As digital wallets become increasingly crucial to our lives, fraudsters multiply their attacks.
But what is digital wallet fraud exactly and who does it affect? How do companies keep their digital wallets safe and how can merchants safeguard their business against digital wallet-enabled friendly fraud and chargebacks?
How Do Digital Wallets Work?
Digital wallets let you link all your payment methods under one account. This account can store credit card numbers but also funds or even cryptocurrencies. It’s accessible online, through your smartphone, or through a website.
To pay with a digital wallet, you must have an account, top up the wallet, or link it to a working credit or debit card number. You can also store discount codes and coupons, among others.
You’ll find the option to use your digital wallet at checkout when you pay online. Most POS (Point of Sale) terminals, now also support digital wallet payments.
A key feature of digital wallets is that transaction data is encrypted and tokenized (turning sensitive data into a token – or non-sensitive digital equivalent). This improves privacy and security but also makes it harder for merchants to spot credit card fraud.
The Most Popular Digital Wallets
According to Statista, digital wallets account for nearly half of all online payments worldwide. But which company has taken the lion’s share of the mobile wallet market?
Although only available in China, AliPay reigns supreme when it comes to digital wallet usage, with more than 1.3 billion recurring users. Following closely behind is another Chinese digital giant, WeChat Pay.
Apple Pay, available on all iOS devices, is the most popular digital wallet offered by a Western company. Google Pay and Samsung Pay, both available in their respective ecosystems only, also make the top 10.
PayPal, meanwhile, is the most popular e-wallet that’s not tied specifically to another company, followed closely by Paytm, the Indian digital payment and financial services company.
Partner with SEON to reduce fraud rates in your business with real time data enrichment, machine learning, and advanced APIs.
Ask an Expert
Digital Wallets for Cryptocurrency
Crypto wallets are specific kinds of digital wallets designed to buy, sell, exchange and store cryptocurrencies. Like standard digital wallets, you can sometimes use them to pay for goods or services using crypto.
The key difference, however, is that crypto wallets only store your crypto keys, not your tokens. The keys are what allow you to access your tokens on the blockchain. There are three key types of crypto wallets:
- Paper wallets: These are essentially physical, written versions of your keys.
- Hardware wallets: Hardware wallets are USB drives or similar devices that store your keys and lock them with a passkey. You need to connect yours to a computer to access your keys and use your crypto.
- Online wallets: The keys are stored in an app, which is only accessible when connecting to the internet. These online crypto wallets blur the lines with digital wallets, often letting you store fiat or linking your bank accounts directly.
And, just like digital wallets, they attract the attention of cybercriminals and fraudsters, who have very good reason to attempt to gain access to them.
Are Digital Wallets Safe?
When it comes to high risk payment methods, digital wallets are one of the most secure and safe for individuals. This is because payments are encrypted and tokenized, making it virtually impossible for attackers to steal your money during a transaction.
However, the weakest link in that chain is your account’s login details. If someone manages to usurp your login information, they can access your digital wallet and drain it of funds.
What Are the Risks of Digital Wallets?
In spite of being safer than other types of card payments, including card-not-present methods, digital wallets still carry risks, both for users and merchants who accept them.
Digital Wallet Account Takeover
The main risk of a digital wallet is that the account may fall into the wrong hands. This is called an account takeover, and it tends to happen for one of the following reasons:
- Targeted attack: A fraudster has set their eyes on an account and targeted the owner through spearphishing (targeted phishing) to get them to enter your account details on a fake website. Malware can also be deployed to log the account name and password.
- Credential harvesting and credential stuffing: Groups of fraudsters have obtained lists of login details from data breaches, and they use bots to try every variation possible systematically. Since password reuse is common, the breach doesn’t have to be linked directly to the specific digital wallet service to yield results.
Note that opportunistic fraudsters may also strike if you accidentally leave your digital wallet account unlocked somewhere – for instance, on a lost device or a public or shared computer.
Fraudsters Linking Stolen Cards to Their Wallets
Unfortunately, digital wallets make it a lot harder for merchants to flag transactions made with stolen credit cards. Because the transaction appears as a token instead of the credit card number, fraudsters can simply move their operations to a different account if they get blocked, or add a new stolen card to peruse.
In this way, the online wallet functions somewhat like a bank drop, where the fraudster is layering stolen funds to allow it to enter the financial system without any issues.
In fact, the lack of friction and security checks involved with adding a credit card payment to a digital wallet is quickly making them the top vehicle for transaction fraud online – up by 200% in Q1 2022 alone, according to statistics by Sift, as reported by The Fintech Times.
This is very much unlike paying with your card directly, where SCA calls for additional checks and verification.
Digital Wallet Friendly Fraud
Last but not least, digital wallets also add to the challenge of dealing with friendly fraud, often making its appearance as refund abuse or dishonest chargeback requests – all made by the legitimate cardholder.
The reason why chargeback fraud enabled by digital wallets is such a big pain point is that merchants already struggle to prove they did nothing wrong with normal chargebacks, and the burden of proof is on them rather than the customer. Digital wallets add a layer of opacity, which gives merchants even fewer data points to work with during a dispute.
As a result, a merchant approached for chargeback for a payment made via digital wallet is even less likely to be able to prove they did everything by the book, and thus should not return the money.
Digital Wallet Scams
Finally, fraudsters have also been known to impersonate banks and fintech companies to phish for information. In a famous example, a fraud expert was convinced to submit their information ostensibly to create a Capital One digital wallet, which turned out to be a fraudulent scheme.
Similarly, you can imagine how fraudsters leverage the confusion of people who have never set up a digital wallet before or lost their login details. Because the technology is fairly new, bad actors have no trouble getting less tech-savvy users to share their login information.
How to Reduce Digital Wallet Fraud
For users, securing digital wallets follows the same rules as securing an online account: not reusing passwords, deploying 2FA or MFA, and biometric verification.
But if you’re a merchant attempting to mitigate online payment risk, or even a digital wallet fintech looking to keep your operations and customers safer, the key is always to gather as much data as possible about each user and user session to inform your choices – without asking your customers for too much information.
Here are your options:
- Verify identities as much as possible: While digital wallets already authenticate their users, you can also add a layer of ID verification to ensure you’re dealing with legitimate customers.
- Monitor the signup stage: Sophisticated fraudsters will attempt to look like normal customers. But even then, as soon as they arrive on your site or app and try to create a new account, you may be able to flag suspicious data, such as the use of VPNs, emulators and virtual machines.
- Analyze customer behavior: Understanding how people act on your platform is the best way to flag suspicious behavior immediately. In the world of fraud prevention, this is done by deploying velocity rules, which measure and score user actions over a set period of time.
- Enrich and leverage alternative data: You may be tempted to only look at card information and maybe an IP address to separate users into low, medium and high-risk categories. But did you know that you can also learn a ton of information about users based on email profiling or a reverse phone lookup? The results can make all the difference in knowing which customers are legitimate and which aren’t.
- Deploy device fingerprinting: Learning what exact kind of device your customers connect and pay with may be the closest thing to a confirmed ID – especially if you’re dealing with digital wallets. This is often done through device hashes, which can help catch repeat offenders too.
- Leverage machine learning analysis: If you manage to gather all the user data mentioned above, you’ll be in a better position to learn who are legitimate digital wallet users and who are fraudsters. However, poring over massive amounts of data is a job often best left to AI, specifically machine learning analysis.
SEON’s industry-agnostic, fully customizable fraud prevention APIs work around your company’s needs, be they preventing account takeover attacks or mitigating chargebacks. Want to see how?
Ask an Expert
How SEON Can Tackle Digital Wallet Fraud
When it comes to digital wallet fraud, SEON’s technology works on multiple fronts:
- Securing the login stage: You can use our fraud detection services and risk scoring to detect suspicious logins. If an account is compromised, it’s likely to show unusual activity such as a new IP address, new device, or use or virtual machines.
- Extracting more data to prevent chargebacks: Arm yourself with all the information you may need to identify friendly fraud or downright fraud thanks to data enrichment software, which gathers and collates unique customer intelligence from 50+ sources. You can learn a lot more about the person who actually made the payment just from the email address or phone number they’ve given you – even if they don’t want you to know.
The key is to gather as much data as possible to identify red flags.
From Tor usage to virtual machines and harmful IPs, SEON finds hundreds of real-time, accurate data points to give you a complete picture of who you are dealing with. Ready to learn how our technology helped companies reduce chargeback fees by up to 95%? Get in touch below.
FAQ
Mobile wallet fraud happens when fraudsters take over your digital wallet account. Another scenario is that fraudsters use mobile wallets to pay with stolen credit card numbers, which is hard to detect for online merchants.
All digital wallets tend to be secure thanks to their encryption and tokenization technology. The weakest link would be the login stage, which should be protected by 2FA, MFA or biometrics.
Sources
- Business of Apps: Mobile Payments App Revenue and Usage Statistics (2022)
- The Fintech Times: Digital Wallet Payment Fraud up by 200% In Q1 2022 Finds Sift
- LinkedIn: How a Fraud Expert Fell For a Fraud Scam