Is a contactless payment request sent via a link or NFC tag a scam?
Treat any unexpected NFC tag or link that launches a payment app with extreme caution — scammers plant these to redirect payments to their own accounts.
Last reviewed: 1 June 2026
Explanation
Near-field communication (NFC) stickers and QR codes can be programmed to open payment apps, pre-fill amounts, or redirect browser sessions. Fraudsters have placed fake NFC stickers over legitimate payment points in restaurants, car parks, and charity donation boxes, so that tapping a device sends money to a scammer rather than the intended recipient. Similarly, phishing links can open your phone's wallet app with a pre-populated fraudulent payee. Before tapping any NFC tag in a public space, check that the sticker looks original and has not been placed over another one. If a payment app opens unexpectedly, close it and report the location. Legitimate payment terminals do not ask you to scan a sticker on a piece of paper or a flyer.
Common red flags
- NFC sticker appears to be placed over another label or looks newly applied
- Link in a message unexpectedly opens your mobile wallet
- Pre-filled payee name does not match the business you are paying
- Charity collection tin directs you to scan an NFC tag on a card
What to do now
- Do not complete the payment if anything looks unusual
- Report suspicious NFC stickers to the venue and local police
- If you already paid, contact your bank or payment app support immediately
- Check your bank statement for unexpected transactions
Frequently asked questions
Can an NFC tag steal my card details without me tapping it?
Passive card skimming over NFC has an extremely short range (a few centimetres) and modern chip-and-PIN cards limit what is readable. The main risk is being tricked into actively tapping a fraudulent tag.