An FI’s guide to digital wallet payment security

Digital transformation Payments Security
Digital wallet payment apps like Google Pay, Apple Pay, PayPal and Venmo are fast becoming the preferred payment method for many consumers. In 2023, over 53% of Americans used digital wallets more frequently than other payment methods, with a growing number even ditching their traditional wallets for their digital counterpart.

While this modern payment option is fast and convenient for cardholders, it can expose them to digital payment fraud, specifically targeting new banking technologies like digital wallets.

To help financial institutions (FIs) protect their customers from digital wallet fraud, we examine what digital wallets are, the related fraud risks, and how FIs can secure this payment method.

What is a digital wallet?

Digital wallet apps are a form of contactless payment that enable customers to utilize their mobile phone, tablet or computer to make a payment, rather than their actual debit or credit card. Basically, consumers that use a digital wallet no longer need to carry their physical cards with them. With their digital wallet, they can easily pay a retailer or a friend, or speed up their online checkouts.

These apps continue to grow in popularity around the globe, with consumers favoring brands such as Google Pay, Cash App, PayPal, Apple Pay and Venmo.
According to Forbes, 47% of Americans say they spend more when using digital wallets.
While this payment option is rapidly becoming a staple for digital natives, research reveals that adoption rates among millennials and Generation Xers are also on the rise, likely due to the user experience being intuitive and familiar to most consumers.

How do digital wallet payments work?

Digital wallet apps are easy to use and enable consumers to pay a friend, family member or retailer immediately. Here’s how these digital payments work.

Firstly, the user enters their payment details, such as credit or debit card, into the app, where their information is securely stored for future use. Once the user has logged in to the app and verified their identity, possibly through a biometric scan or a PIN code, they select the payment method they want to use. For an in–person purchase, for example, the user holds their device close to the card reader, data is transmitted between the two devices, and routed to the payment processor and other entities in the payment process.

The technology behind digital wallet payments, in an in-person buying scenario, typically follows one of three approaches.
Access white paper

How can banking fraud occur with digital wallet technology?

Digital wallet payments are susceptible to fraud vectors like identity theft, account takeover fraud and social engineering attacks. Here are two potential scenarios that demonstrate how things could go wrong with this technology. Firstly, a fraudster steals or buys login credentials on the dark web for a person’s digital wallet and intercepts the one-time passcode that is used to authenticate through man-in-the-middle tactics. Now the fraudster has full access to make a purchase using the unsuspecting digital wallet-holder’s stored payment cards.

Alternatively, a hacker adds stolen cards to a digital wallet. And once a card is added to the wallet, authentication for individual transactions occurs between the device and the person who uploaded the card. This means the fraudster has no problem being authenticated as the rightful owner of the digital wallet and can use the stolen cards freely.

With the rise in digital wallet use and resultant fraud, issuers, merchants and cardholders are the ones paying the price. While some digital wallet fraud is out of their control, it’s vital that FIs control the factors they can by verifying that the person adding the payment card to the wallet is the legitimate owner of the card.

Protecting customers and FIs from digital payment fraud losses

Ensuring your FI’s cards are included in customers’ digital wallets is a step closer to the coveted top-of-wallet status. So, the last thing you want to do is make the authentication part of the process clunky.
To secure digital wallets at the point where new cards are added, FIs need a modern authentication solution that reliably and seamlessly verifies the identity of the customer. At Entersekt, we achieve this with user-friendly methods, such as:
  • Passwordless technology like biometrics
  • Frictionless possession factor options, such as Browser ID, or
  • A push notification
As fraud continues to evolve, FIs can get the upper hand with our Customer Authentication solutions that enable data-driven fraud prevention, are easy to integrate, customize and scale and provide a balanced and consistent customer experience.
Fraudsters are always looking for new gaps in technology to exploit. With digital wallet use increasing fast, the new technology becomes a prime target for the ingenuity of financial criminals. With strong, proven authentication in place, FIs can prevent damage to their bottom line, reputation and customers’ trust in their brand.

Explore your options

If you’d like to explore options for securing bank cards as customers add them to their digital wallets and reduce the chances of them becoming the next victims of fraud, download our white paper, ‘An FI’s guide to digital wallet fraud prevention.’
Access white paper