Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the resurgence of payment fraud through sophisticated Near Field Communication (NFC) relay attacks in this 38-minute conference talk from DEF CON 33. Discover how modern carding operations combine social engineering with custom mobile malware to bypass contactless payment security measures and enable unauthorized transactions. Learn about the critical emergence of Malware-as-a-Service (MaaS) platforms, primarily operated by Chinese-speaking threat actors who develop and distribute advanced NFC relay capabilities as turnkey solutions to global affiliates, facilitating complex card-present fraud schemes at unprecedented scale. Examine the MaaS operational model featuring affiliate networks and advanced tools that represents a critical evolution in financial threats, leading to arrests across the U.S. and EU while alarming global financial institutions. Analyze key findings from the Supercard X investigation, including technical capabilities and implications for the payment industry, while gaining access to mitigation strategies and actionable intelligence such as actor communications and distinct Tactics, Techniques, and Procedures (TTPs). Understand how developers of well-known Android banking trojans are integrating NFC relay functionalities to enhance cash-out techniques, and gain insights into the operational models, tools, and TTPs employed by modern NFC Relay MaaS platforms, along with the systemic risks posed to global financial institutions and the urgent need for adaptive security postures in combating this evolving fraud landscape.
