US Secret Service Joint Advisory Bulletin: Mobile Payment System Vulnerability
Growing Criminal Exploitation of Provisioning in Mobile Payments
The Secret Service has observed a steady increase in criminals exploiting vulnerabilities in the account provisioning and verification process for near field communication (NFC) payments to commit fraud. Specifically, criminals are using stolen identity information (e.g., credit reports, tax records, healthcare and employee records that contain personally identifiable information) to establish fake accounts on NFC devices and make illicit transactions both online and at “brick and mortar” retailers. Over the last several months, perpetrators have conducted numerous fraudulent transactions using this particular method of exploitation affecting many high-end retailers and banking institutions across the Northeastern portions of the United States.