Digital Wallet Fraud: Protect Your Business From Evolving Risks

Digital wallets are becoming increasingly more popular among consumers worldwide. And while they’re great for business — giving consumers more opportunities for convenient ways to pay for goods and services — they come with new risks.

As a merchant, you need to be aware of potential threats so you can adopt new payment trends without negatively impacting your business.

How Do Digital Wallets Work?

A digital wallet is an app that allows consumers to store payment information and make purchases. Consumers can add credit cards, debit cards, bank information, cryptocurrency, and other payment types to digital wallets.

Digital wallets make payments more convenient for both merchants and consumers. They also allow consumers to make purchases at an online store that doesn’t accept their international payment cards.

Additionally, digital wallets:

• Eliminate the need for consumers to carry physical cards at brick-and-mortar stores
• Reduces the need for consumers to enter all their payment information into forms
• Makes it easy to transfer money between accounts

Examples of digital wallets used worldwide:

Keep in mind that if you allow customers to store payment information on a mobile app for your business, then you also have a digital wallet. And it’s just as susceptible to fraud as other wallets.

What is Digital Wallet Fraud?

Digital wallet fraud happens when a fraudster makes an unauthorized transaction using someone else’s digital wallet. Usually, that involves hacking into someone’s account and using funds or adding stolen cards to a digital wallet that the fraudster owns.

Digital Wallet Fraud Threats

All payment types come with risks. Digital wallets are no exception. However, it can be more difficult to pinpoint fraud tied to a digital wallet. Know these top fraud threats so that you can be better prepared to fight.

Account takeover fraud

Digital wallet payments are typically safer than regular card payments because there is usually a built-in layer of security to block unauthorized access to the wallet, like a password or two-step authentication process. However, consumers often use weak, easy-to-guess passwords across all their digital accounts and devices. The same is true for digital wallets. And that puts the consumer’s money at risk.

Fraudsters can easily hack into digital wallets using a list of credentials obtained from a data breach or the dark web. This type of attack is known as an account takeover (ATO) attack. Once fraudsters get access to a digital wallet, they can make purchases, steal payment information, change account credentials, or sell the login information online.

This attack can be risky for you without the right protections in place. For example, without technology it can be very difficult to verify if the person making a purchase with a digital wallet is the true owner of that account.

Payment fraud

Fraudsters can easily commit payment fraud — making unauthorized purchases — by adding stolen debit and credit cards to a digital wallet. And if a fraudster makes a purchase from your business with a digital wallet that contains stolen cards, you will likely get a chargeback.

Friendly fraud

Friendly fraud occurs when customers misuse the dispute process by making false claims of fraud, resulting in a chargeback for the merchant. For example, customers might claim fraud for:

• purchases they forgot they made
• unknown charges made by a spouse or child
• items they regret buying

Digital wallet users have the option to file disputes not only with their bank but also with the digital wallet provider. And unfortunately, it’s very difficult to fight these claims. Digital wallets create a layer of opacity, giving you fewer data points to use as evidence to challenge false claims.

How Digital Wallets Impact Fraud Management

Understanding fraud threats is important, but it's only part of the challenge. You also need to understand how to solve them — and that can be challenging. Digital wallets have unique characteristics that present new challenges traditional card payments don’t have. Understanding these variables will help you manage the related risk.

Let’s take a closer look at each.

1. Not all wallets have built-in fraud detection features.

All payment apps have some security features. For example, users typically have to create an account, input their information, and create a password. Each time they log in, they may have to input the password or the app will use step-up authentication to verify the user.

Some digital wallets, such as Apple Pay, Google Pay, and Samsung Pay, have additional protocols to prevent fraudsters from adding stolen cards. However, this isn’t standard for all digital wallets. Smaller providers may not have the security measures to stop fraudsters from using their platforms for fraud.

What adjustments should you make to fraud management strategies?

Do your own research. Understand what security features each wallet provider uses. Don’t just assume a digital wallet is safe because other businesses accept them. Not all wallets will be a good fit for your business, so choose the ones that work with you, not against you.

You can also consider setting stricter controls on purchases made with a digital wallet compared to regular credit and debit card transactions. For example, you could require customers to create an account if they want to pay with a digital wallet.

If you decide to build your own digital wallet for customers, make sure you embed fraud detection into the app development.

2. Wallets tokenize payment information.

When a purchase is made, there are two ways to pass and store information between platforms.

1. The platform can send all or part of a payment card account number.
2. The platform can encrypt the information and send a unique token instead of the actual card number.

The norm is to work with actual payment card information. However, most wallets deal with tokens.

In some ways, tokens are safer. Hackers can’t intercept the information in transit or while at rest. However, tokens introduce new challenges for you.

If a shopper pays via a payment card, the primary account number (PAN) is usually consistent across multiple transactions. So you can use it as part of your risk management strategy.

For example, if the card number stays the same but the shipping address changes, it could be a fraudster rerouting shipments. Or if a cardholder commits refund fraud, you can block the card number from doing business with you again.

But with tokenization, the information changes with each transaction. It’s more difficult to connect a transaction to an individual customer.

What adjustments should you make to management strategies?

Because you can’t depend on payment card information to monitor fraud trends over time, you need to be able to analyze other data elements — like device ID, IP address, and billing and shipping information.

Again, make sure you understand the security features of each wallet. Some are safer to use than others — such as apps with built-in fraud protection.

Multiple layers of prevention provide the best overall protection. Accept apps with built-in protection, but implement your own fraud management technology as well.

Consider screening every order for fraud, even from repeat customers. Then follow up your fraud screening with manual reviews of suspicious orders so you don’t accidentally block a legitimate transaction that initially looks like fraud.

For example, if a repeat customer makes a purchase and changes the shipping address, it may look like a fraudster has hacked into their account and made a purchase. However, the customer could also be purchasing a gift and sending it to the receiver.

3. Fighting chargebacks tied to digital wallets is extremely difficult.

There are several reasons why it’s hard to manage disputes from digital wallet purchases.

• Each platform has its own rules - The dispute process may differ between wallets. And within each wallet, there may be different stored payment types — which means different dispute channels. Keeping track of the differences can be an administrative nightmare. For example, take PayPal. If a customer adds a credit card to their PayPal account, disputes go through the chargeback process. If the customer uses their bank information, disputes go through PayPal’s dispute process.
• Tokenization removes needed information - If payment information is tokenized, you won’t be able to fight as many chargebacks. For example, under Visa CE 3.0, in order to fight a false fraud claim, you must provide evidence that previously undisputed transactions were processed with the same PAN. But if there is no PAN, you don’t qualify for protection.
• Data is limited - Data availability might be limited. And some wallets don’t run verification protocols — such as AVS checks — when users add new cards to the wallet. Without this data, you won’t have that evidence needed to fight friendly fraud.

What adjustments should you make to management strategies?

Since opportunities to fight wallet disputes are limited, you need to put your effort into prevention. And to balance out any losses from wallets, you need to be extra diligent about fighting traditional chargebacks from payment cards.

Consider chargeback prevention tips

1. Communicate clearly with customers - Communication goes a long way to help avoid chargebacks. Make sure you respond quickly to customer inquiries. Poor response times can leave a negative impression and more likely cause a customer to file a dispute rather than work with you to resolve a problem. Secondly, provide clear billing descriptors so that customers can easily recognize purchases. A lot of disputes happen because billing descriptors are vague, leaving out important information such as the name of the company. Lastly, make sure your product descriptions give customers a clear picture of the items you’re selling. For example, if you sell clothing, include photos of models using or wearing merchandise as well as videos demonstrating how the items work or look on real people. Include a copy of your return and refund policies so that customers know exactly what to expect from you if an item doesn’t work out.
2. Keep up-to-date on rules and policies - Card brands (Mastercard^®, Visa^®, etc.) and digital wallet providers change their merchant protection rules and policies occasionally. Set a reminder for yourself to check for updates and carefully read through any policy changes to make sure you’re following the rules. If you’re ever unsure about a rule change, reach out to an expert for help. You don’t want to jeopardize your business and potentially lose the ability to sell.
3. Use prevention solutions - Implement tools like prevention alerts and RDR if you are worried about breaching thresholds.

Fight chargebacks from traditional payment cards

Once you’ve done all you can to prevent chargebacks, focus on fighting traditional chargebacks. Chargeback management solutions — like Kount — can help you win as many disputes as possible.

How to Decide if Digital Wallets are Right For Your Business

Digital wallets are here to stay. And according to Forbes, 51% percent of people say they would stop shopping with a merchant that doesn’t accept payments from digital wallets. However, before you adopt this payment type, consider how it will impact you and your customers.

Evaluate your target market. Who are you selling to? Wallets are becoming more commonplace in certain parts of the world. If you want to do business with those customers, you need to meet their expectations

Examine your internal resources. What are the capabilities of your fraud team? Can they take on extra responsibilities — such as learning new platforms, monitoring risk from multiple sources, detecting threats, adjusting policies of the fraud tech, etc. — on top of traditional payment responsibilities?

Weigh the pros and cons. What’s the ROI of adopting this new payment method? Will earning potential outweigh potential losses and costs? Also look at your current chargeback situation. If you’re struggling to keep chargebacks under control now, it may get more difficult if you add digital wallets.