Contactless payments have become a convenient staple for modern consumers, but a new scam known as “ghost tapping” is introducing a serious risk. This scheme targets individuals who regularly use Tap to Pay or mobile wallet transactions. Scammers may attempt unauthorized Tap to Pay charges by getting extremely close to a victim with a concealed NFC reader. NFC requires very short-range proximity, typically one to four centimeters.
In this post, we’ll explore some of the most common merchant services scams, so you know how to identify and avoid them.
Key Takeaways
- Ghost tapping is a sophisticated form of fraud that exploits contactless technology to steal funds.
- Ghost tapping can occur without the victim handing over their card, but it still requires the card or phone to be brought extremely close to a fraudulent NFC reader.
- A responsive staff, real-time account monitoring, and fraud detection tools can go a long way toward combating ghost tapping.
What Is Ghost Tapping?
Ghost tapping is a type of fraud that allows scammers to wirelessly attempt unauthorized contactless transactions without ever handling a customer’s card. By exploiting near-field communication (NFC) technology, the same system that powers contactless payments and Tap to Pay transactions, fraudsters can initiate unauthorized charges.
“Ghost tapping requires no physical contact, unfortunately. They can just be in the area, you know, maybe a couple of feet away.” – Jason Meza, Senior Director of Communications for the Better Business Bureau[1]Fox7 Austin. “BBB Warns of ‘Ghost-Tapping’ Scam, Which Triggers Contactless Charges Through Tap-to-Pay.” Accessed November 28, 2025.
Consumers are particularly vulnerable in crowded public settings such as pop-ups, markets, or craft fairs, where many devices are in close proximity. According to the Better Business Bureau (BBB), scammers have developed new tactics to exploit unsuspecting consumers in public settings.[2]Better Business Bureau. “BBB Scam Alert: How to Spot and Avoid Tap-to-Pay Scams.” Accessed November 28, 2025. Some common schemes include:
- Getting Close in Crowded Spaces: Fraudsters may brush past individuals while attempting to access their tap-enabled cards or mobile wallets.
- Impersonating Vendors: At markets, festivals, or other events, scammers might pose as legitimate sellers and request tap payments.
- Charity Scams: Small donation requests can be a ruse to charge much larger amounts to a victim’s card.
- Rushing Transactions: Scammers rely on consumers tapping quickly without verifying the merchant name or transaction amount.
Why Ghost Tapping Is a Threat to Merchants
With the growing use of smartphones and wireless payment methods, ghost tapping poses serious risks to merchants, not just consumers. During Mastercard’s 2024 Q3 earnings report, it was noted that contactless payments represent 70% of in-person transactions.[3]PYMNTS. “Mastercard: Contactless Payments Now 70% of Face-to-Face Transactions.” Accessed November 28, 2025. As more transactions rely on NFC-enabled cards and mobile wallets, businesses must be vigilant in protecting both themselves and their customers from this emerging form of fraud.
While the merchant isn’t the one initiating these charges, the fallout often lands on their business. This can include customer disputes, chargebacks, and reputational damage when victims assume the transaction came from the merchant’s terminal.
Merchants operating in public, high-traffic environments face even higher exposure, especially when accepting contactless payments without additional security measures. For example, conducting a contactless transaction in a crowded setting can make it easier for scammers to get close enough to trigger unauthorized taps nearby.
How Ghost Tapping Scams Work
Ghost tapping exploits the way NFC-based payments are designed to function. Typically, a contactless payment requires a card or mobile wallet to be placed within a very short range, usually one to four centimeters, of a payment terminal. Fraudsters exploit this by using their own NFC-enabled device to mimic a legitimate payment terminal.
Here’s how ghost tapping works behind the scenes:
- The scammer uses an NFC reader disguised as a normal device. Fraudsters can easily run readily available apps or hardware that mimic a point-of-sale terminal. When the device gets close enough to a victim’s tap-enabled card or phone, it can attempt to “pull” payment information or trigger a transaction.
- They rely on close proximity, often without the victim noticing. Because NFC only works at an extremely short range, scammers position themselves very close to the target. This is why crowded environments (festivals, markets, transit, pop-ups) are ideal. A bump, a brush past someone, or even standing shoulder-to-shoulder can bring the card or phone close enough for the fraudulent terminal to activate.
- The fraudulent device sends a small authorization request. Instead of charging a large amount, which would raise alarms, ghost tappers typically run small transactions that fall under the “no CVM” threshold (no signature or PIN required). Many cards automatically approve these small tap transactions to keep checkout fast.
- The victim’s issuing bank sees the request as a normal contactless payment. Because the transaction looks legitimate (NFC, card-present, authenticated by proximity), banks often process it without additional verification. That means the merchant or customer may not realize anything is wrong until later.
- In some variations, scammers pose as merchants. Sometimes the scammer directly interacts with the victim, pretending to accept a payment, offering a donation option, or operating a fake booth. The victim believes they are approving a small amount, but the scammer’s device is programmed to charge more or process additional transactions after the interaction.
Red Flags and Signs of Ghost Tapping in Your Store
As a merchant, you can take proactive steps to spot potential ghost tapping activity in your environment. By monitoring these red flags, you can prevent fraud, protect customer trust, and respond quickly if ghost tapping occurs. Some warning signs include:
- Irregular Transaction Patterns: A sudden spike in failed or unusual transactions, or multiple small declines, may signal that a nearby device is attempting unauthorized taps.
- Suspicious Activity Near Terminals: Individuals standing unusually close to customers or your payment devices, or repeatedly brushing against devices, may be attempting to exploit NFC payments.
- Unexplained Customer Complaints: Multiple reports of unexpected charges from customers who recently visited your store or booth could indicate ghost tapping occurring nearby.
Did you know…
According to Newsweek, reports collected through the BBB Scam Tracker have highlighted several instances of ghost tapping. In one case, a scammer posing as a charity vendor accepted only Tap to Pay transactions and then charged victims’ accounts without authorization, with amounts ranging from $537 to $1,100.[4]Newsweek. “‘Ghost Tapping’: What to Know About New Scam Warning.” Accessed November 28, 2025.
How to Prevent Ghost Tapping as a Merchant
This year, Visa announced a worldwide 200% YOY increase in Tap to Pay adoption.[5]Visa. “Visa Tap to Phone Adoption Soars: 200% Year.” Accessed November 28, 2025. As more merchants adopt contactless payments to keep up with growing consumer demand, the risk of ghost tapping also rises. Fortunately, there are numerous security measures available to protect your business, including real-time monitoring, fraud detection services, and two-factor authentication.
Secure Your Payment Terminals
Merchants should consider using NFC readers with advanced encryption to reduce the risk of unauthorized activity. It also helps to disable Tap to Pay functions when they are not needed, such as outside business hours.
Train Your Staff
While no business is immune to scams, a well-trained and discerning staff will offer a considerable layer of protection. Ensure that your employees are well-trained and equipped to identify ghost tapping scams in their tracks.
Implement Layered Authentication
Setting up two-factor authentication (2FA) for mobile wallets is one way to protect yourself against ghost tappers. Unless these scammers can retrieve the confidential information used to secure an account via 2FA, they will not be able to access the account’s funds.
Monitor Transactions in Real-Time
Check your accounts regularly and set up monitoring tools (transaction alerts, analytics, etc.) to stay up-to-date on all account activity.
What to Do If You Suspect Ghost Tapping at Your Business
If you believe your business may have been targeted by ghost tapping, taking swift action is key to minimizing damage. Taking these steps promptly not only helps protect your business financially but also reinforces your reputation as a secure, trustworthy merchant.
- Notify your bank and payment processor immediately. Provide all relevant details so they can thoroughly investigate and assist in reversing fraudulent charges.
- Communicate with impacted customers. Prompt, transparent communication builds trust and helps resolve disputes quickly.
- Report the incident to the authorities. File reports with the Better Business Bureau, local law enforcement, or other regulatory bodies to help prevent fraud from affecting others.
- Review and strengthen your security measures. Use this incident as an opportunity to evaluate your payment setup, train staff, and implement additional safeguards to reduce future risk.
Because smartphones and tablets can now function as fully capable NFC point-of-sale devices, it’s important for merchants to stay vigilant. The same accessibility that makes mobile POS tools convenient for legitimate businesses also makes it easier for scammers to use similar devices in ghost tapping schemes, especially in crowded environments.
How Kurv Protects Merchants from NFC Payment Fraud
Kurv’s Tap to Pay solutions leverage end-to-end encryption to secure data in transit, tokenization to replace sensitive card details with single-use credentials, and real-time sales tracking to give merchants continuous insight into transaction patterns. Together, these layers provide a robust defense against fraud while maintaining a seamless checkout experience.
Stay Ahead of Payment Scams
Not long ago, contactless payments felt like the cutting edge of commerce. Today, they’re an everyday expectation for both merchants and consumers. But as payment habits change, scammers are quick to adapt. Ghost tapping is one of the latest tactics targeting this shift.
Kurv strengthens your payment systems with advanced fraud detection and NFC security designed to block these emerging threats. Staying ahead of ghost tappers means staying informed, recognizing how new scams operate, and implementing the proper protections to safeguard your business and customers.
Ready to Grow Your Business?
Apply and start accepting payments within a day
Frequently Asked Questions
What is the ghost tapping scam and how does it work for merchants?
Ghost tapping is a new scam that enables fraudsters to steal information without direct access to a merchant’s card. This is accomplished by exploiting NFC technology. Merchants can be especially vulnerable to this form of fraud if, for instance, they are initiating a contactless sale at a crowded public venue, such as a pop-up or a craft fair.
Can merchants be responsible for ghost tapping scams?
Even though merchants aren’t the ones causing these unauthorized charges, they may still face the consequences, including customer disputes, chargebacks, and reputational damage if victims believe the transaction came from the merchant’s terminal.
How do I disable or limit tap‑to‑pay features on POS or cards to reduce risk?
Merchants looking to protect themselves against ghost tapping should limit Tap to Pay purchases in crowded or public places.
What devices or settings can block ghost tapping for merchants (and their terminals)?
Merchants looking to secure their contactless cards may look into RFID (radio frequency identification) blocking.[6] Norton. “RFID Blocking: What It Is, How It Works, and Why You May Need It.” Accessed November 28, 2025. . When implemented correctly, RFID obstructs electromagnetic fields to protect the privacy of your preferred contactless payment method.
What should a merchant do if they suspect a ghost tapping incident has occurred?
Merchants who suspect they have fallen prey to ghost tapping should report the scammers to their banks, the BBB, and their payment processor.
Are there any U.S. regulations or standards merchants should know regarding contactless fraud like ghost tapping?
The Electronic Funds Transfer Act, passed by Congress in 1978, is designed to protect consumers engaged in electronic fund transfers. This includes everything from ACH systems to POS terminals. The act defines an “unauthorized electronic funds transfer” as any instance in which a malicious third party initiates or approves a payment from a consumer’s account without the consumer’s consent.[7]Federal Reserve Board. “Electronic Fund Transfer Act.” Accessed November 28, 2025. Specific regulations related to contactless pay vary by state.
How will emerging contactless payment trends affect ghost tapping risk for merchants in the future?
According to a 2024 PYMNTS report, 79% of Generation Z consumers are avid digital wallet users.[8]PYMNTS. “GenZ Loves Their Digital Wallets.” Accessed November 28, 2025. Any affected demographic is encouraged to stay informed about all industry developments to best protect themselves.
