Ghost Tapping: The Invisible Cyber Heist Threatening Your Digital Wallet
In the rapidly evolving world of cybercrime, attackers are always looking for ways to exploit new technology before defenses catch up. One of the most concerning threats emerging in 2025 is Ghost Tapping—a sophisticated form of NFC (Near-Field Communication) relay fraud that allows criminals to make purchases from your account without ever physically touching your card or phone.
Unlike traditional credit card fraud, Ghost Tapping doesn’t require skimming devices or stolen physical cards. Instead, it exploits the convenience of tap-to-pay systems—turning your smartphone or wearable into an unwilling accomplice in the crime.
What Is Ghost Tapping?
Ghost Tapping, sometimes called Ghost Tap, is an NFC relay attack. It enables cybercriminals to remotely capture and relay payment data from a compromised device or payment card to a “mule” device that can be used anywhere in the world.
Imagine sitting at home with your phone safely in your pocket, but somewhere across the city—or even across the globe—someone is using your card to purchase a store’s point-of-sale terminal. You never handed over your card. You never tapped your phone. But your account gets charged.
That’s Ghost Tapping in action.
How Ghost Tapping Works
Ghost Tapping is not a simple scam. It’s a coordinated cybercrime ecosystem involving multiple players, each with specialized skills:
Data Theft
Criminals obtain your credit or debit card details through phishing, malware, or compromised merchant systems.
They capture additional information, such as one-time passwords (OTPs) to bypass security and enroll your card into a digital wallet like Apple Pay or Google Pay.
NFC Relay Setup
Using tools such as NFCGate—initially developed for research but repurposed for crime—attackers relay the NFC signal from your account to a mule’s device.
The mule could be in another country, yet the transaction appears as a legitimate local tap-to-pay purchase.
In-Person Fraud
The mule walks into a store, taps their phone or wearable at the payment terminal, and the transaction processes as if you were there.
Because the transaction is contactless and authorized via tokenized data, traditional fraud detection systems often fail to flag it.
Profit Extraction
Mules purchase high-value goods or withdraw cash from ATMs with NFC-enabled withdrawals.
Goods are resold, or cash is sent back to the criminal network, often using encrypted messaging platforms and cryptocurrency.
Case Study:
The Coles Supermarket Mystery
Location: Australia – Source: Information Age
When Ian checked his bank statement one Monday morning, he was stunned. Two transactions totaling $1,388 had been made at a Coles supermarket — but not the one he frequented. This Coles was over 150 kilometers away, in a city he hadn’t visited in years.
The purchases were made using tap-to-pay, a technology Ian trusted for its security. He still had his phone and card, and no one else had access to them. His first thought: a banking error. But when he called his bank, the representative insisted that the transactions were valid, claiming Ian had personally tapped at the register.
Frustrated, Ian pushed back. Days later, surveillance footage proved his innocence. Two strangers were caught on camera making the purchases — their phone acting as Ian’s digital wallet. Cybersecurity experts later explained that Ian was a victim of Ghost Tapping — an NFC relay fraud where stolen payment credentials are transmitted to a criminal’s device in real time.
What haunted Ian wasn’t just the money — which was eventually refunded — but the realization that criminals could spend his money without ever stealing his card or phone. The experience left him with a new motto: “Trust technology, but verify everything.”
Why Ghost Tapping Is So Dangerous
Ghost Tapping bypasses many of the security safeguards that have made contactless payments popular. Traditional credit card fraud often involves detectable patterns—like card-not-present transactions from suspicious IP addresses. Ghost Tapping transactions, however, look legitimate:
Same payment network protocols
Tokenized, encrypted transactions
Authorized through legitimate point-of-sale systems
Banks may initially approve the payment because it appears as if the legitimate cardholder tapped their phone in a store.
The result? Victims can suffer repeated fraudulent charges before realizing what’s happening.
The Criminal Ecosystem Behind Ghost Tapping
Ghost Tapping is not the work of lone hackers. It’s powered by organized networks that operate much like traditional businesses:
Cybercriminals – Steal card data, bypass verification, and sell access on underground markets.
Developers – Create and maintain NFC relay tools, often sold as “fraud kits” to other criminals.
Mule Recruiters – Find individuals willing to conduct in-person transactions, sometimes offering a cut of the stolen funds.
Fence Operators – Resell stolen goods or cash out through cryptocurrency exchanges.
Investigations by threat intelligence firms such as Recorded Future and Resecurity have linked many Ghost Tapping schemes to Chinese-speaking criminal groups. These groups use encrypted Telegram channels and illicit marketplaces like Huione Guarantee to coordinate operations and sell stolen financial data.
Where Ghost Tapping Is Happening
While Ghost Tapping first gained traction in Southeast Asia—especially Singapore, Malaysia, and Australia—it’s a global threat in the making. The method is scalable and can be deployed in any country where NFC payments are popular.
Given the rise of mobile wallet usage in the United States, UK, and Europe, experts warn that it’s only a matter of time before Ghost Tapping appears in these markets on a larger scale.
Real-World Impact
Ghost Tapping’s damage extends beyond individual victims:
Consumers – Face unauthorized charges, financial stress, and disputes with banks.
Retailers – Lose goods to fraudulent transactions, often without reimbursement.
Banks & Payment Providers – Suffer chargeback losses and must handle customer dissatisfaction.
Insurance Companies – Face growing claims related to payment fraud.
Because the crime often involves international actors, prosecuting offenders is extremely difficult, and recovery of stolen funds is rare.
Case Study:
ATM Cash-Outs in the Czech Republic
Location: Czech Republic – Source: BankInfoSecurity
In late 2024, a series of ATM cash-out attacks swept through the Czech Republic. Customers were shocked to find their accounts emptied — but unlike typical card skimming, their physical cards had never left their wallets.
Security researchers at ESET uncovered the culprit: a malware strain nicknamed NGate, built on the NFCGate framework. Criminals would infect an Android device, pair it with stolen card credentials, and relay the NFC signal across the internet to a mule’s phone.
One mule — a 22-year-old man — was arrested after police caught him withdrawing $6,500 in cash from multiple ATMs. His phone, loaded with relayed NFC data, was essentially acting as a proxy card for victims who were miles away, unaware their credentials were in use.
ESET’s investigation revealed that the attacks had been ongoing for months, and most victims didn’t notice until days later. Even then, banks initially struggled to prove fraud because ATM withdrawals appeared as legitimate, in-person transactions.
The case served as a warning: even ATMs equipped with EMV chip readers aren’t immune when attackers can digitally teleport your card into their own hands.
How to Protect Yourself
While Ghost Tapping is advanced, there are proactive steps consumers and businesses can take:
For Individuals
Never share OTP codes – If you receive a one-time password you didn’t request, report it immediately.
Check wallet enrollments – Review your Apple Pay, Google Pay, or Samsung Pay wallet to ensure no unauthorized cards are linked.
Enable transaction alerts – Real-time notifications can help you spot unauthorized charges instantly.
Keep devices updated – Install OS and app updates to patch vulnerabilities.
For Businesses & Financial Institutions
Strengthen device verification – Require additional checks when adding cards to wallets.
Monitor for unusual patterns – Flag transactions where card enrollment and purchase occur in rapid succession.
Educate customers – Awareness campaigns can reduce successful phishing and OTP theft attempts.
Collaborate across networks – Sharing intelligence on relay fraud tools helps industry-wide defense.
Case Study:
Mobile Wallet Relays Across Borders
Location: Multiple Regions – Source: CyberInsider
In early 2025, a global fraud wave emerged targeting Apple Pay, Google Pay, and other mobile wallets. Victims would receive random OTP (One-Time Password) prompts from their banks — often dismissed as phishing attempts. In reality, criminals had already stolen their card details and were attempting to add those cards to their digital wallets.
Once linked, attackers used an NFC relay setup to stream the payment signal to mules in distant cities or even other countries. The mules, equipped with burner phones, would walk into retail stores, tap to pay for high-value electronics, and walk out — all charged to the victim’s account.
One victim in Singapore reported nine separate charges in two hours at department stores across the country — even though she was at work and her phone never left her desk.
By the time fraud detection systems flagged the activity, the goods were gone and resold on gray markets. Banks refunded the charges but warned customers to never ignore OTP prompts — they could mean someone is about to ghost-tap your wallet.
Why This Threat Will Grow
The same qualities that make NFC payments popular—speed, convenience, and security—also make them appealing to cybercriminals. Ghost Tapping exploits the assumption of safety in contactless transactions.
As more consumers go cashless, the potential profit from NFC-based fraud grows. In underground markets, access to a “live” digital wallet with a linked credit card can sell for hundreds of dollars, creating a powerful incentive for criminals to refine and scale their methods.
The Bigger Picture: Social Engineering + Technology
Ghost Tapping is not just a tech problem—it’s a human problem. Most attacks begin with social engineering, tricking victims into giving up OTP codes or installing malicious apps. Technology is the enabler, but human trust is the vulnerability.
This means combating Ghost Tapping requires a multi-layered approach:
Public education on phishing risks.
Technical safeguards in payment networks.
International law enforcement cooperation.
Final Thoughts
Ghost Tapping is a wake-up call for the digital payments industry. It proves that even the most secure-seeming systems can be compromised when criminals combine social engineering, technical skill, and organized networks.
For consumers, the lesson is simple: Stay alert, question unexpected messages, and monitor your accounts regularly. For businesses, it’s a call to upgrade fraud detection systems and collaborate with industry partners to identify threats faster.
Cybersecurity is a moving target. Ghost Tapping is just the latest arrow in a growing quiver of payment fraud tactics—and it won’t be the last. The sooner we understand it, the better we can defend against it.
About the Author
Dr. Mack Jackson Jr. is a cybersecurity expert, keynote speaker, and educator specializing in digital fraud prevention, compliance, and security awareness. Through Vanderson Cyber Group, Dr. Jackson helps businesses and individuals protect themselves against the evolving landscape of cyber threats.
Call to Action
If you found this article valuable, share it with your network to raise awareness about Ghost Tapping. To learn more about protecting your business and personal finances from cybercrime, visit MackJacksonJr.com and subscribe to Cybersecurity Awareness TV on YouTube.