Europol Warns Of Gangs Making Fake Android Mobile Payments

Europol has warned of an emerging threat from Android-based smartphones because criminal gangs are said to be able to carry out fraudulent mobile payments on the mobile operating system.

The increasing use of contactless NFC based payment systems on smartphones has prompted many experts over the years to warn of their potential security risks. And now it seems that the criminal underground has caught up.

Cyber Risks

The warning came in Europol’s annual Internet Organised Crime Threat Assessment report, which highlighted a raft of cyber threats at the moment.

The report said that NFC-based payment fraud was a growing problem.

“EMV (i.e. chip and PIN), geo-blocking and other industry measures continue to erode card-present fraud within the EU, but logical and malware attacks directly against ATMs continue to evolve and proliferate,” it said. “Organised crime groups are starting to manipulate or compromise payments involving contactless (NFC) cards.”

“The relentless growth of cybercrime remains a real and significant threat to our collective security in Europe,” said Europol’s Director Rob Wainwright. “Europol is concerned about how an expanding cybercriminal community has been able to further exploit our increasing dependence on technology and the Internet.”

“2016 has seen the further evolution of established cybercrime trends,” said the head of the European Cybercrime Centre, Steven Wilson. “The threat from ransomware has continued to grow and has now expanded into sectors such as healthcare. Europol has also seen the development of malware targeting the ATM network, impacting cash services worldwide.”

Android NFC

Aside from the usual cyber threats, the report also highlighted the risks to financial transactions, particularly those involving Android smartphones.

“As the financial institutions increasingly issue EMV cards to their respective card bases, we can expect US merchants to be fully EMV compliant within two years,” said the report. “This will likely push card-present fraud to other jurisdictions or make criminals turn to CNP in search of the path of least resistance. However, this also increases the risk of attacks on the EMV technology,
so further innovations are needed to keep that platform secure.”

It then highlighted the problem with NFC transactions.

“The possibility of compromising NFC transactions was explored by academia years ago and it appears that fraudsters have finally made progress in the area,” said Europol. “Several vendors in the Darknet offer software that uploads compromised card data onto Android phones in order to make payments at any stores accepting NFC payments.”

“Moreover, at least one Member State reports instances of organised criminal gangs using contactless cards purchased from individuals who then report the card as lost,” said the report.

Android Pay

The criminals were able to reset the cards once they had reached the purchase limit thereby allowing continued spending,” said Europol. “Fraudulent use of NFC payments would have a number of unexpected consequences including the inability of merchants to confiscate the compromised card.”

“Currently, when merchants detect a fraudulent transaction they are requested to seize the card,” it said. “However, the confiscation may not be feasible when the compromised card data are recorded on the buyer’s smartphone.”

Europol’s concern at Android-based NFC fraud comes because Android handsets allow third-party apps to use its NFC chip.

Apple on the other hand prevents other apps from using its NFC chip, as it wants iPhone users to be locked into only using its Apple Pay system.

And the problem could only get worse, with research pointing out that the use of mobile contactless payments is set to surge in the UK.

Earlier this month Android Pay was adopted by NatWest, Santander, RBS and Ulster Bank. Indeed, aside from TSB and Barclays, all of the UK’s major banks now accept Android Pay.

Are you a mobile payments aficionado? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

More Layoffs For iRobot Staff After Abandoned Amazon Deal

After axing 31 percent of its workforce when it failed to be acquired by Amazon,…

6 hours ago

Mozilla Foundation Confirms Layoffs, Eliminates Advocacy Division

Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…

7 hours ago

Google To Make MFA Mandatory Next Year

Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…

8 hours ago

UK Government Launch AI Safety Platform For Businesses

New AI assurance platform from UK government will help businesses ensure they can safely develop…

9 hours ago

Australia Plans Social Media Ban For Children Under 16

Protecting kids? Australian government confirms plan to implement restriction on social media for children under…

11 hours ago

Canada Orders Shutdown Of TikTok’s Canadian Business

Canada ordered China's TikTok business in the country to be dissolved over national security risks,…

12 hours ago