- The stolen payment card data are feeding ghost touch fraud worldwide
- Burning phones are turning the theft of identity into organized retail scams
- Luxury products bought with ghost bumps quickly shower online
Digital payment services have long promised speed and ease, but the same systems are increasingly manipulated by fraud.
Future’s Insikt group researchers now warn that a new fraud wave known as “ghost touch” has quickly extended for Southeast Asia and beyond 2020.
The method allows scammers to load payment details stolen in burner phones, which are then used for retail fraud.
How the ghost touch works
The ghost touch is based on stolen payment card data, often collected through phishing, social engineering or mobile malware.
Once the information is taken, the criminals avoid security by intercepting unique passwords sent to the victims and then loading the data stolen in mobile wallets linked to contactless services such as Apple Pay or Google Pay.
Unions can use burner phones to make shopping in stores or even remove money from ATMs.
The process shows parallels with identity theft, where personal and financial data are exploited for profit.
The registered Future Insikt group says that it has observed organized groups that distribute not only phones but also software that can transmit the details of the card among the devices.
This allows a network of mules that are presented as common buyers or tourists, buying high -value products, such as jewelry or mobile phones, which are then shown through telegram underground channels.
After a repression of security in the telegram channels, the unions changed the operations to alternatives such as the guarantee of Xinbi and the guarantee of Tudou, which continue to facilitate the ghost touch agreements.
According to the researchers, the high volume of ads and recruitment of mules on these platforms suggests that many goods that circulate in these markets originate in ghost dressers.
This campaign is persistent, and even after several arrests of Chinese and Taiwanese citizens in Singapore in 2024, the decentralized nature of telegrams based on telegrams hinders interruption.
The touch of ghosts has wide implications for retail, banks and payment suppliers.
Because many stores lack strict controls of their customers, fraud is difficult to detect at the point of sale.
Insurance companies are also exposed to the consequences of unauthorized transactions.
In Singapore alone, the Police recorded hundreds of PHISHED card data incidents tied to mobile wallets, which led to millions of losses.
The United Nations Office on Drugs and Crime has described the touch of ghosts as part of a greater professionalization of the scam in the region.
“The convergence between the acceleration and professionalization of these operations, on the one hand, and their geographical expansion in new parts of the region and beyond the other translates into a new intensity in the industry, one to which governments must be prepared to respond,” said Benedikt Hofmann, regional representative of the UNODC for Southeast Asia and the Pacific, at the time.
How to stay safe
- Implement multifactor authentication to strengthen the protection against unauthorized use of payment credentials.
- Trust good reputation and firewalls security suites configured properly to mitigate phishing and malware threats before data is stolen.
- Maintain surveillance when entering online financial details to avoid exposing confidential information to fraudulent sites.
