Tap-to-Pay Donation Scam: 'Ghost Tapping' Explained

Tap-to-Pay Donation Scam: 'Ghost Tapping' Explained

A tourist in Seattle agreed to give $15 to a polite, well-dressed young man collecting for a youth charity. He held out a phone to "tap to pay." She tapped. Days later, her bank statement showed a $4,800 charge. The "charity" was a for-profit LLC with no registration anywhere — and her single tap had authorized the full amount on a screen she never looked at.

That story, flagged in a viral r/Scams thread this week and echoed by the Washington State Attorney General's office, is the public face of a fast-spreading scheme called the tap-to-pay donation scam — or, in its broader form, ghost tapping. BBB and FTC alerts have circulated again in the past 48 hours as new victim reports surface from sidewalks, transit hubs, and festivals across the U.S.

What Is the Tap-to-Pay Donation Scam?

The tap-to-pay donation scam is an in-person fraud where a stranger asks for a small charitable donation, then quietly enters a much larger amount on their phone or card reader before you tap. Because most people glance at the person — not the screen — the donor authorizes hundreds or thousands of dollars believing they gave $10 or $20.

A related variant, called ghost tapping, doesn't bother with a story at all. The scammer carries a concealed contactless card reader and brushes against people in crowds, triggering charges on tap-to-pay cards stored loose in wallets, pockets, or purses.

Both versions exploit the same thing: contactless payments are designed to be frictionless. There's no PIN, no signature, and often no second look before the money moves.

How the Scam Works

The donation version follows a predictable script. Once you see it, you'll spot it instantly.

1. The setup. A friendly, well-dressed person approaches you in a busy public area — a waterfront, a market, near a transit station, outside a concert. They say they're collecting for a youth program, an athletic team, a "special needs" cause, or selling music CDs to fund a charity.
2. The small ask. They suggest a modest donation: $5, $10, $20. Anchoring you to a small number is critical to the trick.
3. The screen flip. They pull out a phone running a mobile point-of-sale app (Square, Stripe, SumUp, Toast Go, or similar) and turn the screen toward you for a split second — long enough to register that something is on it, not long enough for you to read the amount.
4. The tap. They ask you to tap your phone or contactless card. The total entered is often $500, $1,100, $4,800, or another figure far above your offer.
5. The walk-off. They thank you warmly and leave before you check anything. No receipt is offered. By the time the charge clears, they are gone — and the LLC behind the payment processor account is either fake, dissolved, or untraceable.

The ghost-tapping variant skips steps 1–3 entirely. A criminal in a crowded space carries a battery-powered NFC reader hidden in a bag or jacket and bumps into people whose phones or cards are accessible. Most contactless cards permit small "tap" transactions without a PIN, and a single bump can trigger one. Repeated taps across a crowd can pull in thousands of dollars in a single afternoon.

Red Flags to Watch For

If you encounter any of the following, treat the interaction as a likely scam:

• The person only accepts tap-to-pay. Legitimate street fundraisers usually accept cash, checks, QR-to-website donations, or a major platform like Venmo where the recipient name is visible.
• The phone or reader screen is angled away from you. A real merchant or fundraiser shows you the amount and waits for you to read it.
• No receipt is offered, and there's no business name on anything. No table sign, no lanyard, no flyer with a registered nonprofit name and EIN.
• The pitch leans hard on emotion and urgency. "Help us hit our goal before we leave today" or "the kids are right around the corner waiting."
• The "charity" name sounds vaguely official but doesn't show up in any database like the IRS Tax Exempt Organization Search, Charity Navigator, or your state Secretary of State's charity registry.
• They want to handle your phone. Anyone reaching for your device to "help you tap" is a hard stop.
• They cluster near tap-to-pay-friendly venues — waterfronts, farmers markets, transit hubs, sports arenas, festivals — and often work in pairs or small teams.
• You're in a crowded space and feel a deliberate bump from someone holding a bag or phone close to your pocket. That's the ghost-tapping pattern.

What to Do If You've Been Targeted

If you tapped and later discover a charge you didn't authorize:

1. Dispute the charge immediately through your bank or card issuer. Contactless charges are subject to the same chargeback rights as any other card transaction. Call the number on the back of your card — don't search online for it.
2. Lock or freeze the card in your banking app, then request a new card number. If the scammer captured your card on a reader, the number can be reused.
3. Pull a 90-day fraud alert on your credit file with one of the three bureaus (Equifax, Experian, or TransUnion). This is free and the bureau is required to notify the other two.
4. Save evidence. Note the date, time, exact location, and physical description of the solicitor. If you have it, take a screenshot of the transaction in your wallet app showing the merchant name on the receipt.
5. File reports. Report to the FTC{:target="_blank" rel="noopener"} and to your state Attorney General's consumer protection division. If you live somewhere with active investigations — Washington, California, New York — your report may help an open case. Our scam reporting guide walks through the full process.
6. Tell people. Post on local subreddits, neighborhood apps like Nextdoor, and warn coworkers. Awareness is the strongest disruption to in-person scams; once a neighborhood knows, the crew moves on.

You are not at fault for being kind in public. Scammers engineer these interactions around social pressure and momentum, not against your judgment.

How to Protect Yourself

A few simple habits will close almost every opening this scam uses.

• Carry cash for street giving. If you want to give to people in public, give in cash, in small bills. There is no fraud surface on a $5 bill.
• Look at the screen — not the person — before any tap. A two-second pause to read the dollar amount stops the entire scam. If the screen is hidden, decline.
• Refuse "phone-to-phone" tap transactions with strangers. Tap-to-pay was designed for terminal-to-card interactions in stores you chose to enter, not for handing one phone to another on a sidewalk.
• Keep contactless cards in an RFID-blocking sleeve or wallet. This blocks the ghost-tapping bump. Most phones already require a biometric to authorize tap payments, but a physical card in a back pocket is fully exposed.
• Turn on real-time transaction alerts with your bank. A push notification within seconds of a charge means you can dispute before the scammer leaves the block.
• Verify any charity before you give, in person or online. Search the IRS Tax Exempt Organization Search, Charity Navigator{:target="_blank" rel="noopener"}, or BBB Wise Giving Alliance. A real nonprofit has a verifiable 501(c)(3) status. See our deeper guide to fake charity scams for the verification playbook.
• If you're helping an older parent, walk through this scam specifically. Older adults are a top target for in-person fraud — our elder fraud protection guide covers the broader pattern.
• Stay alert near other contactless attack surfaces. Crews running tap-to-pay scams often run QR code scams at the same events.

FAQ

Can someone really charge my tap-to-pay card without me knowing? Yes, in narrow conditions. Contactless cards often allow small "tap" transactions without a PIN, so a concealed NFC reader held within a few centimeters of an exposed card can trigger a charge. Phones are harder to attack because they require biometric or passcode confirmation before each tap, but a card sitting in a back pocket or unzipped purse is vulnerable. RFID-blocking sleeves stop this.

Is tap-to-pay safer than swiping or inserting my card? For normal store use, yes. Tap-to-pay transactions use one-time tokens instead of your real card number, so a compromised terminal can't reuse the data. The risk in the donation scam isn't the technology — it's that the donor doesn't see the amount being charged. The tech does exactly what you tell it to.

How can I tell if a charity asking for donations on the street is real? A real charity will give you their full legal name and EIN, or hand you a flyer that includes both. You can look them up immediately in the IRS Tax Exempt Organization Search or on Charity Navigator. If they refuse to give a name, can't be found in any database, or pressure you to give before you can check, walk away.

The person was charging me on a Square or Stripe reader. Doesn't that mean it's legitimate? No. Anyone can sign up for a Square, Stripe, SumUp, or PayPal Zettle account in minutes using an LLC name. The presence of a recognized payment processor only means the scammer can accept cards — it does not vouch for who they are or what the money is for. Several of the actors flagged by the Washington Attorney General used legitimate payment platforms tied to for-profit LLCs.

I already tapped and got charged thousands. Can I get my money back? In most cases, yes — if you act fast. Call your card issuer's fraud line, dispute the charge as unauthorized, and ask for a new card. Card networks (Visa, Mastercard, American Express) generally side with the cardholder when the merchant cannot produce a signed authorization for the larger amount. The dispute deadline is typically 60 days from the statement date, so don't wait.

Should I stop using tap-to-pay altogether? No. Tap-to-pay on a phone with biometric authentication is one of the more secure payment methods available — safer than swiping a card at most terminals. The lesson is narrower: don't tap when the screen is hidden, don't tap to a stranger's phone on the sidewalk, and keep loose contactless cards in an RFID sleeve.

---

The tap-to-pay donation scam works because it uses your generosity against you. The fix isn't to stop being generous — it's to slow down by two seconds. Read the screen. Verify the charity. Scammers depend on momentum; you only need to break it once.

Not sure about a request — a text, a link, a charity name? Paste it into our Scam Scanner before you act. Don't tap. Check first.