In the bustling streets of Sorrento, Italy, a seemingly innocuous arrest last month revealed a disturbing trend: thieves are reviving portable point-of-sale (POS) thefts to exploit the convenience of contactless payments. Authorities detained an individual for attempting to steal €100 from a bar's cash register using a modified SumUp Solo device—a standalone, smartphone-free terminal popular in markets for its affordability. This incident, reported by Ansa news agency, isn't isolated; similar arrests occurred in Rome and at highway rest stops last year, signaling a tech-savvy crime wave that preys on the very NFC systems designed to streamline transactions.

Article illustration 1

How Portable POS Scams Work: A Technical Breakdown

At the core of these thefts lies near-field communication (NFC) technology, which enables contactless payments by allowing data exchange between cards and terminals within a 0.5 to 4 cm range. Thieves deploy two primary methods:

  1. Wallet Theft and Delayed Draining: Criminals steal a wallet and later execute multiple small transactions (typically under €25) using the victim's contactless card, avoiding PIN requirements. These micro-payments often go unnoticed until the card's limit is reached, after which the wallet is discarded.

  2. Crowded-Space 'Trawling': In high-density areas like public transport or queues, thieves conceal a modified POS device—such as the SumUp Solo—and discreetly place it near victims' pockets or bags. They initiate a payment request, hoping the terminal's NFC signal connects with a card. However, this method faces significant hurdles: transactions take about 30 seconds to confirm, requiring repeat attempts; the terminal must be extremely close to the card; and interference from multiple cards (e.g., in a wallet) often disrupts the signal. Despite these challenges, the risk isn't zero—opportunistic thieves capitalize on moments of distraction.

Why This Threat Matters for Tech and Security Professionals

For developers and cybersecurity experts, this scam underscores broader vulnerabilities in payment ecosystems. The ease of modifying off-the-shelf POS devices highlights supply chain risks, where affordable hardware can be weaponized with minimal technical skill. As contactless adoption soars—projected to handle over $10 trillion in transactions globally by 2027—the incident in Sorrento serves as a stark reminder that convenience can invite exploitation. Financial institutions and fintech innovators must prioritize real-time fraud detection and hardware tamper-proofing to stay ahead.

Practical Defenses for Consumers and Developers

Protecting against these scams involves layered security measures:
- RFID-Blocking Wallets: These create a Faraday cage effect, blocking NFC signals from unauthorized terminals. For developers, integrating similar shielding in wearable tech could enhance user safety.
- Transaction Alerts: Enable notifications for all payments via bank apps, no matter how small. Fraudsters rely on overlooked micro-transactions, but instant alerts allow quick disputes.
- Smartphone Safeguards: Modern phones with NFC for payments (e.g., Apple Pay or Google Wallet) require device unlocking for transactions, adding a critical authentication step. Encourage users to favor phone-based payments over physical cards.

If targeted, victims should immediately contact their bank to trace the fraudulent device—though thieves may switch terminals, transaction logs provide forensic clues. Ultimately, as digital payments evolve, this blend of low-tech cunning and high-tech exploitation demands vigilance from both end-users and the tech community building these systems.

This story originally appeared on WIRED Italy and has been translated from Italian.