NFC Contactless Payment Scams
NFC payment technology, designed for convenience, has recently become the center of a massive fraud operation sweeping across California. State officials have confirmed hundreds of cases where criminals use "ghost tapping" techniques to steal funds from unsuspecting victims' contactless cards and mobile wallets. According to the Better Business Bureau (BBB), victims are reporting losses ranging from $50 to over $1,000 per incident.
The fraud typically occurs in crowded areas where scammers can discreetly position payment terminals near victims' pockets or bags. Furthermore, sophisticated criminals are creating fake vendor fronts or charity collection points, tricking users into making what they believe are legitimate transactions. Many victims remain unaware of the theft until they review their monthly statements.
Consequently, authorities are now scrambling to address this growing threat as similar cases begin to emerge in other states. This article examines how these scams operate, shares stories from actual victims, provides essential protection measures you can implement immediately, and outlines how officials are responding to this alarming trend in financial crime.
California Reports Surge in NFC Payment Fraud
The Federal Bureau of Investigation's 2024 Internet Crime Report reveals California leads the nation in digital payment fraud, with residents filing more complaints than any other state and suffering total losses exceeding $2.50 billion. This troubling trend coincides with the rising popularity of contactless payment methods throughout the state.
State officials confirm hundreds of cases in major cities
California's Department of Social Services has identified approximately $22.80 million stolen from victims' Electronic Benefit Transfer (EBT) card beneficiaries during just the first quarter of 2024. This staggering figure represents only a portion of the broader NFC payment fraud crisis affecting the state. Most notably, these crimes disproportionately target low-income families who depend on these benefits for essential purchases like food and household necessities.
Law enforcement agencies have been investigating these thefts across California for fourteen months, indicating the persistent and evolving nature of the problem. In Northern California specifically, officials have linked some suspects to over 40 similar cases spanning six states, suggesting the operation of organized fraud rings rather than isolated incidents.
The fraud techniques employed vary but typically involve either direct skimming at ATMs and point-of-sale terminals or sophisticated NFC exploitation. Criminals use skimming devices to record victim account information from magnetic strips while capturing PINs through keypad overlays. Additionally, the Better Business Bureau (BBB) has documented increasing reports of "ghost tapping" incidents throughout the state, where fraudsters exploit NFC technology without requiring physical possession of the victim's card.
Victims report losses ranging from $50 to over $1,000
Individual victims face substantial financial harm from these crimes. According to the Consumer Sentinel Network, while the median loss across all fraud reports in 2024 is $497, NFC payment fraud victims often experience varied losses:
- Small initial transactions (typically under $100) designed to avoid triggering bank alerts
- Larger subsequent charges once criminals confirm the payment method works
- Total losses frequently exceeding $1,000 before victims can freeze accounts
In one documented California case, a victim reported that a thief used their card as a credit card—requiring no PIN or ID verification—and accumulated over $1,000 in fraudulent purchases before the account could be frozen. Though the victim's bank eventually reversed the charges, the incident highlighted significant security vulnerabilities in contactless payment systems.
The BBB's Scam Tracker has logged numerous California complaints involving similar tactics. In one especially alarming case, someone posing as a charity fundraiser targeted multiple victims in the same neighborhood using a portable payment terminal, charging one person $537 and another $110 without showing the transaction amounts. Meanwhile, in Missouri, victims reported similar scenarios where scammers approached people with "tap machines" to read cards through purses or wallets, with one person losing $100.
The prevalence of these scams appears highest in crowded venues across major California cities, including transit stations, festivals, markets, and other public gatherings where close physical proximity makes NFC exploitation easier and less detectable.
How Scammers Use Ghost Tapping to Steal Funds
Ghost tapping, a sophisticated fraud technique, has emerged as criminals find new ways to exploit Near Field Communication (NFC) technology. Unlike traditional card skimming, this method allows scammers to steal funds wirelessly, often leaving victims unaware until they review their statements.
Scammers exploit NFC technology in crowded areas
The Better Business Bureau warns that fraudsters strategically target locations where people are distracted or in close proximity. Busy transit stations, festivals, markets, and other crowded venues create ideal environments for ghost tapping operations. In these settings, victims have little chance to notice unauthorized transactions as they navigate through packed spaces.
Moreover, criminals rely on the chaos of crowds to mask their activities. They may deliberately bump into potential victims, using this brief physical contact as an opportunity to activate a hidden payment terminal. Such "accidental" encounters provide perfect cover for initiating unauthorized transactions.
Throughout these crowded environments, scammers can conduct multiple small withdrawals—typically under $5—to avoid triggering fraud detection systems. These minor charges often go unnoticed by victims, yet confirm to criminals that they've accessed an active credit card for larger future transactions.
Fake vendors and charity scams trick users into tapping
Fraudsters frequently pose as legitimate merchants or charity representatives, setting up temporary stands at events or going door-to-door soliciting donations. These operations appear genuine but conceal malicious intent. The scammers insist on contactless payments exclusively, claiming it's their only accepted payment method.
A particularly troubling tactic involves rushing victims through the payment process. The scammer's terminal might display no total or only show a small amount, while actually charging significantly more. In one BBB Scam Tracker report, someone posing as a fundraiser for special needs students charged a victim $537 without allowing them to see the transaction amount. Another victim in the same neighborhood lost $110 to the same scheme.
Charity scams prove particularly effective as they exploit people's generosity. The criminal requests a small donation—perhaps just a few dollars—but programs their device to charge substantially more. By the time victims realize what happened, the scammer has moved to another neighborhood.
Hidden readers trigger payments through wallets and bags
Perhaps most concerning is scammers' ability to initiate payments without direct access to cards or phones. Modern NFC-enabled readers can detect and communicate with payment cards even through thin wallets, purses, or clothing. This means criminals carrying concealed readers in crowded areas can potentially charge cards without ever removing them from pockets or bags.
The technical sophistication behind these attacks has increased dramatically. Research from Germany's Technical University of Darmstadt identified malware called NGate that can relay NFC data in real time from a compromised phone to a remote attacker. This enables unauthorized transactions without the victim's knowledge or consent.
Despite the overall security of NFC technology, these vulnerabilities persist. Cybercriminals have developed custom apps capable of emulating NFC smart cards, with some creating "farms" of mobile devices to automate fraud at scale. Chinese actors have been identified operating dozens of devices simultaneously via customized servers that relay NFC transactions to point-of-sale terminals.
To combat these threats, experts recommend several precautions: using RFID-blocking wallets or sleeves, verifying merchant names and transaction amounts before tapping, enabling real-time transaction alerts, and monitoring accounts regularly for suspicious activity.
Real-Life Victims Share Their Experiences
Victims across multiple states have begun sharing their experiences with NFC payment fraud, revealing both the financial and emotional toll of these increasingly common scams.
Missouri and California residents report similar tactics
A Missouri resident lost $100 after being approached by someone carrying a handheld card reader, illustrating how these scams have spread beyond California's borders. In Sacramento, California, two Chinese nationals were arrested after using a mobile app that cycled through more than 80 stolen payment cards at a local Target store. Despite having many transactions declined, the suspects still managed to obtain $1,400 worth of gift cards before being apprehended.
Following their arrest, both individuals admitted they were being paid $250 daily to conduct these fraudulent transactions. One suspect attempted 42 separate transactions using different bank cards, with 32 being declined but still successfully spending $855. His accomplice tried 48 transactions, succeeding 11 times and spending $633.
BBB Scam Tracker logs increasing complaints nationwide
The Better Business Bureau's Scam Tracker has documented numerous cases with losses sometimes exceeding $1,000. In one particularly troubling report, a scammer posed as a charity representative claiming to sell chocolate for special needs students. This individual insisted on tap-to-pay as the only payment method, then charged victims without showing them the transaction amounts.
"He got my mother for $537… Another victim for $1,100," stated one report, noting that the perpetrator "changes neighborhoods frequently to avoid getting caught". Similarly, in another case reported to BBB Scam Tracker, someone went door-to-door pretending to sell chocolate for a school fundraiser, likewise accepting only contactless payments.
In a more severe incident from Chicago, what began as a request for a $20 donation escalated into a dangerous confrontation when victims chased the scammers, resulting in serious injuries including a fractured rib and punctured lung.
Some victims unaware until reviewing monthly statements
First linked to a significant 2016 case, cross-state NFC fraud has a documented history. Latricia Newell was sentenced to 48 months in prison after authorities discovered she had traveled from California to Missouri with 64 counterfeit credit cards. When arrested, officers found 51 fraudulently purchased gift cards in her possession.
At present, many victims remain unaware they've been targeted until much later. The FBI reported more than 2,000 complaints of related scams in a single month. Certainly, fraudsters deliberately keep initial charges small to avoid triggering bank security systems, with victims often discovering these unauthorized transactions days or weeks afterward.
The BBB has identified several warning signs that might indicate you've been victimized, including bank alerts about small "test" charges, suspicious requests to tap without displaying totals, and unexpected charges appearing after time spent in crowded places.
What You Can Do to Protect Yourself
As contactless payment fraud spreads across the country, implementing protective measures has become essential for cardholders. The Better Business Bureau and financial security experts recommend several strategies to safeguard your accounts from ghost tapping and related scams.
Use RFID-blocking wallets or sleeves
Radio Frequency Identification (RFID)-blocking wallets create a protective shield around your cards, preventing unauthorized scanning. These specialized wallets contain materials like metal, carbon fiber, or RFID-blocking fabric that disrupt transmission of radio frequency signals. Although some experts debate the extent of the threat, these protective accessories provide valuable peace of mind, primarily when traveling or navigating crowded areas. Most RFID wallets protect cards within about one inch of the outside of the wallet, effectively blocking NFC and RFID signals.
Verify merchant name and amount before tapping
First thing to remember before completing any contactless payment: always check the merchant's name and transaction amount on the terminal screen. Be wary of vendors who rush you, hide the screen, or refuse to provide receipts – these are red flags of potential fraud. If something seems suspicious about a payment terminal or you feel uncomfortable with the transaction, opt for an alternative payment method or cancel completely.
Enable real-time transaction alerts from your bank
Setting up instant notifications for all card activity represents one of the simplest yet most powerful tools against fraud. Many financial institutions offer customizable alerts via text message or email for various transaction types. These notifications help you detect unauthorized access immediately, enabling you to report fraud within the critical timeframe for reimbursement. For peer-to-peer payment services like Venmo or PayPal, enabling transfer alerts helps track transactions in real time.
Limit tap-to-pay use in high-risk environments
Hence, exercise caution when using contactless payments in crowded locations where scammers typically operate. In situations where risk seems elevated, consider inserting or swiping your card instead. On Android devices, you can temporarily disable NFC in Settings, whereas iPhone users must activate Airplane Mode to block NFC functionality.
Update mobile wallet apps and phone OS regularly
Software updates frequently contain security patches that fix vulnerabilities exploited by attackers. Before updating, ensure your device has sufficient charge (at least 70%) and back up your files as a precaution. After installation, verify your privacy settings for location services, Bluetooth sharing, and ad tracking to maintain your preferred security configuration.
Authorities Respond to Growing Threat
In response to the alarming rise in NFC payment fraud, government agencies and financial institutions have mobilized nationwide resources to combat these sophisticated criminal operations.
BBB and FTC issue public warnings
The Better Business Bureau has taken decisive action by issuing formal alerts about "ghost tapping" scams throughout affected regions. Their Scam Tracker system actively documents victim experiences, creating a valuable database for identifying patterns and warning potential targets. Presently, the BBB advises consumers to implement specific protective measures, including RFID-blocking wallets and setting up transaction alerts.
Law enforcement investigates organized fraud rings
Federal and state authorities recently dismantled a major cross-state operation involving eight suspects connected to an $8.8 million bank fraud scheme that victimized 235 people. This investigation, spanning fourteen months, required coordination between multiple agencies including the Florida Attorney General's Office, Florida Department of Law Enforcement, and police departments from Maryland, Virginia, and Missouri. Attorney General James Uthmeier subsequently announced charges including racketeering and criminal use of personal information.
Banks urged to improve fraud detection for contactless payments
Financial institutions face increasing pressure to enhance security measures for NFC transactions. Throughout 2023-2024, the U.S. Treasury Department implemented advanced fraud detection systems, primarily using machine learning AI, preventing and recovering over $4 billion in fraudulent transactions—a substantial increase from $652.7 million the previous fiscal year. Additionally, Treasury expanded risk-based screening resulting in $500 million in prevention and identified high-risk transactions that prevented $2.5 billion in losses. Under these circumstances, banking security experts emphasize the need for real-time verification protocols specifically designed for contactless payment systems.
Conclusion
NFC payment fraud has quickly evolved from isolated incidents to a widespread crisis affecting thousands of California residents. This alarming trend now spreads beyond state borders, creating financial hardship for victims nationwide. Though contactless payment technology offers convenience, criminals exploit its vulnerabilities through sophisticated "ghost tapping" methods that leave many unaware they've been targeted until significant damage occurs.
The evidence clearly demonstrates organized criminal operations rather than random scammers. These criminals target crowded venues, create fake charity fronts, and utilize hidden readers capable of detecting cards through clothing and accessories. Their tactics grow increasingly sophisticated, with some employing custom apps and device farms to automate fraud at scale.
Protection against these threats requires a multi-layered approach. RFID-blocking wallets serve as a first line of defense, while vigilance when making contactless payments helps identify suspicious behavior. Additionally, enabling real-time transaction alerts allows immediate detection of unauthorized charges. Users must exercise particular caution in crowded environments where scammers typically operate.
Law enforcement agencies across multiple states have begun coordinated efforts to combat these fraud rings. The Better Business Bureau continues documenting cases and warning the public, while financial institutions face pressure to strengthen security measures specifically for contactless payments. Despite these efforts, the responsibility ultimately falls on consumers to stay informed and implement protective measures.
NFC technology offers undeniable benefits, yet its convenience comes with security risks that demand attention. Users who understand these threats and adopt recommended safeguards can continue enjoying the advantages of contactless payments while minimizing exposure to fraud. The battle against financial criminals requires both institutional vigilance and personal responsibility as this payment method becomes increasingly embedded in daily transactions.
References
[1] – https://www.bbb.org/all/consumer/scam/how-to-spot-and-avoid-tap-to-pay-scams
[2] – https://wrnjradio.com/bbb-warns-of-ghost-tapping-scams-targeting-tap-to-pay-users/
[3] – https://www.justice.gov/usao-edmo/pr/california-woman-sentenced-fraud-charges
[4] – https://www.polksheriff.org/news-investigations/2025/07/23/eight-facing-charges-in-multi-state-$8.8-million-bank-fraud-and-racketeering-scheme
[5] – https://www.foxnews.com/tech/ghost-tapping-scam-targets-tap-to-pay-users
[6] – https://moneywise.com/news/better-business-bureau-issues-warning-about-ghost-tapping
[7] – https://www.michigan.gov/consumerprotection/protect-yourself/consumer-alerts/scams/beware-of-ghost-tapping-scams
[8] – https://www.wrbl.com/news/ghost-tapping-scam-targets-tap-to-pay-technology/amp/
[9] – https://www.fox13news.com/news/scammers-target-tap-pay-credit-card-feature
[10] – https://foresiet.com/blog/advanced-android-malware-targets-nfc-data-for-atm-cashouts/
[11] – https://cyberpress.org/cybercriminals-exploit-nfc-tech-to-drain-funds/
[12] – https://www.resecurity.com/blog/article/nfc-fraud-wave-evolution-of-ghost-tap-on-the-dark-web
[13] – https://krebsonsecurity.com/2025/03/arrests-in-tap-to-pay-scheme-powered-by-phishing/
[14] – https://yourlegacyfcu.com/2025/01/beware-of-tap-to-pay-scams-a-cautionary-tale-out-of-chicago/
[15] – https://www.guidepointsecurity.com/newsroom/fbi-reports-toll-scam-texts-plaguing-phones-nationwide/
[16] – https://www.newsweek.com/ghost-tapping-what-to-know-about-new-scam-warning-10939329
[17] – https://www.travelandleisure.com/best-products/best-rfid-blocking-wallets
[18] – https://www.aarp.org/money/scams-fraud/rfid-wallets-purses/
[19] – https://taptag.shop/products/rfid-blocking-pop-wallet?srsltid=AfmBOor5bBiXZ8vyaPvhPDCOvzKUoS72AeZfLhpM53AUmQVlNQhXeNVu
[20] – https://www.al.com/news/2025/10/what-is-ghost-tapping-warning-for-all-debit-credit-card-users.html
[21] – https://lifehacker.com/money/tap-to-pay-scams
[22] – https://www.halodot.io/blogs/tap-to-pay-fraud-myths-real-risks-and-how-to-stay-safe
[23] – https://www.bankrate.com/banking/checking/mobile-banking-account-alerts/
[24] – https://usa.visa.com/pay-with-visa/featured-technologies/purchase-alerts.html
[25] – https://www.ncsc.gov.uk/collection/device-security-guidance/managing-deployed-devices/keeping-devices-and-software-up-to-date
[26] – https://www.fcc.gov/consumers/guides/updating-your-smartphone-operating-system
[27] – http://www.myfloridalegal.com/newsrelease/attorney-general-james-uthmeier-charges-eight-members-massive-88-million-bank-fraud
[28] – https://home.treasury.gov/news/press-releases/jy2650
Need a Criminal Defense Attorney? CALL NOW: 213-932-8922
Yuliya Kelmansky is an Expert Criminal Defense Attorney who has over 10 years of practice defending a variety of criminal cases.
