Europol Warns Of Gangs Making Fake Android Mobile Payments

Europol has warned of an emerging threat from Android-based smartphones because criminal gangs are said to be able to carry out fraudulent mobile payments on the mobile operating system.

The increasing use of contactless NFC based payment systems on smartphones has prompted many experts over the years to warn of their potential security risks. And now it seems that the criminal underground has caught up.

Cyber Risks

The warning came in Europol’s annual Internet Organised Crime Threat Assessment report, which highlighted a raft of cyber threats at the moment.

The report said that NFC-based payment fraud was a growing problem.

“EMV (i.e. chip and PIN), geo-blocking and other industry measures continue to erode card-present fraud within the EU, but logical and malware attacks directly against ATMs continue to evolve and proliferate,” it said. “Organised crime groups are starting to manipulate or compromise payments involving contactless (NFC) cards.”

“The relentless growth of cybercrime remains a real and significant threat to our collective security in Europe,” said Europol’s Director Rob Wainwright. “Europol is concerned about how an expanding cybercriminal community has been able to further exploit our increasing dependence on technology and the Internet.”

“2016 has seen the further evolution of established cybercrime trends,” said the head of the European Cybercrime Centre, Steven Wilson. “The threat from ransomware has continued to grow and has now expanded into sectors such as healthcare. Europol has also seen the development of malware targeting the ATM network, impacting cash services worldwide.”

Android NFC

Aside from the usual cyber threats, the report also highlighted the risks to financial transactions, particularly those involving Android smartphones.

“As the financial institutions increasingly issue EMV cards to their respective card bases, we can expect US merchants to be fully EMV compliant within two years,” said the report. “This will likely push card-present fraud to other jurisdictions or make criminals turn to CNP in search of the path of least resistance. However, this also increases the risk of attacks on the EMV technology,
so further innovations are needed to keep that platform secure.”

It then highlighted the problem with NFC transactions.

“The possibility of compromising NFC transactions was explored by academia years ago and it appears that fraudsters have finally made progress in the area,” said Europol. “Several vendors in the Darknet offer software that uploads compromised card data onto Android phones in order to make payments at any stores accepting NFC payments.”

“Moreover, at least one Member State reports instances of organised criminal gangs using contactless cards purchased from individuals who then report the card as lost,” said the report.

Android Pay

The criminals were able to reset the cards once they had reached the purchase limit thereby allowing continued spending,” said Europol. “Fraudulent use of NFC payments would have a number of unexpected consequences including the inability of merchants to confiscate the compromised card.”

“Currently, when merchants detect a fraudulent transaction they are requested to seize the card,” it said. “However, the confiscation may not be feasible when the compromised card data are recorded on the buyer’s smartphone.”

Europol’s concern at Android-based NFC fraud comes because Android handsets allow third-party apps to use its NFC chip.

Apple on the other hand prevents other apps from using its NFC chip, as it wants iPhone users to be locked into only using its Apple Pay system.

And the problem could only get worse, with research pointing out that the use of mobile contactless payments is set to surge in the UK.

Earlier this month Android Pay was adopted by NatWest, Santander, RBS and Ulster Bank. Indeed, aside from TSB and Barclays, all of the UK’s major banks now accept Android Pay.

Are you a mobile payments aficionado? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Jarvis AI Extension Leaked On Chrome Store

Seemingly accidental leak reveals Google is developing Jarvis AI extension that can browse the web…

1 day ago

Amazon Mulls New Multi-Billion Dollar Investment In Anthropic – Report

Amazon is reportedly in talks to pump billions of dollars more into AI start-up Anthropic,…

1 day ago

FTX’s Caroline Ellison Begins Her Two Year Prison Sentence

Star witness for the US prosecution of FTX founder Sam Bankman-Fried, has begun her two…

1 day ago

More Layoffs For iRobot Staff After Abandoned Amazon Deal

After axing 31 percent of its workforce when it failed to be acquired by Amazon,…

2 days ago

Mozilla Foundation Confirms Layoffs, Eliminates Advocacy Division

Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…

2 days ago

Google To Make MFA Mandatory Next Year

Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…

2 days ago