However, this rise in usage also brings forth a corresponding increase in security risks, exposing you to various fraudulent schemes orchestrated by cyber criminals.

Trevor Cooke, privacy expert at Earthweb, discusses three of the most common contactless payment scams and reveals how you can protect yourself.

The Four Most Common Contactless Scams

1. Skimming Devices

Fraudsters install skimming devices on legitimate payment terminals to capture card information when users make transactions.

Trevor says, ‘These devices can covertly steal card details, including the card number and expiration date, enabling criminals to clone cards or make unauthorized purchases.’

2. Shoulder Surfing

This tactic involves criminals lurking near individuals making contactless payments and secretly observing or recording their card details. With this information, fraudsters can easily access the victim’s accounts or make fraudulent transactions.

3. Card Cloning

Criminals utilize sophisticated techniques to clone contactless cards, replicating the data stored on the card’s chip. Once cloned, these cards can be used for unauthorized transactions, posing a significant threat to users’ financial security.

4. RFID Readers

Trevor explains, ‘RFID (Radio Frequency Identification) is a technology that uses electromagnetic fields to automatically identify and track tags attached to objects.

These tags contain electronically stored information that can be read remotely using RFID readers or scanners.’

In the realm of contactless payment scams, criminals may exploit RFID technology by using illegal RFID readers or scanners to intercept data from unsuspecting individuals’ contactless cards or devices without their knowledge.

Identifying Red Flags And Protecting Your Personal Information

Trevor’s helpful tips to identify contactless payment fraud and to best protect your personal information include:

• Regularly monitor bank statements and transaction history for any unauthorized or suspicious activity.
• Shield PIN entry when making transactions, ensuring privacy and preventing potential shoulder surfers.
• Verify the security of payment terminals and ATMs before use, checking for any signs of tampering or suspicious attachments.
• Enable transaction notifications and alerts on mobile banking apps to receive immediate notifications of any unusual activity.
• Consider using additional security features such as biometric authentication or tokenization for added protection.
• Employ protective measures such as RFID-blocking wallets or sleeves, which help shield their cards from unauthorized scanning attempts.

As cybersecurity concerns continue to evolve alongside advancements in technology, consumers must remain aware and prioritize proactive measures to safeguard their financial information.

As noted by Earthweb’s privacy expert, Trevor Cooke, ‘In an era where data breaches and identity theft have become normal, it’s essential for people to prioritize the security of their personal information, especially when engaging in contactless payment transactions.’

[Featured Image Credit]

Jámà Ọnwụbụarịrị, the managing director and Co-founder of Trucks Transit Parks Ltd., said the technology is the latest innovation that will help to streamline truck movements within Lagos ports.

He disclosed these in a statement by Nnamdi Nancy, the spokesperson of TTP, to mark the 3rd anniversary of the mobility solutions company.

According to the MD, the technology will improve security & access control as well as prevent illegal crisscrossing of trucks between terminals.

The statement stated that the RFID, E-tags, and the E-Callup, innovations are poised to further ease truck mobility challenges and enhance efficiency within the industry.

“As part of its commitment to innovation, TTP is awaiting government approval to deploy for the Apapa and Tincan ports, its latest innovations, including Radio-Frequency Identification (RFID)/E-tags and the E-Callup Interchange Transaction Number (EITN), which will help to streamline truck movements within Lagos ports, improve security & access control as well as prevent illegal criss-crossing of trucks between terminals. These innovations are poised to further ease truck mobility challenges and enhance efficiency within the industry.

“Nigeria’s strategic location along the west coast of Africa makes us a maritime hub, and with the right initiatives and partnerships, we have the potential to unlock even greater opportunities,” Ọnwụbụarịrị, the TTP boss stated.

TTP has emerged as a key player in driving port terminal efficiency, reducing traffic congestion, and creating new business opportunities within the Apapa port economic zone.

“Our third anniversary of operations provides us an opportunity to reflect on how far we have come in breaking the barriers to tech adoption in maritime and logistics, but also on the vast opportunities in the industry that are yet untapped,”

Nigeria’s social and economic challenges present a fertile ground for innovation, and TTP has seized the opportunity to leverage technology to address these challenges.

With products like Ètò, an electronic truck call-up solution used to manage truck movement between various controlled facilities, and the recently launched Tafiyah, an online marketplace designed for the transportation of cargo; TTP has not only eased congestion but also provided solutions that maximize business opportunities for stakeholders while reducing carbon emissions and improving efficiency

“Lagos State’s status as the tech hub of Africa is a testament to the talent and potential within our borders. We believe technology and innovation can transform Nigeria into an economic powerhouse in the mid-term,” added Ọnwụbụarịrị.

TTP recognizes the importance of strategic partnerships with both private and public sector players in the maritime, infrastructure, and technology sub-sectors. These partnerships will enable TTP to deepen its value-adding services and contribute further to the growth and development of the industry.

“We are committed to actively seeking strategic partnerships with stakeholders across various sectors to drive innovation and create sustainable solutions,” Ọnwụbụarịrị, the MD of TTP concluded.

The discovered Prilex modifications can now block contactless near-field communication (NFC) transactions on infected PoS-terminals, forcing customers to use their physical credit cards, enabling cybercriminals to steal money.

While currently it is most active in Latin America, the expansion of Prilex into the Middle East, Turkiye and Africa region is possible in the coming months.

ALSO READ: TAP Launches Cowry Card Cashless Fare Collection Technology on new LRMT Blue Rail Line

Prilex is a notorious threat actor that gradually evolved from Automated Teller Machines (ATMs)-focused malware into a ​unique modular PoS malware — the most advanced PoS threat discovered so far. As described by Kaspersky previously in 2022, Prilex threat actor conducts so-called “GHOST” attacks, allowing them to perform credit card fraud — even on cards protected with the purported unhackable CHIP and PIN technology. Now, Prilex has gone even further.

Security experts wondered whether Prilex was able to capture data coming from NFC enabled credit cards.

Recently, during an incident response for a customer affected by Prilex, Kaspersky researchers uncovered three new modifications with the power to block contactless payment transactions, that become extremely popular during and after pandemics.

Contactless payment systems such as credit and debit cards, key fobs, and other smart devices, including mobile devices have traditionally featured radio-frequency identification (RFID). More recently, Samsung Pay, Apple Pay, Google Pay, Fitbit Pay and mobile bank applications have implemented near-field communication (NFC) technologies to support secure contactless transactions.

Contactless payments (credit cards) offer a convenient and secure way to make payments without the need to physically touch, insert or swipe the card. However, Prilex has learned to block such transactions by implementing a rule-based file that specifies whether or not to capture credit card information, and an option to block NFC-based transactions.

Because NFC-based transactions generate a unique card number valid for only one transaction, if Prilex detects an NFC-based transaction and blocks it, the PIN pad will show the following message:

The cybercriminal’s goal is to force the victim to use his/her physical card by inserting it into the PIN pad reader, so the malware can capture data coming from the transaction, using every way available for Prilex, such as manipulating cryptograms to perform GHOST attacks. Another new feature added to the latest Prilex samples is the possibility to filter credit cards according to their segment, and create different rules for different segments. For example, they can block NFC and capture card data, only if the card is Black/Infinite, Corporate or other with high transaction limit, which is much more attractive than standard credit cards, with low balance/limit.

Prilex has been operating in LatAm region since 2014 and is allegedly behind one of the largest attacks in the region. During the Rio carnival in 2016, the actor cloned more than 28,000 credit cards and drained more than 1,000 ATMs in Brazilian banks.

Now, it has expanded its attacks globally. It was spotted in Germany in 2019 when a criminal gang cloned Mastercard debit cards issued by German bank OLB and withdrew more than €1.5 million from around 2,000 customers.

As for the recently discovered modifications, they have been detected in Brazil – however, they may spread to other countries and regions as well. Expansion of Prilex into other regions, including the Middle East, Turkiye and Africa, is possible in the coming months.

“Contactless payments are now a part of our everyday life and the statistics shows the retail segment dominated the market with more than 59 percent share of the global contactless revenue in 2021. Such transactions are extremely convenient and particularly safe, so it’s logical for cybercriminals to create malware that blocks NFC-related systems. As the transaction data generated during contactless payment is useless from a cybercriminal’s perspective, it’s understandable that Prilex needs to prevent contactless payment to force victims to insert the card into the infected PoS terminal,” comments Fabio Assolini, head of the Latin American Global Research and Analysis Team (GReAT) at Kaspersky.