NFC Exploited to Steal Funds from ATMs and POS

NFC Technology Abused in Global ATM and POS Fraud

Cybercriminals, mainly from Chinese underground networks, are using NFC (Near Field Communication) technology to carry out large-scale fraud at ATMs and point-of-sale (POS) terminals.

According to Resecurity, many banks, FinTech firms, and credit unions reported a sharp rise in NFC-based fraud in early 2025. One major U.S. financial institution lost millions as a result.

These attackers use advanced tools to manipulate NFC systems and make unauthorized payments. Targets include regions like the U.S., UK, EU, Australia, Canada, Japan, and the UAE.

How the Fraud Works

The attackers take advantage of Android’s Host Card Emulation (HCE), which lets phones act like payment cards. Tools like “Z-NFC” and “Track2NFC”—sold on the Dark Web—are used to steal payment data and simulate legitimate transactions at ATMs and POS terminals.

Some techniques, like “Ghost Tap,” allow payments without alerting payment processors. Others use apps like “HCE Bridge” to fake contactless payment methods.

Resecurity found that these tools are designed to hide from detection, using complex code and encryption. Some criminals even operate mobile device “farms” to commit fraud on a large scale.

Global Impact

Hackers have targeted major banks like Barclays, HSBC, and Santander. They also abuse loyalty programs and use stolen card data from ATM skimmers to make contactless payments that don’t require PINs.

NFC-enabled terminals are often misused or registered with fake identities, allowing fraud and money laundering in countries like China, Malaysia, and Nigeria.

With nearly 2 billion devices supporting NFC worldwide, and the privacy of encrypted communication, these crimes are hard to trace. As more people use contactless payments, stronger security and international cooperation are essential to stop this growing threat.

Indicators of Compromise (IOC)

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!