NSW Police charge three men with $1.5m tap-and-go fraud

NSW police have charged three men with compromising 45 bank accounts through the card emulation function used for mobile payments to make $1.5 million in fraudulent purchases across Sydney.

For the last year the force has been investigating how host-based card emulation (HCE), which is a fundamental component of mobile tap-and-go payment applications, is being exploited by criminals.

HCE allows NFC payments to emulate a credit or debit card and talk directly to an NFC reader. It was introduced in Android 4.4 and is a core element of the various mobile payment applications running on that platform. 

NSW Police identified a "sophisticated organised group" that it claims have been porting mobile phones and compromising bank accounts through mobile payment applications.

This enables them to use the HCE function to buy electronic and luxury goods, which they then sell on, police allege.

The force yesterday conducted raids on five homes across Rockdale, West Ryde, Greystanes, Bankstown, and Ultimo, as well as an office at Auburn and a storage facility at Camperdown.

Two men aged 22 and 24 were arrested during the searches and later charged, while a third man aged 42 was arrested at Sutherland Police Station late last night.

The third man was charged with 27 offences including fraud, as well as dealing with identification information and possessing an unregistered firearm after five guns, forged ID documents and prohibited drugs were found during the raids.

All three men were refused bail and will appear in court today. 

NSW Police said its investigations are ongoing and it expects to make further arrests.