According to Fortune, thieves are using a technique called “ghost tapping” to steal from consumers using the exact same NFC technology that powers tap-to-pay systems. The method requires thieves to be only within arm’s reach of victims, allowing them to steal personal financial information without the victim even realizing it’s happening. In Singapore alone, scammers used this method to steal nearly a million dollars during a recent three-month window. Ghost tapping works by exploiting Near Field Communication technology in mobile wallets, enabling fraudsters to make unauthorized transactions without physical contact. The technique represents the newest evolution of longstanding card scam fraud, executing full transactions that deliver cash directly to accounts controlled by thieves.
The virtual pickpocket in your pocket
Here’s how this scam actually plays out in the real world. Cybercriminals load small charges—typically between $1 and $100—onto portable payment terminals. Then they simply bump into people or stand close to them in crowded places like subways, elevators, or busy retail stores. If your phone is unlocked and NFC is enabled, the transaction processes instantly and discreetly. The small charge amounts mean many people don’t notice the theft, especially if they have transaction notifications turned off. Basically, it’s like a virtual pickpocket that doesn’t even need to touch your wallet.
This isn’t your grandma’s credit card scam
What makes ghost tapping particularly concerning is that it’s not just stealing information—it’s executing complete transactions. Older card scams might skim your data for later use, but ghost tapping immediately transfers money to the thief’s account. And because it uses legitimate payment infrastructure, the transactions look completely normal at first glance. The criminals don’t need sophisticated hacking skills either—they’re literally using the same technology that stores use for legitimate tap-to-pay systems. It’s frightening how easily existing technology can be weaponized against us.
Protecting yourself in crowded spaces
So what can you actually do about this? First, consider disabling NFC when you’re not actively using it—your phone’s settings make this pretty straightforward. Keep your phone locked when it’s in your pocket or bag, since unlocked devices are more vulnerable. Be extra cautious in crowded places and maintain awareness of people standing unusually close to you. And maybe reconsider having transaction notifications turned off—those alerts might be annoying, but they could save you from unauthorized charges. Security experts are warning that this threat is particularly dangerous during holiday shopping seasons when stores are packed and people are distracted.
The trust problem nobody’s talking about
Here’s the thing that should worry businesses even more than individual thefts: trust. If customers start feeling like tap-to-pay isn’t secure, they’ll avoid using it. They might even avoid stores they perceive as high-risk environments. We’ve built this incredibly convenient payment ecosystem, but it only works if people trust it. And incidents like ghost tapping attacks directly undermine that trust. The responsibility falls on both businesses and consumers—companies need to implement better security measures, and we all need to be more conscious about how we use our devices in public. Because let’s be honest, the criminals aren’t going to stop innovating anytime soon.
