Understanding the Ghost Tap Attack
The Ghost Tap attack is a sophisticated cybercrime method targeting users of digital payment systems like Apple Pay and Google Pay. According to cybersecurity experts at ThreatFabric, this attack allows hackers to make unauthorized purchases from any card reader globally, rather than simply withdrawing cash from ATMs. This is a significant evolution from previous methods, such as the NGate attack, which primarily focused on micropayments and ATM withdrawals.
How Hackers Execute the Ghost Tap Attack
To successfully carry out a Ghost Tap attack, cybercriminals first need to steal sensitive bank card information and the one-time password associated with digital payment services. Hackers typically employ malware to infiltrate banking or digital payment applications, and they utilize phishing techniques or spyware to capture the one-time passwords. Once they have this information, it is relayed to a network of money transfer specialists who can execute transactions without the need for physical credit cards.
Implications for Financial Institutions and Users
The rise of Ghost Tap attacks poses a significant challenge for financial institutions. While banks have anti-fraud technologies in place, they often struggle to detect small, fraudulent purchases, which can go unnoticed. This allows hackers to make multiple small transactions across different locations, effectively bypassing detection systems. Experts warn that the growing network of money transfer specialists could lead to substantial financial losses for users, prompting a call for banks to enhance their fraud detection measures.
