- Stolen payment card data is fueling ghost tapping fraud worldwide
- Burner phones are turning identity theft into organized retail scams
- Luxury goods bought with ghost tapping are quickly resold online
Digital payment services have long promised speed and ease, but the same systems are increasingly being manipulated for fraud.
Recorded Future’s Insikt Group researchers are now warning a new wave of fraud known as “ghost-tapping” has been spreading quickly across Southeast Asia and beyond since 2020.
The method allows scammers to load stolen payment details onto burner phones, which are then used for retail fraud.
How ghost-tapping works
Ghost-tapping relies on stolen payment card data, often gathered through phishing, social engineering, or mobile malware.
Once the information is taken, criminals bypass security by intercepting one-time passwords sent to victims, and then upload the stolen data to mobile wallets linked to contactless services such as Apple Pay or Google Pay.
Syndicates can use burner phones to make purchases in stores or even withdraw money from ATMs.
The process shows parallels with identity theft, where personal and financial data is exploited for profit.
Recorded Future’s Insikt Group says it has observed organized groups distributing not only phones but also software that can relay card details across devices.
This enables a network of mules who present themselves as ordinary shoppers or tourists, purchasing high-value goods such as jewelry or mobile phones, which are later resold through underground Telegram channels.
After a security clampdown on Telegram channels, syndicates shifted operations to alternatives such as Xinbi Guarantee and Tudou Guarantee, which continue to facilitate ghost-tapping deals.
According to the researchers, the high volume of ads and mule recruitment on these platforms suggests that many goods circulating in these markets originate from ghost-tapping.
This campaign is persistent, and even after several arrests of Chinese and Taiwanese nationals in Singapore in 2024, the decentralized nature of Telegram-based trading makes disruption difficult.
Ghost-tapping has wide implications for retail, banks, and payment providers.
Because many stores lack strict Know-Your-Customer checks, fraud is difficult to spot at the point of sale.
Insurance companies are also exposed to the fallout of unauthorized transactions.
In Singapore alone, police recorded hundreds of incidents of phished card data tied to mobile wallets, leading to millions in losses.
The United Nations Office on Drugs and Crime has described ghost-tapping as part of a larger professionalization of scamming in the region.
“The convergence between the acceleration and professionalization of these operations on the one hand and their geographical expansion into new parts of the region and beyond on the other translates into a new intensity in the industry – one that governments need to be prepared to respond to,” Benedikt Hofmann, UNODC acting regional representative for Southeast Asia and the Pacific, said at the time.
How to stay safe
- Implement multi-factor authentication to strengthen protection against unauthorized use of payment credentials.
- Rely on reputable security suites and properly configured firewalls to mitigate phishing and malware threats before data is stolen.
- Maintain vigilance when entering financial details online to avoid exposing sensitive information to fraudulent sites.