Don't get Ghost Tapped 👻👻

I was at Safeway the other day with my kids buying groceries and when it came to checkout I had a choice, pay by tapping my card or with my phone's Apple Pay. Which do you think is safer? The answer might surprise you.

We did a KHON2 news segment this week on Ghost Tapping, the modern day version of a thief “bumping” your wallet. Except instead of stealing your card, they take advantage of its short-range wireless payment feature, near-field communication (NFC).

KHON2 - Ghost Tapping scam brings contactless virtual theft, how to prevent

So how real is this threat... really...

You might have seen some version of Ghost Tapping in a movie or crime show - a crook quietly draining a victim's card from across the room. This is waaay exaggerated. NFC is intentionally short range, but there are real risks of something like this happening to you. For example a street vendor or parking attendant tricks you into tapping your card on a malicious card terminal. Or imagine a tight space like a train or elevator where a crook can get close to your card and come into contact with it.

What are criminals doing once they have my card information?

The attacker will try to trick you into handing over your bank’s one-time passcode. It could be that you think you're verifying a small payment, delivery fee, toll charge, refund, or resolving an account issue. What you're really doing is giving the green light for the hacker to add your card to their Apple Pay or Google Wallet. They now have a completely legit wallet token on their phone and believe me, they go shopping!

The Takeaway

Don't want to be a victim of Ghost Tapping? Here's what I recommend:

• Use mobile wallets (Google Pay/Apple Pay/Samsung Pay) instead of physical cards when possible. They're much harder to clone and copy.

  
  

• Enable high dollar transaction alerts from your credit cards. That way you'll find out quick once the crook starts their shopping spree. Also keep an eye out for alerts from your bank or text messages that might say something like “your card was added to Apple Pay / Google Pay / Samsung Pay...”

  
  

• Use an RFID-blocking sleeve or wallet for physical cards. They're everywhere - on Amazon, at Best Buy, etc. You might even have it built into your current wallet!

  
  

• Avoid tapping if someone is rushing you or hiding the payment screen. Criminals are finding new and sophisticated ways to relay and skim your card's information.

  
  

• Lastly, never provide a one-time passcode to a website, text-message link, caller, or “support” person unless you personally initiated it and understand completely what you are approving.

Stay alert, use common sense when in doubt, slow it down. It might just save you from a real headache later. Stay safe out there.

-Attila

New Friday Funnies!

What do you call a police officer that won't get out of bed in the morning?

An under cover cop.

What did the hippie lifeguard yell to the swimmer?

"Hey you're too far out, man!"

What do you call it when you use a credit card at night?

A loan in the dark

Why was the tangent's credit card application denied?

He couldn't find anyone willing to cosine.

What did the crook say after he successfully stole someone's credit card?

Hasta la Visa.