The convenience of paying by simply tapping your card or phone on a reader has become part of everyday life. But that same technology is now being exploited by cybercriminals to drain bank accounts in seconds.
A new Kaspersky report has revealed a fraud scheme known as “Ghost Touch,” which allows criminals to steal contactless (NFC) payments by intercepting the unique codes generated during each transaction. The alarming part? This attack can be executed without you noticing—and without losing your card.
Ghost Touch is a digital fraud method that exploits vulnerabilities in Near Field Communication (NFC) technology, used for proximity-based payments.
When you hold your card or mobile device near a payment terminal, the system generates a unique token—a temporary code that validates the transaction. Criminals have found a way to intercept this token, relay it in real time, and complete a fraudulent purchase as if they had your physical card in hand.
Kaspersky warns that this type of fraud is spreading rapidly across Latin America, where contactless payments have become extremely popular since the pandemic.
The attack can be carried out in two ways: in-person or remotely—both fast, silent, and difficult to detect.
In crowded areas—cafés, concerts, public transport, or checkout lines—criminals can get close enough to their victims without drawing attention.
They use two smartphones:
The entire process takes just a few seconds. The victim feels nothing, their card never leaves their possession, and because the token is temporary, the transaction looks legitimate—rarely triggering fraud detection systems.
Similar titles: Malware Godfather Uses Virtualization to Steal Banking Data
This version combines social engineering with malicious apps.
The attacker impersonates a bank or card issuer representative and convinces the victim to install a fake app under the pretext of “account verification” or “security activation.”
Once installed, the app asks the user to tap their card against the phone “to verify the data.” At that moment, the app intercepts the NFC token and sends it to the attacker, who immediately uses it to authorize a transaction elsewhere.
This method mostly targets Android users, as the system allows app installations from outside Google Play, making malware distribution easier.
Although “Ghost Touch” has been detected worldwide, Brazil is currently the hardest-hit country, accounting for 47% of all blocked attempts globally, according to Kaspersky.
Other nations with high incident rates include India, China, and Spain, but the concern is greatest in Latin America, where contactless cards and digital wallets are now ubiquitous.
The issue extends beyond the technology itself: on platforms like Telegram, tutorials and videos circulate teaching how to perform the scam step by step.
In one documented case, a successful transaction used a Brazilian card, Portuguese interface, and English narration—evidence that criminals are marketing these tools to an international audience.
The success of this fraud relies on three key factors:
Furthermore, the tokens themselves don’t contain full card details, making it difficult to trace the theft or recover lost funds.
Beyond the technical component, psychological manipulation is at the heart of this scam.
Attackers often gain the victim’s trust through phone calls or messages posing as bank representatives. They use formal language and offer “help” with a supposed security issue.
Once trust is established, they persuade the victim to install an app or bring their card near the phone—triggering the theft.
At TecnetOne, we’ve observed how these attacks blend digital and human manipulation, a growing trend in modern cybercrime.
You might also be interested in: Alert in Mexico: Virus Redirects to Fake SAT and Bank Sites
Experts from Kaspersky and TecnetOne recommend simple but effective preventive measures to stay safe:
“Ghost Touch” is just one example of how cybercriminals exploit every new technological advance to invent fresh scams.
The problem doesn’t lie in NFC technology itself, which remains secure when used properly—but in human vulnerabilities and lack of awareness.
As society adopts faster, more automated payment methods, security must evolve at the same pace. Relying solely on banking systems isn’t enough; users must also take responsibility for protecting their data.
At TecnetOne, we believe that education is the first line of defense. Understanding how these threats work and how to prevent them is the best way to avoid financial losses and keep your data safe.
“Ghost Touch” proves that convenience can come at a cost when not paired with caution. In just seconds, an intercepted token can empty an account or authorize an unrecognized purchase.
The key lies in vigilance—using secure tools, verifying every request, and distrusting anything unusual, no matter how legitimate it seems.
Fraud keeps evolving, but so do defenses. With the right knowledge and practices, you can enjoy technology’s benefits without becoming its next victim.
Because in a world where everything connects, your security begins in your own hands.