We are now living in the age of the digital wallet.
Juniper Research estimates that half the world will be using digital wallets by 2024 and, indeed, there are many convincing reasons. Digital wallets are a convenient option for customers purchasing goods online or via their smartphones via contactless card readers.
By improving customer experience by streamlining the transaction process, digital wallets feel futuristic to shoppers. Instead of carrying cash or debit and credit cards, digital wallets open up a world of payment options via a digital account usually accessible via an app like Apple Pay or Google Pay on your smartphone or smartwatch.
Part of the dramatic rise in digital wallet usage could even be attributed to the sector’s links with the increasingly popular cryptocurrency market. For instance, wallets like Skrill position themselves as easy ways for newcomers to crypto and altcoins to acquire and store some.
However, one of the clearest disadvantages of this new shift in consumer behavior is how this makes customers and merchants more open to fraud during the transaction authentication process because it effectively makes all card transactions into card-not-present transactions.
This by no means is a call to do away with digital wallets – quite the opposite. However, we do need to spread awareness to merchants, wallet providers, as well as to consumers.
Online fraud is on the rise
Juniper Research also shows a concerning trend that online fraud losses have increased significantly for 55% of businesses in the past year, with stolen customer credentials bought and sold via the dark web. The Fintech Times also reported that London is now a “counterfeit ID hotspot for digital wallets.”
This rise is partly due to vulnerabilities in the authentication process of an e-transaction or, to be more precise, to inadequate fraud prevention.
Many e-shops, such as those on Shopify, do not receive a customer’s card number during a transaction; instead, they receive a token through which they cannot identify the card owner.
Cybercriminals can use this to their advantage. Even if their wallet is blocked by an online business, fraudsters can transfer hijacked card details to a different, unblocked wallet.
Account takeover fraud and how to spot it
So, how do cybercriminals steal digital account information in the first place? Research from the FBI shows that most digital breaches come about from phishing scams, but also include malware campaigns, misconfiguration and accidental exposure, per the FBI’s latest Internet Crime Report, where overall complaints rose 7% from 2020 to 2021.
Phishing can give fraudsters access to a victim’s digital wallet by duping customers into revealing sensitive information such as their login details. This is especially an issue for the many customers that have connected their traditional bank accounts or credit cards with their digital wallets and is in fact more common than going for the wallet directly. We even recently, in March 2022, saw a case of a scam prevention expert falling for a phishing scam themselves, which she then revealed on her website Lupinia Studios as a cautionary tale.
It also gives fraudsters a potential way to hijack traditional bank accounts through the digital wallet itself. For example, because PayPal allows you to link your bank account to your digital wallet, if someone gains access to the wallet, they can drain funds from a victim’s credit or any connected bank account.
Account takeover attacks (ATO) were already devastating for many consumers. But with digital wallets, the stakes have never been higher, because such accounts have direct access to more funds than ever. Depending on the setup and the service, an attack like this can even give criminals complete access to a customer’s real-life bank accounts, plus any funds and card details.
How digital wallet fraud can cost your business
For merchants in particular, the main issue with ATO is the amount of chargebacks this can cause. Consumers who fall victim will likely attempt chargebacks via their card issuer, with the merchant bearing the brunt of the burden – which cost in money, time and even in the merchant’s processing rates paid to banks and issuers.
Moreover, it is always worth staying vigilant of other schemes related to digital wallet fraud. Fraudsters can set up digital wallets with fake names or stolen credit cards, for instance. Friendly fraud is still common, too – where customers raise a dispute through their bank, falsely claiming that there was something wrong with the purchase and they want to reverse it, in a type of first-party chargeback fraud.
More often than not, the real reason behind a chargeback is that a criminal gained access to a victim’s payment card details, and the victim realizes and wants their money back. That is perfectly legitimate. However, this means the merchant will end up paying out of pocket for the cost of the lost merchandise, all processing and admin costs, as well as risk having bank fees raised, which happens for merchants who have high chargeback ratios. Digital wallet-linked chargebacks are notoriously hard to challenge as well.
This means that though stolen credentials and account takeovers target consumers, they are also extremely harmful to businesses. In order to prevent digital wallet fraud and account takeovers, as well as the great pain point of chargebacks, merchants need a real-time fraud monitoring solution in place, as explained in a SEON article on fraud detection. This can incorporate data enrichment; social media lookup; custom risk scoring, device fingerprinting and behavior analysis, for instance – all algorithms designed to assess the behavior and intentions of each shopper.
A small minority of chargeback requests are indeed made on baseless claims and constitute attempts at friendly fraud. However, they are always difficult to challenge and require exhaustive proof on the merchant’s side.
What you want to be doing instead is using fraud prevention strategies, including software and best practices to avoid getting scammed on life insurance from successfully using stolen digital wallet accounts and other stolen credentials in the first place.
Training your team in online fraud prevention and detection
Regardless of the size of your e-commerce store, there are ways you can detect and prevent digital wallet fraud. Consider training your employees in effective fraud prevention strategies, as they deal with customers and their transactions every day.
Your fraud prevention strategy works best when nobody on your team is complacent; a criminal’s methods may change daily. For example, businesses can contribute to the effort to prevent account takeover fraud by teaching their customers and employees how to spot phishing links in otherwise innocent-looking emails.
Digital wallets are an exciting, convenient new way to make online payments which helps do away with shopper churn. Indeed, Shopify says that 18% of people surveyed abandoned their shopping due to a long and complex checkout process. Because they streamline the transaction process, customers are less likely to leave items sitting in their shopping cart, and will instead complete the transaction.
However, despite this ease of use, digital wallets hide multiple risks. By making the transaction process more secure for both you and your customers, you can prevent losses to fraud and chargebacks.
About the Author. Gergo Varga has been fighting online fraud since 2009 at various companies – even co-founding his own anti-fraud startup. He’s the author of the Fraud Prevention Guide for Dummies – SEON Special edition. He currently works as the Senior Content Manager/Evangelist at SEON, using his industry knowledge to keep marketing sharp, communicating between the different departments to understand what’s happening on the frontlines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history.