Digital wallets are one of the world’s fastest growing payment methods, accounting for around half of all ecommerce transaction value in 2022.
However, where businesses and consumers see a convenient and secure way to transact, fraudsters see a golden opportunity.
Even though digital wallets are protected by high level security measures like multi-factor authentication and tokenization, the massive value of funds being transmitted via this mobile payment method makes them an enticing prospect for criminals.
As an online merchant, the best way to protect yourself against fraud is to understand it. That way you can implement appropriate and effective preventative measures.
In this article, we explain the different types of digital wallet fraud and give you our top tips to stop it from happening.
Digital wallet fraud refers to any kind of criminal activity that seeks to exploit the vulnerabilities of mobile wallets in order to steal funds or data.
Digital wallet payments are protected by multi-factor authentication, tokenization, and encryption, making it almost impossible for fraudsters to intercept funds during a transaction.
However, it is still possible for a criminal to gain unauthorized access to someone’s account, which is why digital wallet fraud is often enabled through more traditional methods of cybercrime, like phishing or a malware attack.
Once the fraudster has access to the victim’s details they can use them to make fraudulent purchases and commit many other kinds of financial crime.
Below, we go into detail about some common methods of digital wallet fraud.
Fraudsters have many devious tactics at their disposal for digital wallet account takeover. For example, they could conduct a targeted attack, where they steal the login details of a specific person through phishing or malware.
Alternatively, they could cast a wider net by obtaining details exposed through data breaches or harvesting, and then use automation to commit fraud at scale. Often referred to as credential stuffing, this method of fraud assumes that usernames and passwords will be used across multiple services. While many attempts will return a negative result, the overwhelming volume of attacks is bound to turn up a success eventually. Once the thief is in possession of an account, they can use it freely until the associated card is canceled or blocked.
Unfortunately, when it comes to stolen card details, digital wallets can work against themselves. Tokenization, the very process that makes it almost impossible to steal information during a transaction, also makes it almost impossible to detect stolen cards. Even if a wallet is blocked, the thief can just transfer the card to a new digital wallet.
Another option that fraudsters have, instead of using the stolen details of existing accounts, is to set up brand new digital wallet accounts using a stolen identity. Personal details can be stolen directly or discovered through data breaches. However, criminals can also use information that’s freely available on public profiles to establish seemingly legitimate accounts.
These stolen identities can often be hard to spot unless the victim becomes aware that their details have been stolen or happens to discover activity or purchases made by someone posing as them.
Friendly fraud is one of the most frustrating types of digital wallet fraud for merchants. It occurs when a legitimate customer claims not to recognize a genuine transaction and makes a chargeback request to their bank.
This can, of course, happen with other payment methods, but what makes digital wallet friendly fraud so difficult is that, thanks to tokenization and encryption, the customer’s details are disguised. That means, when the merchant comes to challenge the customer’s claim, they often don’t have enough evidence to prove their case. This has major consequences: according to Ravelin, just 5% of digital wallet chargeback challenges are successful, compared to 56% for other payment methods.
A data breach is any incident where criminals gain unauthorized access to a system that contains sensitive data or credentials. They can then use this information to commit fraud themselves or sell it for a high price to other fraudster on the black market.
Posing as a relative or authority figure is another common technique that fraudsters use to manipulate consumers into giving away sensitive information. There are a number of ways they can do this, including:
The criminal pretends to be a customer support agent from the consumer’s digital wallet provider and asks them for their account details under the guise of solving an issue.
The criminal poses as a family member in desperate need of funds. Under pressure and keen to help out their loved one, the consumer inadvertently gives the fraudster access to their digital wallet or sends funds that then aren’t retrievable.
Someone claiming to represent the government can be hard to say no to for fear of legal repercussions. Criminals prey on this fear to force consumers to make digital wallet payments for a seemingly official reason.
If someone is selling goods on, for example, eBay or Facebook Marketplace, a fraudster could use stolen digital wallet credentials to make a purchase. If the transaction is reported as fraudulent, it will be reversed and the seller will lose both the money and the goods.
Fortunately, as a merchant, there are many measures you can implement to keep your business and your customers safe from digital wallet fraud.
Know Your Customer (KYC) is a process used to verify the identity of any customer you do business with. It requires you to collect and authenticate identity documents, proof of address, and biometric information. KYC is mandatory for any business that falls under the scope of Anti-Money Laundering regulations, but it’s also a great way to stop fraudsters before they can act.
Similarly, any kind of digital identity verification procedures you can implement are great for verifying legitimate customers and preventing criminals from gaining unauthorized access to, or using stolen, digital wallets.
If you want to stop suspicious activity, you need to understand what constitutes normal digital wallet behavior. You can do this through continual monitoring of actions and transactions. Anything that deviates from typical activity - e.g. a large number of identical transactions or a familiar customer suddenly making unusual purchases from a new location - should be routed for further authentication or else blocked.
Given the scale of digital wallet fraud, machine learning analysis needs to be part of your fraud defense strategy. Machine learning, which can analyze thousands of data points at once around the clock, allows you to vastly scale up your fraud prevention efforts to an extent that would not be possible using human agents.
Fraud detection software combines machine learning and customized rules (created by you) in order to prevent suspicious activity in line with your risk appetite, while increasing your acceptance of legitimate transactions. This is a great way to build trust with customers who are using their digital wallets legitimately without compromising on security.
Employing machine learning and automated software is essential, but it doesn’t mean your employees are off the hook - they still have a vital role to play in the fight against digital wallet fraud. Take the time to educate them about all the ways fraudsters can exploit digital wallets to commit crime so that they’re empowered to to take preventative action when necessary.
We’ve touched on encryption and tokenization, including how they both help and hinder digital wallet fraud prevention. Nevertheless, on balance, they certainly do more good than harm.
Point-to-point encryption protects cardholder data during digital wallet payments by disguising it while it’s in transit. The only way to read the data is to be in possession of the decryption key.
Encryption is even more effective when combined with tokenization, which replaces sensitive data with a meaningless sequence of characters. This ensures that, even if a criminal does gain access to a user’s digital wallet, there’s no exploitable information that they can use.
Checkout.com offers all the tools mentioned above as part of its full stack of payments solutions.
Through our integrated payments platform, you can implement advanced fraud detection and identity verification, and take advantage of encryption and tokenization to protect cardholder data during digital wallet payments.
We also give you access to a wealth of data and reports, making it easy to monitor and improve your fraud detection efforts.
Find out more and speak to a Checkout.com sales expert today.