Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Digital payment system. Show all posts
technology
Apple Pay Bank Digital payment system Ghost Tap Google Pay payment scams technology

Experts Say ‘Ghost Tapping’ Payment Scams Are Uncommon, But Consumers Should Still Stay Alert

 










As contactless payment systems become increasingly common at stores, public events, and seasonal markets, cybersecurity and payment security experts are reminding consumers to remain aware of how digital transactions work and to regularly monitor their financial activity. The warning follows growing discussions around so-called “ghost tapping” scams, a term used to describe situations where a payment could allegedly be processed through a smartphone’s tap-to-pay feature without the owner intentionally authorizing the transaction.

Despite online concern surrounding the issue, consumer protection specialists say incidents involving “ghost tapping” remain highly uncommon. Erin McGovern, a consumer protection official who has been monitoring complaints linked to the scam, said her organization has received fewer than 10 reports connected to these cases so far. However, she cautioned that risks associated with payment fraud may become more noticeable during busy shopping periods such as holiday markets, craft fairs, and seasonal events where large numbers of people rely on mobile payment systems for convenience.

At these public events, many vendors use portable payment terminals that allow customers to quickly complete purchases using smartphones or digital wallets instead of physical cash or bank cards. McGovern explained that while the speed and convenience of tap-to-pay technology make shopping easier, consumers should still remain careful about confirming the exact amount being charged before approving any transaction. She noted that shoppers sometimes become distracted in crowded environments, making it easier to overlook suspicious activity or incorrect payment totals.

The discussion around “ghost tapping” has raised concerns online because many consumers are unfamiliar with the technical limitations of contactless payment systems. Security specialists explain that tap-to-pay technology operates through Near Field Communication, commonly known as NFC. This wireless communication technology allows devices such as smartphones, smartwatches, and payment terminals to exchange encrypted payment information when placed extremely close together.

According to payment security experts, NFC technology only functions across a very short range, typically four centimeters or less. Michael Jabbara, Senior Vice President and Head of Payment Ecosystem Risk and Control at Visa, explained that the required distance is approximately the size of a small paper clip. Because of this limitation, an individual attempting to secretly trigger a payment would need to move unusually close to another person’s phone or pocket.

Jabbara stated that most people would naturally notice if someone entered their personal space to that extent. For that reason, experts say it would be highly difficult for a scammer to perform an unauthorized tap-to-pay transaction without drawing attention. While researchers acknowledge that such activity may be technically possible under certain conditions, they emphasize that it would be extremely unusual for it to happen without the victim becoming aware of suspicious behavior.

Still, cybersecurity professionals say the conversation surrounding “ghost tapping” highlights a broader and more realistic concern: many consumers fail to regularly review their banking activity or payment notifications. According to Jabbara, fraudsters often depend on victims ignoring account activity until the end of the month or waiting several weeks before reviewing statements. This delay can allow unauthorized purchases to remain undetected long enough for scammers to continue exploiting stolen payment information.

Financial security experts recommend reviewing banking applications, credit card activity, and digital wallet transactions frequently instead of waiting until a dispute becomes necessary. Early detection of suspicious purchases significantly increases the chances of stopping additional fraudulent activity and recovering lost funds.

Consumer protection authorities also note that individuals who believe they were targeted by payment fraud can dispute unauthorized charges directly with their bank or credit card provider. In some cases, victims may also submit formal complaints to their local attorney general’s office or consumer protection agencies for further investigation.

However, specialists say prevention remains the most effective defense against digital payment scams. One of the strongest recommendations from payment security experts is enabling instant transaction alerts through banking and credit card applications. Many financial institutions already use automated fraud-detection systems that analyze unusual spending behavior and risk patterns before approving transactions. Even so, transaction alerts provide another important layer of protection by notifying users immediately whenever money is spent through their account.

These notifications can help consumers quickly identify purchases linked to unfamiliar merchant names, unexpected locations, or payment amounts they did not approve. Experts say immediate awareness often prevents fraud from escalating into larger financial losses.

Another important safety measure is always requesting a receipt after making a purchase. Receipts serve as proof of payment and can become important evidence if consumers later need to challenge suspicious charges with their bank or payment provider. McGovern warned that vendors refusing to provide receipts or claiming that their payment system is suddenly malfunctioning could represent a potential warning sign of fraudulent behavior.

Cybersecurity analysts additionally point out that modern digital wallet systems, including services such as Apple Pay and Google Pay, already contain multiple layers of security protection. These systems rely on technologies such as tokenization and encryption, which help prevent actual card numbers from being directly exposed during transactions. Instead of transmitting sensitive banking details, digital wallets generate encrypted payment tokens designed to reduce the likelihood of financial data theft.

Although security protections built into modern payment platforms have substantially reduced many traditional forms of card fraud, experts caution that scammers continuously adapt their tactics as digital payment technology evolves. For that reason, cybersecurity professionals stress that awareness, regular account monitoring, transaction alerts, and cautious payment habits remain essential safeguards for consumers using contactless payment systems.

Read more »
Online Payments
Blockchain Blockchain Payments Blockchain Technology Cyber Security Digital Payment Digital payment system Online Payments

How HesabPay and Algorand Are Enabling Humanitarian Aid and Financial Inclusion in Afghanistan

A sudden shift unfolded across Afghanistan once American and NATO troops left in August 2021. Power structures backed by Washington vanished almost overnight; chaos spread quickly through regions. Instead, authority shifted back into the hands of the Taliban - two decades after their last rule ended. Hardship deepened ever since, turning daily life into struggle for millions. Among the worst humanitarian emergencies today, the nation battles crippling poverty, hunger that reaches far, along with frozen financial systems. 

Right now, about 97 out of every 100 people in Afghanistan survive on less than what is considered a basic living standard. Close to twenty million individuals - half the country's residents - face severe shortages in reliable access to meals, reports the UN’s food aid agency. Over a million kids younger than five endure ongoing lack of proper nutrition, their growth stunted by months without balanced diets. While some manage to stay alive, future well-being frequently remains compromised due to lasting physical strain. When circumstances reach this level, outside help isn’t just helpful - it becomes something people depend on simply to continue breathing. 

Hardship deepens as economic strains mount. Drought drags on, world food costs climb, while aid linked to departing troops vanishes overnight - wrecking ways people earn a living. Few jobs exist; instead, each day brings another test just to stay alive for countless Afghan families. 

With sanctions in place, overseas funds locked up, banks barely functioning, yet cash hard to find, money flows have shrunk sharply nationwide. Because of these pressures, large numbers rely on support from global bodies like the WFP, UNICEF, along with key NGOs. Even so, amid ongoing challenges, a local tech venture named HesabPay introduced a digital payment system using Algorand's blockchain, aiming to send assistance straight to people. 

A digital form of the Afghan Afghani, supported by real money held in bank accounts, is released by HesabPay. Built on the Algorand blockchain, it handles transfers efficiently. Even without smartphones, people move money thanks to compatibility with basic handsets. Payments happen daily - for food, phone credit, power charges - without delays. Changing paper notes into electronic value takes place at local centers run by HesabPay. These spots stretch across every province, reaching distant regions others miss. Access stays open regardless of location because of this spread. 

A single QR card connects each user to their account, helping those without phones join easily. When someone pays, shops scan the code while confirmation comes via text message - no tech skills needed. Backing it up, checks grow stricter step by step: identity verified, banned parties screened, transactions watched using shared ledger tracking to block fraud before it spreads. With a network now reaching 400,000 individuals and 3,000 businesses across the country, HesabPay has handled close to 4.5 million transactions so far. 

Running on Algorand’s blockchain technology, it keeps transaction costs minimal - often zero - for consumers at storefronts. When assistance flows straight into the hands of women, results shift noticeably; household stability strengthens, community wellbeing rises. Efficiency isn’t the only outcome here. 

Now imagine a tool that quietly reshapes aid delivery - HesabPay does exactly that by using blockchain to build systems that grow easily, stay clear, and include more people. Where banks vanish or never existed, alternatives like this prove digital setups can reopen doors to basic needs while returning respect to those often left behind.
Read more »
Payment Fraud
Digital payment system Fake Apps Google Play Store Malware in Google Play Mobile Security Mobile Security News Payment Fraud

Japanese Payment System Attacked By Fake Security App

A new malware has been observed by the Research team at McAfee Corp. This malware is found to be attacking NTT DOCOMO customers in Japan. 

The malware that is distributed via the Google Play Store pretends to be a legitimate mobile security app, but in reality, it is a fraud malware designed to steal passwords and abuse reverse proxy focusing on NTT DOCOMO mobile service customers. 

The McAfee Cell Analysis team informed Google regarding the notoriety of the malware. In response, Google has made the application unavailable in Google Play Store and removed known Google Drive files that are associated with the malware. In addition to this, Google Play Shield has now alerted the customers by disabling the apps and displaying a warning. 

The malware publishes malicious fake apps on Google Play Store with various developer accounts that appear like some legitimate apps. According to a tweet by Yusuke Osumi, a Security Researcher at Yahoo, the attacker lures the victims into installing the malware in their systems by sending them an SMS message with a Google Play Store link, reportedly sent from overseas. Additionally, they entice the users by displaying a requirement to update their security software. 

This way, the victim ignorantly installs the fraudulent app from Google Play Store and ends up installing the malware. The malware asks the user for a community password but cleverly enough, it claims the password is incorrect, so the user has to enter a more precise password. It does not matter if the password is incorrect or not, as this community password can later be used by the attacker for the NTT DOCOMO fee services and gives way to online funds. 

Thereafter, the malware displays a fake ‘Mobile Security’ structure on the user’s screen; the structure of this Mobile Security structure interestingly resembles that of an outdated display of McAfee cell security. 

How does the malware function

A native library called ‘libmyapp.so’ written in Golang, is loaded through the app execution. When the library is loaded, it attempts to connect with C&C servers utilizing an Internet Socket. WAMP (Internet Software Messaging Protocol) is then employed to speak and initiate Distant Process Calls (DPC). When the link is formulated, the malware transmits the community data and the victim’s phone number, registering the client’s procedural commands. The connection is then processed when the command is received from the server like an Agent. Wherein, the socket is used to transmit the victim’s Community password to the attacker, when the victim enters his network password in the process.

The attacker makes fraudulent purchases using this leaked information. For this, the RPC command ‘toggle_wifi’ switch the victim’s Wi-Fi connection status, and a reverse proxy is provided to the attacker through ‘connect_to’. This would allow connecting the host behind a Community Handle Translation (NAT) or firewall. With the help of a proxy, now the attacker can ship by request through the victim’s community network. 

Along with any other methods that the attackers may use, the malware can also use reverse proxy to acquire a user’s mobile and network information and implement an Agent service with WAMP for fraudulent motives. Thus, it is always advised by Mobile Security Organizations to be careful while entering a password or confidential information into a lesser-known or suspicious application.

Read more »
UPI
Digital payment system Technology UPI

UPI Turns Webless

 

While UPI has grown in popularity since its inception in 2016, it has yet to reach rural areas where smartphone ownership is low and internet access is spotty. Volumes should increase as more low-cost handsets connect to the UPI system, promoting financial inclusion. 

This could be India's Unified Payments Interface's next great step (UPI). Governor of the Reserve Bank of India Shaktikanta Das introduced UPI123Pay, a digital software that allows users of feature phones to send money, on Tuesday. They will be equipped to do almost everything that smartphone users can on this payment platform, with the exception of scan-and-pay. There is no need for an internet connection. 

All that is required is a feature phone connected to a bank account, and funds can be transmitted to any other UPI user without the usage of a credit card. This should significantly boost the use of India's proprietary platform for cashless transactions. 

UPI transfers have already increased as a result of the pandemic, with over 4.5 billion worth over $8.3 trillion reported in February, up from just over 1.3 billion worth 2.2 trillion two years ago. The tally is expected to rise.
Read more »
Line Pay
Data Breach data security Data threats Digital payment system GitHub Line Pay

LINE Pay leaked 133,000 Users' Data to GitHub

Yesterday, digital messaging and payment facility platform ‘LINE Pay’ – released a statement in which it said that around 133,000 clients’ payment data was erroneously published on GitHub between September and November this year. The incident affected more than 51,000 Japanese users and around 82,000 Taiwanese and Thai users.

Data detailing individuals in a LINE Pay promotional program that was organized between late December 2020 and April 2021 was accidentally uploaded to the collaborative coding crèche by an employee. After the attack findings, the company has notified its customers and the fintech division of the company has issued an official apology letter and assured its users of future protection. 

The data that has been leaked includes the time, date, amount of transactions, and user and franchise store identification numbers. However, telephone, addresses, credit card, and bank account numbers were not leaked, the names of the customers and other credentials could be accessed with little effort. 

Additionally, many political figures and dignitaries stopped using this app since the July 2021 cyberattack. Also, Japanese government officials have stopped using this app when it was discovered that important information was being leaked to China. Prior to the discovery, Japan extensively used this communication app for many regional official communications. 

GitHub--headquartered in California, USA, has been a subsidiary of Microsoft since 2018. The platform is commonly used for organizing open-source projects for software development (As of November 2021, GitHub reports having over 73 million developers). It provides the distributed version control and source code management (SCM) functionality of Git and its own factors. Besides the aforementioned, it also offers access control and several collaboration features such as feature requests, bug tracking, task management, continuous integration, and wikis for every project.
Read more »
Subscribe to: Posts (Atom)