Earlier this month, the U.S Secret Service, in collaboration with the Payment Card Industry (PCI) Security Standards Council, released a Joint Advisory Bulletin: Mobile Payment System Vulnerability. The advisory discuses the Growing Criminal Exploitation of Provisioning in Mobile Payments.
The Secret Service has observed a steady increase in criminals exploiting vulnerabilities in the account provisioning and verification process for near field communication (NFC) payments to commit fraud. Specifically, criminals are using stolen identity information (e.g., credit reports, tax records, healthcare and employee records that contain personally identifiable information) to establish fake accounts on NFC devices and make illicit transactions both online and at “brick and mortar” retailers. Over the last several months, perpetrators have conducted numerous fraudulent transactions using this particular method of exploitation affecting many high-end retailers and banking institutions across the Northeastern portions of the United States.
Click here to continue reading the the full joint advisory.