Listen to this Post
In the fast-evolving landscape of digital payments, Near Field Communication (NFC) technology has made it possible for consumers to make quick, contactless transactions. However, this convenience has also introduced a wave of cybercrime, as hackers and cybercriminal groups exploit NFC-enabled devices for fraud. A recent investigation by Resecurity, a cybersecurity firm, uncovered a disturbing trend where millions of dollars were lost to NFC fraud, particularly targeting some of the largest financial institutions in the United States. This article delves into the findings of this investigation and sheds light on the methods and tools employed by cybercriminals to exploit NFC technology.
NFC Fraud and Its Rising Threat
In Q1 of 2025, Resecurity uncovered a series of cyberattacks that caused significant financial losses—several million dollars—in one of the top Fortune 100 financial institutions in the U.S. The focus of these attacks was NFC fraud, which remains a persistent issue due to several technical and organizational challenges in combating it.
Cybersecurity experts have traced these incidents back to cybercriminal groups operating from China. These groups have become notorious for targeting customers using Google and Apple Wallet apps. The malicious actors primarily rely on abusing contactless payment technology and manipulating NFC protocols to facilitate fraudulent transactions.
Resecurity’s HUNTER unit discovered a Telegram group selling the Z-NFC tool, which is specifically designed to help cybercriminals carry out fraudulent payments using NFC technology. This tool is not the first of its kind, as another similar product called King NFC had previously been marketed on the Dark Web. Both tools exploit vulnerabilities in NFC technology, allowing fraudsters to bypass traditional security measures.
The fraudsters primarily operate using Android-based smartphones, where multiple cards are stored in mobile wallets for the purpose of executing fraudulent transactions. Some of the most targeted financial institutions include Barclays, Bank of Scotland, Lloyds Banking Group, Halifax, HSBC, Santander, Wise, and Revolut, which saw their systems flooded with fraudulent charges.
How NFC Technology Works and Why It’s Vulnerable
At the core of NFC-enabled payment apps like Google Wallet and Apple Wallet is Host Card Emulation (HCE). This technology allows mobile devices to mimic physical NFC cards by registering a service that extends HostApduService. This function enables apps to respond to Application Protocol Data Unit (APDU) command sequences, which are the standard communication units between a smart card reader and a smart card. Unfortunately, cybercriminals have learned to manipulate this process to execute fraudulent transactions.
The key vulnerability that cybercriminals exploit is the absence of a Cardholder Verification Method (CVM) for low-value contactless transactions. These transactions, typically below a certain threshold (the “Contactless CVM limit”), do not require additional security measures like PINs or signatures. This makes it easy for fraudsters to execute multiple small transactions using compromised credit card data without triggering alarms.
Additionally, cybercriminals are also leveraging Soft POS (Point of Sale) solutions—software that turns NFC-enabled smartphones, tablets, and other handheld devices into payment terminals. This tactic allows fraudsters to bypass traditional POS terminals and make fraudulent payments using everyday devices.
Why NFC Fraud is Still a Threat
Despite the rapid adoption of NFC technology, with over 1.9 billion NFC-enabled devices globally, cybersecurity experts believe NFC fraud will continue to be a major concern. The lack of robust verification measures for contactless payments below a certain value remains a significant security loophole. Furthermore, the increasing use of Soft POS solutions makes it easier for cybercriminals to conduct fraud using basic Android smartphones.
What Undercode Say:
The findings from Resecurity’s investigation highlight a complex and evolving threat landscape where cybercriminals are constantly finding new ways to exploit NFC technology. What stands out in this case is the use of specialized tools like Z-NFC and King NFC, which are marketed openly on platforms such as Telegram and the Dark Web. These tools provide fraudsters with the means to automate and streamline their fraudulent activities, making it even more difficult for financial institutions to identify and stop these attacks in real-time.
Furthermore, the abuse of Soft POS solutions is a concerning trend. These solutions, often marketed as convenient and efficient, are becoming a new vector for fraud. The ease with which cybercriminals can turn everyday devices into payment terminals suggests that current security measures are not sufficient to combat this growing threat.
The focus on low-value transactions without CVM verification also signals a need for an overhaul in how contactless payments are secured. While the convenience of NFC payments is undeniable, financial institutions must consider implementing more robust verification mechanisms to prevent fraud from reaching scale. This could include adopting biometric authentication or leveraging machine learning to identify suspicious transaction patterns.
Moreover, as NFC technology continues to be integrated into more devices, including smartphones, wearables, and even vehicles, the scope of this issue will only grow. Financial institutions and tech companies alike need to stay ahead of these evolving threats by continuously monitoring and adapting to the tactics used by cybercriminals.
Fact Checker Results:
- Tool Availability: Both the Z-NFC and King NFC tools have been identified as real and are actively marketed on platforms like Telegram and the Dark Web.
- NFC Vulnerabilities: The exploitation of low-value contactless transactions without CVM remains a critical vulnerability in NFC payments.
- Rising Threat: With the increasing adoption of NFC-enabled devices globally, the scale of NFC fraud is expected to rise, making it crucial for institutions to update their security protocols.
References:
Reported By: securityaffairs.com
Extra Source Hub:
https://www.facebook.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2





