Security and Trust

Relaying the message on relay fraud

Relay fraud is on the rise. Here's what you need to know.
Michael Jabbara, SVP, Global Head of Payments Ecosystem Risk and Control, Visa , 04/24/2025
cardholder enters payment info on their phone cardholder enters payment info on their phone

It’s no secret that fraud is big business for criminals — and at Visa, one of our top priorities is making sure we are staying ahead of bad actors.

The Payments Ecosystem Risk and Control (PERC) team works around the clock to identify novel fraud schemes and stay one step ahead of cybercriminals. PERC helped block over $40 billion in fraud attempts during fiscal year 2023 and helped thwart $350 million from reaching scammers in 2024.

As highlighted in PERC’s Spring 2025 Biannual Threats report, one particularly sophisticated emerging threat is relay fraud.

Understanding relay fraud

This global scheme leverages the near-field communication (NFC) technology commonly used for contactless payments to fraudulently conduct transactions. Here’s how it works:

  1. The fraudster sends out a text or phone call posing as a victim’s bank, saying their account has been compromised.
  2. Then, they convince the cardholder to download a malicious application that looks like the victim’s banking app, and contains the open-source NFCGate code.
  3. Once downloaded, the app turns the victim’s cell phone into a point-of-sale terminal, allowing it to process transactions — similar to what you’d see at a retail checkout.
  4. The bad actor, still posing as a bank representative, then tells the victim to tap or place their card on their phone to verify their identity.
  5. The malicious app then relays the payment info to the scammer’s device via NFCGate, allowing the attacker to make unauthorized transactions as if they were using the victim's card.

All of this happens in near real-time, making it critical for consumers to be vigilant about unsolicited messages and conduct independent verification before taking action.

How Visa is combatting relay fraud

Here’s the good news: in the past five years, Visa has invested over $12 billion in technology and infrastructure, including toward fraud prevention. This investment helps Visa stay ahead of novel schemes like relay fraud alongside our expert fraud and cybercrime professionals who monitor our ecosystem 24x7x365.

Relay fraud isn’t scalable, so while this type of fraud is on the rise, it is on an isolated basis. Even so, we have partnered with clients and industry partners to deploy a multitiered strategy to protect cardholders. We have updated our Visa Provisioning Intelligence scoring to help spot these types of transactions and shut them down, and provided our clients just-in-time intelligence to update their tools and transaction activity monitoring to detect this fraud scheme. We also have evolved our anomaly tracking to find indicative patterns and shut down these scams.

What consumers can do to protect themselves

However, fighting fraud is a team sport. To protect against relay fraud, consumers should:

  • Be cautious when downloading apps, especially if prompted by unsolicited phone calls, text messages, or emails.
  • Avoid providing sensitive payment information over the phone or entering their card PIN to unverified individuals.
  • Never click on hyperlinks found in emails or text messages from unknown senders, and independently verify people are who they say they are.
  • Practicing good security hygiene like regular software updates and using unique passwords is also crucial to prevent attackers from exploiting known vulnerabilities in payment systems.

Read more about current fraud trends in our Spring 2025 Biannual Threats Report.

Get Visa Perspectives in your inbox

Every two weeks, we’ll be curating timely payments insights from around the globe designed to help you navigate the new world of commerce.

Sign up for our newsletter