News & Blog

Android Phones 'Tap-and-Go' Thefts.

By Francis West on 6th October 2016
Filed under: Security

The law enforcement agency of the European Union ‘Europol’ has warned of the dangers of a new crime whereby Android smart phones can be used to commit so-called ‘tap-and-go’ thefts.

What Is Tap-and-Go?

On Android phones, tap-and-go was introduced to enable people to quickly and easily transfer the data from and old phone to a new phone. The process uses ‘near field communication’ (NFC) technology. NFC is the protocol that allows 2 electronic devices (at least one of them portable) to communicate when they are within approximately 4cm of each other.

The use of smart wallets i.e. using a smart-phone for payment transactions as well as personal details (driver’s license, ID documents etc.) could pose a substantially greater security risk therefore when combined with this new crime risk.

Exploited By Criminals.

According to Europol’s annual Internet Organised Crime Threat Assessment report, cyber criminals are already making progress in exploiting these technologies and the vulnerabilities to commit tap-and-go fraudulent thefts.

Merchant Out of the Loop.

With a normal card payment system, if a merchant spots a fraudulent transaction they can seize the card thereby stopping any further fraud using that card. If, as with smart wallet style systems compromised card data is stored on a smartphone the power of the merchant being able to confiscate the card and stop further crime is taken out of the loop.

How Does The Crime Take Place?

It is believed that tap-and-go crimes are being operated using software (most likely purchased from the dark web) that can upload compromised card data to Android phones in order to enable them to make payments at any stores accepting NFC payments.

Why Android Phones?

Technical experts have been saying that Android phones are being used in this crime because Google doesn’t prevent third-party apps using a device's NFC chip, and code can be written to get at NFC, WIFI and Bluetooth on Android-based devices.

This is not the case with iPhones because their systems are locked down.

What Does This Mean For Your Business?

Although this crime has been highlighted in the Europol report, it appears as though it is unlikely to be prevalent at this stage and it doesn’t mean that we should stop using Android Pay.

It is important, however, that we should all remain vigilant against unusual transactions. If you have an iPhone it appears of course that you are at much less of a risk of falling victim to this type of crime at the present time.

This story also illustrates how advanced cyber criminals are as they are able to spot and quickly exploit vulnerabilities in very new technologies and protocols.