FCIC issues bulletin on merchant processing app crimes

The Texas Financial Crimes Intelligence Center is working alongside banks, the U.S. Secret Service and the Federal Bureau of Investigation to counter a merchant processing vulnerability due to an app threat dubbed “TRACK2 NFC.”

TRACK2 NFC duplicates an NFC transaction and utilizes specific card numbers and NFC tokens to force merchant payment terminals into an offline transaction mode. Once forced, the terminal does not seek approval for the transaction, resulting in a forced offline transaction that will never provide payment from the merchant processor or banking institution.

The complete FCIC Bulletin and recommended mitigating actions have been posted on TBA’s Information Sharing and Analysis Organization (ISAO) platforms. Look at the ISAO’s Slack lobby and the Fraud Channel. If your bank has not been onboarded to the ISAO, contact director Alivn Mills at alvin@texasbankers.com.