Digital wallet fraud is increasing at an alarming rate, alarming both financial institutions and consumer users of digital wallets. This new con game begins with advanced phishing schemes. Scammers fool victims into sharing sensitive personal and banking information by sending fake text messages luring them with great deals or payments. Digital wallets, for example, are surging in popularity. Sadly, scam artists are taking advantage of this innovation by loading victims’ payment cards onto devices such as mobile phones, in turn obtaining illicit access to their monetary accounts.
Nationwide and other banks have been sounding the alarm on this concerning trend. They emphasize the importance of being cautious of one-time passcodes sent via SMS or app push notifications. Just as customers wouldn’t share their PINs with anyone, customers should treat these codes with the same high level of security. Only last year, Santander announced that digital wallet fraud was the second biggest source of card scam losses. HSBC observed a shocking increase in fraudulent actions during the past year and a half. This increase led the bank to begin a more thorough inquiry into the playbooks deployed by fraudsters.
Understanding the Phishing Tactics Used
Phishing is usually the first step in this fraudulent scheme. These victims get emails, texts, or other messages that seem completely normal, promoting discounts on winter fuel allowances or something else relatively innocuous. The latter treacherous messages deceive people into sharing private data. Once fraudsters are in, they can easily register the victims’ payment cards within seconds. They might use digital wallets such as Apple Pay or Google Pay to accomplish it.
The swindle functions with remarkable sophistication. Victims now get real-time alerts from their bank when a new card is added without their consent to their device. This creates a dangerous illusion of safety that over time compromises clear communication and breeds mistrust, panic, and distrust. Often, in these schemes, criminals will then call victims pretending to be from the victim’s bank. They frequently hit days or even weeks after the victim’s last engagement. This tactic makes it more likely that the person being targeted will be unprepared.
“Victims often describe feeling panicked and pressured during the call, being told their account is under attack, or that their money is at risk. In that heightened emotional state, approving a notification feels like the responsible thing to do. The victim believes they’re protecting their account, when, in reality, they’re handing over the keys.” – Danai Antoniou
How Banks Are Responding
In response to the growing threat of digital wallet fraud, banks like Nationwide and Santander are proactively addressing customer concerns. As a core security practice, they frequently advise their clients never to share their personal information, such as one-time passcodes. This warning is similar to their recommendation on protecting your PINs.
HSBC has been a vocal proponent of this, warning that customers should “be on their guard”. Configure bank alerts within your mobile applications to keep updated. Make a habit of monitoring your transactional history, so you can identify any unauthorized or unusual transactions.
“We are regularly reminding customers not to give out their details, such as one-time passcodes, and to treat them as carefully as you would your pin,” – HSBC
Gradient Labs is an enterprise-grade financial services AI company focused on permanent fraud prevention. Beyond that, they have released great educational content about how these scams work. They point out that otherwise legitimate notifications sent to victims themselves can add to the perplexity associated with these scams.
“The notification the customer receives is entirely legitimate, as it’s the genuine notification your bank sends when a new Apple Pay or Google Pay card is being added to a device,” – Danai Antoniou
Consumer Tips for Protection
As digital wallet crime goes through an accelerated maturation process, everyday consumers need to implement the proper steps in order to stay safe. Security experts warn that everyone should not share personal or banking information over text messages or social media channels, such as direct messaging on Twitter or Facebook. Additionally, they warn Americans not to believe cold calls from people saying they are calling from the bank.
Sounding the alarm on trust Danai Antoniou of Gradient Labs encourages you not to trust that she’s the one calling from your bank. Remember — whomever you call, always confirm the call before doing anything! Rather than provide this information over the phone, they should hang up and call their bank directly.
“Never trust anyone who calls you from your bank unless you arranged that phone call in advance. If somebody calls, tell them you will call the bank back yourself,” – Danai Antoniou
Further, consumers are advised to create alerts within their banking applications and frequently review their transaction history. Such practices can make sure that unusual activity is caught at the earliest possible stage and no additional loss is incurred.
“Set up bank alerts in your app, and check your transactions regularly so you know about any suspicious transactions as soon as possible.” – UK Finance