Digital wallets are revolutionizing payments. Platforms such as Apple Pay, Google Wallet, PayPal, Venmo make transactions quick and easy. Usage has grown massively, especially in Asia. Juniper Research predicts that by 2026, digital wallets will be used by 5.2 billion people worldwide – more than half the world’s population.
However, the speed and convenience of digital wallets also make them targets for cybercriminals and fraudsters. Accenture says digital payment fraud grew by 25% between 2020 and 2023. Unlike credit cards and other traditional payment methods, money lost in fraudulent transactions can be difficult or impossible to recover.
To protect your business and your customers, it’s vital to understand how digital wallet fraud occurs and what you can do to prevent it.
How digital wallets work
A digital wallet lets you link all your payment methods under a single account. You can store money, credit card numbers, and even cryptocurrency and make payments online or from your smartphone. It’s simple to use, and the funds are transferred right away.
When a user makes a payment, the details are encrypted and transformed into a digital token. This makes digital wallet transactions private and highly secure – unless the owner’s account credentials fall into the wrong hands.
The risks with digital wallets
The risks with digital wallets arise if cybercriminals gain access to a user’s digital wallet account. They can use the digital wallet to make fraudulent transactions or move or hide illegally obtained funds.
For businesses, digital wallet fraud can lead to:
-
Financial losses from fraudulent transactions and chargebacks.
-
Reputational damage and loss of customer trust.
-
Compliance issues and regulatory sanctions if sensitive customer data is compromised.
Digital wallet fraud often starts with social engineering attacks
The first step for cybercriminals is to obtain a user’s login credentials. They do this in various ways, such as:
-
Social engineering tactics, such as phishing or smishing messages, where cybercriminals impersonate a trustworthy send to trick users into handing over their credentials.
-
Fake merchant scams, where cybercriminals set up bogus online stores peddling non-existent goods, often at rock-bottom prices, to gather customers’ credentials and payment information.
-
Dark web marketplaces, where cybercriminals can buy and sell packages of stolen or compromised credentials easily and cheaply.
Malware and man-in-the-middle attacks
In addition to social engineering, cybercriminals also use technology to steal login credentials. For example:
-
Infostealers: One of today’s most alarming cyber security threats, infostealers are malware that silently raids your computer or device for files and data, including passwords saved in browsers. Your details can be for sale on the dark web before you know you’ve been hit.
-
Man-in-the-middle attacks: Cybercriminals intercept the user’s internet traffic to steal their data. Public Wi-Fi networks, such as those in cafes or hotels, are particularly hazardous.
-
Man-in-the-browser attacks: A type of man-in-the-middle attack that uses malware deployed on the user’s device to intercept and steal their data.
Poor password hygiene gives cybercriminals a way in
When they’ve obtained compromised passwords, cybercriminals run automated bots to try every possible variation of them. This is known as credential stuffing.
This demonstrates why it’s vital to change passwords regularly. However, a survey by LastPass found that 62% of people always or mostly use the same password, leaving themselves and their organizations vulnerable.
Types of digital wallet fraud
Cybercriminals take advantage of digital wallets to commit various types of fraud, including:
-
Credit card fraud: The fraudsters link a digital wallet to a stolen credit card, and the platform’s digital encryption helps them avoid detection.
-
Peer-to-peer (P2P) payment fraud: Like phishing, fraudsters send messages pretending to be people the victims trust, such as their friends, colleagues, or service providers. This time, the goal is to convince them to send money.
-
Identity theft: Fraudsters use stolen personally identifiable information (PII) to open fraudulent accounts and access corporate funds.
-
Overpayment scams: Fraudsters buy goods and send a check for more than they cost. The vendor agrees to refund the difference into a digital wallet. The fraudsters’ check bounces, and they keep the refund and the goods.
-
Fake merchant scams: Again, this involves a bogus online store. Buyers make instant digital payments, and the fraudsters vanish with the money.
-
Money laundering: The fraudsters trick or coerce the victims into letting them use their digital wallet to move or hide illegally obtained money.
How to protect your organization against digital wallet fraud
To shut out the cybercriminals and protect your organization:
-
Provide security awareness training for everyone in your organization so that they’re constantly alert to potential phishing attacks.
-
Ensure everyone practices good password hygiene by using strong, unique passwords and never sharing or reusing them.
-
Enable multi-factor authentication (MFA) on your systems to help prevent unauthorized access.
-
Use end-to-end encryption and never use public Wi-Fi networks to make purchases or share sensitive data.
-
Vet your suppliers carefully to avoid fake merchant scams.
-
Deploy endpoint security tools to protect against malware.
-
Use a real-time credential monitoring solution, such as Cybercheck. We constantly scan for compromised email addresses, passwords, physical addresses, identity profiles, financial data, and more. If cybercriminals are trading information about you or your organization, we alert you right away. That means you can change passwords and block access before attackers can strike.
