Published: July 18, 2025
Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.
Featured Cyber Threat — Near Field Communication (NFC) Relay Attack
Cybercriminals are now exploiting the convenience of contactless payments through a scheme known as a near field communication (NFC) relay attack. These attacks allow them to make unauthorized purchases or withdrawals by secretly capturing and relaying card or mobile wallet information without stealing the physical card or phone. Recent findings from Visa and cybersecurity firms show that this type of threat is rising, and both businesses and customers that use contactless payments are increasingly affected.
What Is an NFC Relay Attack?
An NFC relay attack is a type of digital pickpocketing where two attacker devices work together. Typically, one device is secretly placed near a person—such as in a bag or pocket—to capture the tap signal from a payment card or phone. At the same time, a second device is placed near a legitimate payment terminal, often in a retail setting. These two devices communicate wirelessly in real time, tricking the terminal into believing the payment card is physically present.
This allows the attacker to complete a fraudulent transaction by using the person’s payment information. Malware-as-a-Service (MaaS) platforms like SuperCard X, TX-NFC, and TapPay have made it easier for criminals to carry out these attacks by using only phones and apps. In some cases, people are tricked into installing malicious apps that silently turn their phones into relay tools.
Common Tactics
Several deceptive methods have been reported. Therefore, small business owners and their staff should be aware of these tactics.
- Malware Disguised as Banking Apps or Security Tools: Criminals trick people into downloading malicious apps via text messages or fraudulent websites. These apps are designed to look harmless and avoid detection by using minimal permissions or encryption, and they quietly enable relay attacks once installed.
- Tap-to-Pay Abuse Without Physical Theft: Criminals no longer need to steal wallets. With the right tools and proximity to a person, they can intercept and relay the tap signal in real time.
- Smartphones Used to Emulate Payment Cards: Malware tools, like SuperCard X, can turn a regular smartphone into a card emulator, relaying payment data to a legitimate payment terminal.
- Public Places as Targets: These attacks often happen in crowded areas (e.g., cafes, retail stores) where criminals can get physically close to payment devices without raising suspicion.
Protect Your Business and Customers
NFC relay attacks can have serious consequences for small businesses. Even when using legitimate systems, your business may still accept fraudulent transactions—leading to chargebacks, reputational harm, or scrutiny from your payment provider. Customers also face risks such as unauthorized charges or misuse of their phone or card data.
By taking the following proactive steps, you can help prevent your business from being used in a fraudulent transaction.
- Train Staff to Spot Suspicious Behavior: Be alert for people who seem to be using devices near payment terminals or behaving oddly near other patrons.
- Inspect Payment Terminals Regularly: Check payment terminals for unauthorized attachments or signs of tampering.
- Update POS Software Frequently: Ensure that your payment terminals receive updates that help detect or block suspicious tap patterns.
- Configure to Require PINs: Set payment terminals to require a PIN for all transactions, even low-value ones, to add a layer of protection.
- Work with Trusted Payment Providers: Choose payment service providers with strong fraud monitoring and NFC-specific protections.
- Encourage Customer Awareness: Share best practices with your customers—such as keeping NFC off when not in use and avoiding suspicious apps.
Conclusion
NFC relay turns convenience into risk. Small businesses that accept contactless payments should understand how these attacks work and what steps to take to reduce their exposure. By staying informed, training staff, and partnering with trusted payment providers, your business can stay one step ahead of this emerging threat before it reaches the checkout counter.
The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving technology threats. We recommend you consider becoming an NCSS member to access a wide range of our services. For more information, visit our Small Business page.
About the NCSS
The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.
The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.