Digital Wallet Fraud: What It Is & How to Prevent It

As digital wallets become increasingly crucial to our lives, fraudsters multiply their attacks.

But what is digital wallet fraud exactly and who does it affect? How do companies keep their digital wallets safe and how can merchants safeguard their business against digital wallet-enabled friendly fraud and chargebacks?

How Do Digital Wallets Work?

Digital wallets let you link all your payment methods under one account. This account can store credit card numbers but also funds or even cryptocurrencies. It’s accessible online, through your smartphone, or through a website.

To pay with a digital wallet, you must have an account, top up the wallet, or link it to a working credit or debit card number. You can also store discount codes and coupons, among others.

You’ll find the option to use your digital wallet at checkout when you pay online. Most POS (Point of Sale) terminals, now also support digital wallet payments.A key feature of digital wallets is that transaction data is encrypted and tokenized (turning sensitive data into a token – or non-sensitive digital equivalent). This improves privacy and security but also makes it harder for merchants to spot credit card fraud.

The Most Popular Digital Wallets

According to Statista, digital wallets account for nearly half of all online payments worldwide. But which company has taken the lion’s share of the mobile wallet market? 

Although only available in China, AliPay reigns supreme when it comes to digital wallet usage, with more than 1.3 billion recurring users. Following closely behind is another Chinese digital giant, WeChat Pay. 

Apple Pay, available on all iOS devices, is the most popular digital wallet offered by a Western company. Google Pay and Samsung Pay, both available in their respective ecosystems only, also make the top 10. 

PayPal, meanwhile, is the most popular e-wallet that’s not tied specifically to another company, followed closely by Paytm, the Indian digital payment and financial services company.

Digital Wallets for Cryptocurrency

Crypto wallets are specific kinds of digital wallets designed to buy, sell, exchange and store cryptocurrencies. Like standard digital wallets, you can sometimes use them to pay for goods or services using crypto. 

The key difference, however, is that crypto wallets only store your crypto keys, not your tokens. The keys are what allow you to access your tokens on the blockchain. There are three key types of crypto wallets:

• Paper wallets: These are essentially physical, written versions of your keys.
  
• Hardware wallets: Hardware wallets are USB drives or similar devices that store your keys and lock them with a passkey. You need to connect yours to a computer to access your keys and use your crypto.
  
• Online wallets: The keys are stored in an app, which is only accessible when connecting to the internet. These online crypto wallets blur the lines with digital wallets, often letting you store fiat or linking your bank accounts directly.
  
  And, just like digital wallets, they attract the attention of cybercriminals and fraudsters, who have very good reason to attempt to gain access to them.

Are Digital Wallets Safe?

When it comes to high risk payment methods, digital wallets are one of the most secure and safe for individuals. This is because payments are encrypted and tokenized, making it virtually impossible for attackers to steal your money during a transaction. 

However, the weakest link in that chain is your account’s login details. If someone manages to usurp your login information, they can access your digital wallet and drain it of funds. 

What Are the Risks of Digital Wallets?

In spite of being safer than other types of card payments, including card-not-present methods, digital wallets still carry risks, both for users and merchants who accept them.

Digital Wallet Account Takeover

The main risk of a digital wallet is that the account may fall into the wrong hands. This is called an account takeover, and it tends to happen for one of the following reasons:

• Targeted attack: A fraudster has set their eyes on an account and targeted the owner through spearphishing (targeted phishing) to get them to enter your account details on a fake website. Malware can also be deployed to log the account name and password.
  
• Credential harvesting and credential stuffing: Groups of fraudsters have obtained lists of login details from data breaches, and they use bots to try every variation possible systematically. Since password reuse is common, the breach doesn’t have to be linked directly to the specific digital wallet service to yield results. 

Note that opportunistic fraudsters may also strike if you accidentally leave your digital wallet account unlocked somewhere – for instance, on a lost device or a public or shared computer. 

Fraudsters Linking Stolen Cards to Their Wallets

Unfortunately, digital wallets make it a lot harder for merchants to flag transactions made with stolen credit cards. Because the transaction appears as a token instead of the credit card number, fraudsters can simply move their operations to a different account if they get blocked, or add a new stolen card to peruse.

In this way, the online wallet functions somewhat like a bank drop, where the fraudster is layering stolen funds to allow it to enter the financial system without any issues.

In fact, the lack of friction and security checks involved with adding a credit card payment to a digital wallet is quickly making them the top vehicle for transaction fraud online – up by 200% in Q1 2022 alone, according to statistics by Sift, as reported by The Fintech Times.

This is very much unlike paying with your card directly, where SCA calls for additional checks and verification.

Digital Wallet Friendly Fraud

Last but not least, digital wallets also add to the challenge of dealing with friendly fraud, often making its appearance as refund abuse or dishonest chargeback requests – all made by the legitimate cardholder. 

The reason why chargeback fraud enabled by digital wallets is such a big pain point is that merchants already struggle to prove they did nothing wrong with normal chargebacks, and the burden of proof is on them rather than the customer. Digital wallets add a layer of opacity, which gives merchants even fewer data points to work with during a dispute. 

As a result, a merchant approached for a chargeback for a payment made via digital wallet is even less likely to be able to prove they did everything by the book, highlighting the need for effective chargeback fraud prevention measures.

Digital Wallet Scams

Finally, fraudsters have also been known to impersonate banks and fintech companies to phish for information. In a famous example, a fraud expert was convinced to submit their information ostensibly to create a Capital One digital wallet, which turned out to be a fraudulent scheme. 

Similarly, you can imagine how fraudsters leverage the confusion of people who have never set up a digital wallet before or lost their login details. Because the technology is fairly new, bad actors have no trouble getting less tech-savvy users to share their login information.

How to Reduce Digital Wallet Fraud

Keeping a digital wallet is much like securing an online account: avoid reusing passwords, enable multi-factor authentication or biometric verification and stay vigilant.

For online merchants and fintechs, though, the real challenge is reducing payment risk without frustrating customers. The solution is gaining context around customer actions: the more you learn, the easier it becomes to separate fraudsters from genuine customers without adding unnecessary friction.

• Monitor signups: Sophisticated fraudsters will attempt to look like regular customers. But even then, signs of fraud (VPN usage, emulators, virtual machines or disposable emails) can be detected from the first interaction.
• Strengthen identity verification: Most wallets already authenticate users, but adding dynamic ID checks at key moments can help confirm legitimacy. This ensures fraudsters don’t slip through just because they passed the login stage. While digital wallets already authenticate their users, you can also add a layer of ID verification and digital footprint analysis to ensure you’re dealing with legitimate customers.
• Connect the dots with device intelligence: Fraudsters can rotate emails, cards and IPs with ease, but their devices still leave fingerprints. With device intelligence, you can recognize the device from its fingerprint to connect related accounts and transactions.
• Leverage AI and machine learning: Fraudsters constantly evolve, using fake accounts, stolen credentials and bots that static rules can’t catch. By analyzing thousands of signals in real time, AI and machine learning models spot patterns and connections humans might miss. 

How SEON Can Tackle Digital Wallet Fraud

Digital wallets are an obvious target for fraudsters, who hide behind disposable emails, burner phones and masked IPs. SEON makes those disguises harder to pull off.

Starting from a single data point, such as an email address, phone number or IP, SEON’s platform uncovers hundreds of digital signals across social networks, marketplaces and domain data — giving wallet providers the context to tell fake accounts from real customers before money moves.

Fraudsters may cycle through identities, but they can’t hide their devices and setups. SEON detects emulators, virtual machines and spoofed environments in real time, flagging suspicious accounts before they can cause harm.

The result is a risk score tailored to each user and transaction, powered by AI and machine learning models to enhance decision-making. Teams get both speed and clarity: the ability to block fraud at scale while letting genuine customers move through the flow without friction.

FAQ

Sources

• Business of Apps: Mobile Payments App Revenue and Usage Statistics (2022)
• The Fintech Times: Digital Wallet Payment Fraud up by 200% In Q1 2022 Finds Sift
• LinkedIn: How a Fraud Expert Fell For a Fraud Scam