The Philippines has emerged as a top target for sophisticated Chinese cybercriminal groups exploiting vulnerabilities in near-field communication (NFC) technology, according to a new report by global cybersecurity firm Resecurity.
As digital wallets and contactless payments gain traction across the country, Resecurity warned of a sharp increase in fraud attacks leveraging NFC infrastructure used by platforms like GCash, Maya, GoTyme, and BDO Pay.
Dark Web activity tied to Chinese actors and aimed at Philippine financial systems surged nearly 230% in the second quarter of 2025 compared to the same period last year, the firm said.
“Philippine financial services are increasingly being used as a testing ground for fraud innovation,” Resecurity said, noting that threat actors are deploying tools such as Host Card Emulation (HCE), Z-NFC, and Track2NFC to clone payment credentials and conduct unauthorized transactions undetected.
The firm’s HUNTER team also linked several operations to Chinese-led syndicates including the so-called “Smishing Triad,” which has evolved into a Crime-as-a-Service network offering phishing kits, fraud tools, and stolen credit card data through Telegram channels and underground markets.
One marketplace alone had more than 7,700 compromised Philippine-issued cards for sale, with cloned cards priced as low as a few dollars. Small-value NFC transactions, often exempt from PIN verification, have become a key entry point for attackers. Some fraudulent POS terminals disguised as legitimate devices reportedly processed up to $80,000 daily.
Resecurity also cited growing evidence of collusion between foreign and local actors. Criminal groups in the Philippines have helped deploy fake businesses and POS devices to facilitate fund layering and illicit cashouts, particularly in the retail and food service sectors.
The firm recommended tighter merchant verification processes, behavioral analytics for tap-and-go transactions, stronger public-private threat intelligence sharing, and more consumer education on digital payment risks.
With TransUnion estimating that digital fraud in the Philippines stood at 13.4% in 2024—150% above the global average—Resecurity warned that the speed and scale of NFC-related fraud now pose a broader economic risk.
BusinessNews.ph