Dark web hackers boast of Tesco Bank thefts - BBC News
The Sunday Times says the attack was carried out by thieves using mobile phones that used stolen Tesco Bank data to set up contactless payment accounts.
It says fraudulent purchases of thousands of low-priced goods were made at Best Buy electronics stores in the US as well as other American and Brazilian retailers.
The paper does not credit a source for this information.
However, it might tie in to an alert from Europol two months ago that criminals had begun using Android phones to trigger fraudulent tap-and-go payments.
"The possibility of compromising NFC [near field communication] transactions was explored by academia years ago, and it appears that fraudsters have finally made progress in the area," the organisation's Internet Organised Crime Threat Assessment said.
"Several vendors in the dark net offer software that uploads compromised card data on to Android phones in order to make payments at any stores accepting NFC payments."
A spokesman for Tesco Bank said that "none of our systems were breached" and no personal data had been lost, but would not comment further.
Europol warns of Android tap-and-go thefts