The US Secret Service today issued an advisory warning of a growing wave of incidents exploiting vulnerabilities in the account provisioning and verification processes in near-field communication (NFC)-based mobile payments.
"Specifically, criminals are using stolen identity information (e.g., credit reports, tax records, healthcare and employee records that contain personally identifiable information) to establish fake accounts on NFC devices and make illicit transactions both online and at 'brick and mortar' retailers. Over the last several months, perpetrators have conducted numerous fraudulent transactions using this particular method of exploitation affecting many high-end retailers and banking institutions across the Northeastern portions of the United States," the agency said today in its advisory, issued in conjunction with the Payment Card Industry (PCI) Security Standards Council.
The Secret Service says banks and credit unions can help prevent phony payment credential use by tightening the process of verifying payment.
Read the full advisory here.