazil is currently the hardest-hit country, accounting for 47% of all blocked attempts globally, according to Kaspersky.
Other nations with high incident rates include India, China, and Spain, but the concern is greatest in Latin America, where contactless cards and digital wallets are now ubiquitous.
The issue extends beyond the technology itself: on platforms like Telegram, tutorials and videos circulate teaching how to perform the scam step by step.
In one documented case, a successful transaction used a Brazilian card, Portuguese interface, and English narration—evidence that criminals are marketing these tools to an international audience.
Why “Ghost Touch” Is So Hard to Detect
The success of this fraud relies on three key factors:
- Speed: The NFC token lasts only a few seconds, so the transaction completes before the bank can flag it.
- No physical contact: The victim keeps their card and notices nothing unusual until checking their statement.
- Apparent legitimacy: Payments appear genuine, coming from a valid terminal or device.
Furthermore, the tokens themselves don’t contain full card details, making it difficult to trace the theft or recover lost funds.
The Role of Social Engineering
Beyond the technical component, psychological manipulation is at the heart of this scam.
Attackers often gain the victim’s trust through phone calls or messages posing as bank representatives. They use formal language and offer “help” with a supposed security issue.
Once trust is established, they persuade the victim to install an app or bring their card near the phone—triggering the theft.
At TecnetOne, we’ve observed how these attacks blend digital and human manipulation, a growing trend in modern cybercrime.
You might also be interested in: Alert in Mexico: Virus Redirects to Fake SAT and Bank Sites
How to Protect Yourself from “Ghost Touch”
Experts from Kaspersky and TecnetOne recommend simple but effective preventive measures to stay safe:
- Use NFC-blocking wallets or card sleeves.
RFID/NFC-protected accessories prevent wireless reading of your cards when not in use—an inexpensive safeguard against major losses.
- Monitor your bank activity.
Review your statements frequently and enable instant transaction alerts to detect suspicious activity in real time.
- Download apps only from official stores.
Avoid installing apps from links in messages or emails. Use Google Play or the App Store, and always check the developer’s reputation.
- Never share information with supposed bank employees.
If you receive a call or message claiming to be from your bank, don’t provide personal details or install apps. Hang up and contact your bank directly through official channels.
- Install a trusted security solution.
Use antivirus and cybersecurity tools capable of detecting malicious apps and suspicious NFC behavior. TecnetOne recommends solutions with real-time behavioral analysis and NFC protection.
Beyond the Fraud: Building Digital Awareness
“Ghost Touch” is just one example of how cybercriminals exploit every new technological advance to invent fresh scams.
The problem doesn’t lie in NFC technology itself, which remains secure when used properly—but in human vulnerabilities and lack of awareness.
As society adopts faster, more automated payment methods, security must evolve at the same pace. Relying solely on banking systems isn’t enough; users must also take responsibility for protecting their data.
At TecnetOne, we believe that education is the first line of defense. Understanding how these threats work and how to prevent them is the best way to avoid financial losses and keep your data safe.
Conclusion
“Ghost Touch” proves that convenience can come at a cost when not paired with caution. In just seconds, an intercepted token can empty an account or authorize an unrecognized purchase.
The key lies in vigilance—using secure tools, verifying every request, and distrusting anything unusual, no matter how legitimate it seems.
Fraud keeps evolving, but so do defenses. With the right knowledge and practices, you can enjoy technology’s benefits without becoming its next victim.
Because in a world where everything connects, your security begins in your own hands.