Warning over Android ‘tap-and-go’ thefts

Android, Google, silicone valley

Europol has warned that Android phones may be used by criminals to carry out fraudulent tap-and-go payments in a new report.

The EU’s law enforcement agency works with the police forces of member states, and has produced a report to highlight certain cyber crimes that are emerging. At the moment, police do not know the full scale of a problem relating to tap-and-go thefts using Android phones.

It is believed that Android phones are more likely to be used by criminals, rather than Apple products. This is because, unlike Google, Apple does not allow third-party apps to use the NFC chip of a device.

The report says: “The possibility of compromising NFC [Near Field Communication] transactions was explored by academia years ago, and it appears that fraudsters have finally made progress in the area. Several vendors in the dark net offer software that uploads compromised card data on to Android phones in order to make payments at any stores accepting NFC payments.”

One of the concerns help by the authors of the report is that shops may be unsure on how to respond to such crimes taking place.

“Currently, when merchants detect a fraudulent transaction, they are requested to seize the card. However, the confiscation may not be feasible when the compromised card data are recorded on the buyer’s smartphone,” they wrote in the report.

As such, they have called for action to be taken by those who manufacture touchless payment terminals, as well as smartphone manufacturers.