'NFC Fraud' New Card Scam... 3 Billion Won Stolen Using Overseas Card Smishing Information

[Financial News] A group that used stolen overseas credit card information from China to make NFC payments at domestic disguised merchant terminals and pocketed billions of won has been caught by the police.
The Seoul Metropolitan Police Agency's Metropolitan Investigation Unit's Drug Crime Investigation Division's International Crime Investigation Team announced on the 2nd that they had arrested four people, including recruiter Mr. A (62), on charges of fraud and computer-related fraud under the Act on the Aggravated Punishment of Specific Economic Crimes, detaining two and releasing two without detention. Twenty-eight people, including Mr. B (51), who lent their names for disguised merchants, were also booked for violating the Specialized Credit Finance Business Act. They are also conducting a joint investigation with Interpol regarding the mastermind, a Korean national believed to be staying in China.
According to the police, from December 2023 to July 2024, they stole payment information such as card numbers, expiration dates, and CVC through smishing (phishing crimes using text messages) overseas, and opened disguised merchants in Korea to activate terminals. The terminals were smuggled to China, and the mastermind repeatedly made payments by putting the stolen information into a smartphone and contacting the terminal (NFC).
Approval requests were sent to domestic card companies. While card companies usually prepay merchants within five days, it takes about 90 days to verify normal transactions. They exploited this time gap to generate false sales and shared the prepaid funds.
There were 77,341 fraudulent transactions. Although false payments of up to 1 million won per transaction occurred, small payments under 50,000 won accounted for 39,405 transactions. The repeated fraudulent transactions in small amounts made it difficult for victims to notice unusual transactions, and the card company's fraud detection system could not immediately filter them out. According to an analysis by the Financial Security Institute, malicious apps found on Mr. A's phone had features that intercepted payment information generated when the NFC function was activated.

The affected countries are over 70, including the United States, and all cardholders are identified as foreigners. After domestic card companies prepay the amount, if the transaction is not canceled, the loss amount goes to the overseas consumer, the cardholder. So far, no cases of domestic-issued card information being stolen have been confirmed.
The disguised merchant name holders who participated in the crime lent their names in exchange for a commission of 16-18% through high-income part-time job advertisements. The four recruiters were responsible for collecting terminals and smuggling them to China, and they took 20-40% of the false sales proceeds. The remaining amount was converted to cash or virtual assets and sent to China. Among the recruiters were one Chinese person and two Chinese naturalized citizens.
The police received information on unusual transactions from domestic card companies in July last year and began an investigation, arresting related individuals sequentially since August last year. They are currently conducting pre-indictment preservation of criminal proceeds and conducting additional investigations into domestic and international linked organizations.
A police official said, "Avoid installing apps from unknown sources, and activate the NFC function only when necessary," and urged, "Set up credit card usage alerts to immediately recognize unusual transactions."

425_sama@fnnews.com Choi Seung-han Reporter