Mobile payments, swiping transit cards, and electronic access control—the near-field communication (NFC) technology in smartphones, commonly known as such features, brings us much convenience in daily life. Recently, some short videos circulating online claim that "money in phones can be wirelessly stolen through close-proximity payment methods." After these videos were posted, they sparked widespread discussion among netizens. Is it true that money can be stolen wirelessly—"gone with just a touch"?

The "One Tap and Your Money is Stolen" Video Was Staged, Rumor-Monger Detained

In the video, the short-video blogger posted on multiple online platforms, claiming that after a meal, their assistant used a certain payment app's "tap-to-pay" feature to settle the bill. After the payment, when the assistant put the phone back into their pocket, a passing stranger used a disguised device to steal a sum of money through contactless payment. They later recovered the funds by reporting the incident to the police.

After the video was released, it quickly sparked discussions among many netizens. Upon reviewing the incident, the payment platform identified multiple factual inaccuracies in the short video and reported the matter to the police. The public security authorities promptly launched an investigation and, in accordance with the law, summoned the publisher, Wu, to the investigation site for questioning. It was discovered that the short video was a staged act by Wu to gain traffic and attract attention. In accordance with the relevant provisions of the "Public Security Administration Punishments Law of the People's Republic of China," Wu was fined a certain amount by the public security authorities for the illegal act of fabricating and spreading online rumors and was required to issue a public apology via the online platform.

Expert demonstrates the "one-tap" principle: Close-range fraudulent scanning is impractical.

After investigation, the police concluded that the viral video was a staged act aimed at gaining online traffic, and the internet blogger involved faced legal penalties. However, public concerns were not alleviated. In daily life, many people enjoy using the "tap-to-pay" feature offered by payment platforms, which requires the phone's built-in function to be enabled. To verify whether the technology of "stealing money with just a tap" truly exists, reporters also consulted experts for a demonstration.

The reporter contacted a product security expert from the payment platform, who demonstrated the "tap to pay" process for us. Gao Zheng, Product Security Expert at the Payment Platform: "The entire 'tap to pay' process is very simple. Let’s try it out in practice. Once the merchant initiates the payment request, the user only needs to unlock their phone and simply tap it on the terminal to complete the transaction quickly."

Reporter: Can payments be made smoothly when the phone is locked? Gao Zheng, Payment Platform Product Security Expert: When a user's phone is locked, it is impossible to make a "tap-to-pay" transaction. This is a crucial step in ensuring the security of the user's funds. The phone must be unlocked before a tap payment can be processed.

For demonstration purposes, the expert conducted the operation with password-free payment enabled. It is reported that the "Tap to Pay" feature will adjust payment methods based on different payment scenarios and transaction risk controls. Particularly for large transactions and high-risk transactions, users will be required to reconfirm via password, fingerprint, or facial recognition to ensure payment security.

Gao Zheng, Product Security Expert at a Payment Platform: Previously, users might have made payments by displaying a QR code on their phones. The "tap-to-pay" method is essentially a way for users to make payments by receiving barcode information from the cloud after tapping. In reality, "tap-to-pay" is very similar to the commonly used scan-to-pay and facial recognition payment methods—they all fundamentally rely on barcode payment technology. Most of these payment methods also require an internet connection to function, allowing them to be protected by the network's risk control system to ensure security during the payment process. If any suspicious activity is detected during the transaction, it may trigger additional user verification or even halt the transaction.

Journalists have learned that both "scan to pay" and "tap to pay" methods only serve a verification role during the payment process. Although "tap to pay" utilizes some NFC functionalities, it does not store or transmit users' payment information through the phone. Therefore, contrary to online rumors, offline payments cannot be easily skimmed through close-range contact.

Police: High Cost of Fraudulent Charges, Greater Need to Guard Against Remote Control

It is the English abbreviation for Near Field Communication technology, a short-range wireless communication technology that allows devices to exchange data within centimeters. We just heard the expert's analysis from a technical perspective. Regarding this issue, the reporter also consulted the police: how high is the risk of financial loss when using the "tap-to-pay" feature during offline payments?

Luo Yongci, a police officer from the Anti-Fraud Center of the Hangzhou Municipal Public Security Bureau: Before any payment method is introduced, it must undergo extensive security verification, making it relatively safe and reliable. In extreme cases where theft occurs—such as someone using a mobile phone's payment function to steal money from your bank card at close range—it is first and foremost a contact-based crime. The scanning or contact devices used, like QR code scanners or touch-to-pay gadgets, must be registered under real names and operated offline. The cost of committing such crimes is quite high, and the detection rate is also very high. Based on current realities, we should be more vigilant against remote, non-contact fraud schemes.

Police reminder: "Remote non-contact scams" typically involve three steps.

The remote non-contact fraud mentioned by the police is one of the high-frequency telecom scams in recent years. First, scammers disguise their identities, often citing reasons like "flight malfunctions" or "fee cancellation" to provoke panic in victims and lower their guard. Next, they instruct victims to link their bank card information to fraudulent software through certain functions, enabling direct access to and transfer of funds from the card. To further gain trust, they may also trick victims into using screen-sharing technology, making them believe the operation is legitimate. So, what should we do in such situations? The police have offered some advice.

Hangzhou Municipal Public Security Bureau Anti-Fraud Center Officer Luo Yongci: First and foremost, we must remain vigilant. For any self-proclaimed customer service offering various refunds, we should verify through official channels and not blindly trust them. Fraudsters, under the guise of processing refunds, induce victims to perform certain operations, such as enabling screen sharing. Once screen sharing is activated, the scammers can see every action of the victim, including bank card numbers, passwords, verification codes, and more. With this information, the fraudsters can remotely access the victim's account to transfer funds. If someone asks you to remotely enable a function and verify by placing your bank card near your phone, be aware that once the card is held close to the phone, the money can be transferred. The scammers essentially turn the victim's phone into a payment terminal. By having the victim download a remote app, they generate a transaction order. When the victim's bank card is placed near the phone, it acts like a card swipe, allowing the fraudsters to steal the money.

Police Advisory: When receiving calls from individuals claiming to be customer service representatives, always verify their identity, especially when sensitive information such as rescheduling or refunds is involved. Avoid making unfamiliar payments casually and remain vigilant against any requests to enable screen sharing or remote assistance. If you suspect you have been scammed, immediately call your bank's customer service to freeze your account and report the incident to the police.

Hangzhou Municipal Public Security Bureau Anti-Fraud Center Officer Luo Yongci: Once someone remotely instructs you to enable screen sharing or turn on certain functions, it is definitely a scam. For safety reasons, we can also disable the password-free payment feature. If that feels inconvenient, you can at least lower the payment limit for password-free transactions as much as possible.