Person paying with contactless credit card on a payment terminal at a wooden table in a social setting

Ghost Tapping: What Professional Firms Should Know About This Tap-to-Pay Scam

Ghost Tapping: What Professional Firms Should Know About This Tap-to-Pay Scam


Tap-to-pay technology has become a normal part of everyday operations for CPA firms, law firms, dental practices, and medical offices. Clients appreciate the speed. Front desks appreciate reduced handling of cards and devices.

However, both the Better Business Bureau and major news organizations are now reporting an emerging scam called ghost tapping. While this scam primarily affects consumers in crowded public environments, understanding it is valuable for any professional firm that accepts tap-to-pay for co-pays, retainers, invoices, or service fees.

This article summarizes what ghost tapping is, how it works, and what you can do to strengthen your internal processes.

Watch: Todd Cummings Explains the New Ghost Tapping Scam in Short Video

Play Video: https://youtube.com/shorts/Sgj_rOcr87w?si=DHrDBHD_uH2Ndvg1

What Is Ghost Tapping?

According to recent BBB alerts and Newsweek coverage, ghost tapping is a tap-to-pay scam that targets contactless cards and mobile wallets using Near Field Communication (NFC) technology.

Tap-to-pay itself is safe when used properly, but scammers exploit it in situations where they can get extremely close to a victim or rush the payment process.

Common tactics reported by the BBB and local news include:

Getting close in public spaces Scammers with portable NFC readers may attempt to trigger small tap-to-pay charges by standing close to a victim's purse or wallet.

Fake vendors or charity collectors Several reports describe scammers insisting on tap-to-pay only, then charging significantly more than the displayed amount.

Rushing or distracting the payer Scammers rely on victims not checking the merchant name or transaction amount before tapping.

Victims often do not notice the fraud immediately because scammers may begin with small "test" charges.

Why This Matters for CPA Firms, Law Firms, and Dental Offices

Ghost tapping typically occurs in public settings such as festivals, markets, or transit stations, not in professional offices. However, it still affects your environment in three ways:

1. Clients may dispute legitimate payments if their card was compromised elsewhere.

This creates confusion for your billing or front-desk team.

2. Your staff may be exposed while traveling or attending conferences.

Employees carrying firm-issued cards or mobile wallets can be victims of unauthorized charges.

3. It highlights the importance of consistent, transparent tap-to-pay procedures.

Even if fraud doesn't occur in your office, clients expect your payment process to be clear, trustworthy, and verifiable.

Risks to Professional Practices

While ghost tapping itself targets consumers, firms may experience:

● Chargebacks

● Administrative time spent reviewing disputed transactions

● Client uncertainty about payment safety

● Reputation challenges if clients confuse broader scams with your internal procedures

● Slowdowns at the front desk during busy hours

Strengthening your payment workflow reduces stress for both your team and your clients.

How to Reduce Risk in Your Office

1. Train front-desk and billing staff

Teams should understand:

● How tap-to-pay works

● Why verification matters

● What normal tap-to-pay behavior looks like

● That rushing or concealing a device is a red flag anywhere

2. Always "show and confirm" before a tap

This aligns with BBB guidance:

● Display the total clearly

● Say the amount out loud

● Ask the client to confirm before tapping

Small steps support clearer communication and fewer disputes.

3. Enable payment-system alerts and logging

Ask your vendor or payment processor to ensure you have:

● Contactless transaction logs

● Declined tap alerts

● Duplicate attempt alerts

● Clear timestamp and merchant descriptors

This helps quickly resolve client questions.

4. Encourage clients to set up bank alerts

You are not giving financial advice, you are sharing widely accepted best practices such as:

● Enabling instant transaction notifications

● Reviewing accounts regularly

● Reporting unfamiliar charges immediately

5. Include tap-to-pay in your annual security and compliance review

For CPA firms, law firms, and healthcare practices, payment workflows touch:

● Cybersecurity

● Confidentiality

● HIPAA or GLBA requirements

● IRS Safeguards Rule

● State privacy laws

● Client trust

Regular review ensures your processes and technology remain aligned with modern risks.

A Quick Note on "Ghost Touch" vs. "Ghost Tapping"

Some sources also mention ghost touch hacking, a smartphone vulnerability where electromagnetic interference causes unintentional touchscreen activity.

That is not the same as ghost tapping:

Ghost tapping = unauthorized tap-to-pay charges

Ghost touch = touchscreen activity without a user's touch

Keeping those terms separate helps avoid confusion.

Final Thoughts

Ghost tapping is not an epidemic, but it is a documented scam that is increasingly reported by the BBB and local news. Professional service organizations rely on strong communication and consistent processes, and tap-to-pay should be treated with the same clarity.

Microtech does not guarantee the prevention of fraud or chargebacks, but we help clients strengthen the technology and workflows that support secure, efficient, and trustworthy operations.

If your firm would like to evaluate your payment process, train front-desk teams, or review your cybersecurity posture, our team is here to help.

Sources

We paraphrased and summarized these; full articles are linked for attribution.

Better Business Bureau (BBB)

"What is ghost tapping? How to spot and avoid tap-to-pay scams" https://www.bbb.org/article/scams/39182-bbb-scam-alert-what-is-ghost-tapping

Newsweek

"Ghost Tapping: What to Know About New Scam Warning" by Hollie Silverman https://www.newsweek.com/ghost-tapping-scam-warning-bbb-report-1958823

KY3 Local News

"Scammer uses tap-to-pay reader to steal money in public place" https://www.ky3.com

City National Bank

"Ghost Touch Hacking and How to Protect Yourself" - relevant for distinction https://www.cnb1901.com/blog

Disclaimer: Microtech IT & Cybersecurity Services provides expert guidance in managed IT and cybersecurity. This article offers general information only and is not legal, financial, or compliance advice. No cybersecurity solution can guarantee complete prevention of fraud or cyber incidents. Please consult appropriate professionals regarding your organization's regulatory and security obligations.

Book A Free Consult

 

Recent Articles

Spilled coffee next to a computer keyboard and a wilted red rose on a wooden desk surface.

Ever Had an IT Relationship That Felt Like a Bad Date?

 University campus shows modern brick buildings with glass facades and a red brick pathway under a blue sky.

Are Schools and Universities Ready for the Next Cyberattack?

 Loading bar with 2026 attack plan text on dark background with cybersecurity icons and symbols.

New Year's Resolutions for Cybercriminals (Spoiler: Your Business Is on Their List)

Get In Touch

Transform, elevate, and protect your business with Microtech. Contact us today to learn how our expert IT solutions can streamline your operations and secure your business. 

For inquiries and more information:

Phone: 954-327-1001
Email: info@micro-tech.com
Address: 110 E Broward Blvd #1700, Fort Lauderdale, FL 33301

Choose Microtech Computer Services for innovative, reliable IT solutions that propel your business forward.

logo

We are 100% committed to making sure business owners have the most reliable and professional IT service in Florida.

Book A Free Strategy Call