By Lola Omo-Ikerodah, Senior Writer, Ravelin Technology
Digital wallet use is on the up. For merchants, they offer an easy way to meet customer expectations and provide a frictionless shopping experience. But fraud is never far behind. Learn how fraud actors try to use digital wallets to their advantage.
Over half of global e-commerce transactions will use digital and mobile wallets by 2023. So, to say that digital wallets have taken off over the last few years is an understatement. There are almost a billion daily active users and this number is expected to increase to more than 1.3 billion in the next three years. In fact, only one-third of connected consumers say they’ve never used a digital wallet.
That said, digital wallets aren’t new at all. PayPal has been around for over two decades. Since then, Google Pay, Apple Pay and Samsung Pay have become household names.
Enabling digital wallet payments is an easy choice for merchants looking to make online shopping easier and more rewarding. But let’s not forget, new payment options mean new avenues for fraudsters.
Convenience boosts conversion
Greg Lisiewski, vice president of Global Pay Later Products at PayPal, points out that “now more than ever, consumers want to be in control of how they pay, and they have a desire for friction-free, seamless digital shopping experiences.”
Most digital wallets can connect with traditional bank accounts, so users don't need to enter payment details or create an account to shop. Concern about handing over payment information can lead to cart abandonment. Allowing customers to pay with digital wallets gets rid of this extra step.
Digital wallets often support two-factor authentication (2FA) and strong customer authentication (SCA) requirements. Removing this extra layer of 3D Secure makes for a more frictionless experience. This creates a more seamless shopping experience and leads to higher conversion.
Today’s consumers value convenience above all. With digital wallets, your customers aren’t rummaging around looking for cards. What’s more, they’re incentivized to come back. Win-win.
Digital wallet pain points
Digital wallets offer a lot of promise for transforming customer experience and increasing conversion. But they also present new opportunities for fraudsters.
Difficulty identifying stolen cards
Nearly a quarter of merchants say that Google Pay and Apple Pay are top vehicles for fraudsters using stolen credit card details.
When a customer makes a payment, the merchant receives a token instead of the payment card number. This makes it impossible to identify the card used. Even if you block the offending wallet, fraudsters can move the stolen card to a new wallet. This digital wallet scam is one of the most commonly used right now.
This isn’t helped by the fact that cards are often not fully authenticated when added to a wallet. We conducted a series of independent checks adding new cards to Apple Pay and Google Pay wallets. We found that only a few banks will verify new cards individually.
The U.K. leads the way in Europe for digital payments, making it an exciting new playground for fraudsters. Fourthline identifies Greater London as the counterfeit ID hotspot for digital wallet opening attempts in the U.K.
Trouble fighting friendly fraud
There has been a marked increase in friendly fraud (customers making purchases then raising a dispute with their bank themselves, claiming it was fraud) during the pandemic. And many merchants are discovering that traditional methods for managing disputes just aren’t as helpful when dealing with digital wallets.
Our Online Payment Fraud report found that chargeback challenges on digital wallets are less likely to be successful. Merchants were successful 56 percent of the time with traditional payment methods. This number plummets to five percent with digital wallets.
This is because the customer payment information is obscured, so merchants don’t have the evidence they need. Asking customers for less information might make their experience more frictionless but it can work against you when it comes to fraudy actors.
Account Takeover on digital wallets
Like traditional payment methods, digital wallets are vulnerable to account takeover. Last year saw a record-breaking number of data breaches and the highest percentage of bad bot traffic in years. Most of this data is swiped through phishing attacks, credential stuffing, data breaches and card skimmers.
Stolen credentials can be used to identify other accounts with the same logins. Of course, this includes digital wallets.
To put this issue into perspective, PayPal credentials are now worth more on the dark web than credit card credentials. Their value has skyrocketed by a massive 194 percent. Criminals who specialize in PayPal accounts steal their usernames and passwords, which they typically get through phishing or malware campaigns.
How can you manage digital wallet risk?
Ideally, you’d be able to identify the individual cards in the wallet and ensure that a customer is who they say they are. Unfortunately, outside of your own platform, you have no control over how a wallet is verified. But there are a few options you could consider:
- Adding stronger authentication on top of the wallet authentication
- Working with your payment service provider to introduce card fingerprinting
- Conducting more in-depth customer behavioral analysis
- Using machine learning to predict fraud patterns in a digital wallet transaction
Reach out to our team for more information on how you can identify and tackle digital wallet fraud.