How to Protect eWallets from Fraud
Over the past decade or so, we've gotten accustomed to entrusting more of our lives to the confines of our smartphones. These little devices serve as communication hubs, entertainment centers, document libraries, and even the key to our finances. Digital wallets, or ewallets, have recently taken off as a popular payment method for consumers.
Tech giants like Apple and Samsung have put serious resources into making these payment platforms as secure as possible, but fraudsters always find a way to bypass defenses and ply their schemes. How can ewallet users protect their devices and avoid becoming victims of fraud?
The rise of the ewallet may have been inevitable, but the past year's COVID-19 pandemic certainly helped to generate an uptick in adoption rates.
Concerns about spreading the virus led to increased interest in remote and touchless payment systems, and suddenly lots of people who might have scoffed at the idea of using their smartphones to make payments at checkout were downloading ewallet apps and linking their cards.
This has been good news for ewallet providers and a positive step toward modernizing the payments ecosystem, but whenever fraudsters see an influx of new users and an increase in transaction volume they start circling like sharks.
Proponents of ewallets have long touted the strong security measures they include, but even the best inbuilt defenses can sometimes be circumvented by phishing, social engineering, and other low-tech attacks that rely on human fallibility rather than technological vulnerabilities. To protect themselves from ewallet fraud, users need to know what to look out for.
What is an eWallet?
An ewallet is a software program that stores credit card numbers and other necessary payment credentials, allowing the user to make payments at compatible terminals by using a device linked to their ewallet.
Usually this device would be the smartphone that hosts their ewallet app, but ewallets can be linked to wearables and other devices. Many ecommerce merchants accept payments from ewallet platforms, too. The top ewallet providers include major companies like Apple, Samsung, and Google.
Most ewallets utilize near-field communications technology that allows them to wirelessly transit payment data to the payment terminal. This allows for touchless payments, and when the data is tokenized, eliminates the need for the terminal to read or store the actual credit card number, providing a layer of protection against one possible avenue for fraud.
eWallets are generally regarded as highly secure because they can be tied to specific devices, held in the possession of the owner, and often require biometric authentication methods (such as a fingerprint or facial scan) in order to authorize a payment. Despite these safeguards, fraudsters have been actively seeking out ways to breach ewallet accounts and steal funds.
What is eWallet Fraud?
eWallet apps are often designed to take advantage of the biometric security features of their host devices, but with the right credentials fraudsters may be able to get around these protections.
The simplest and most straightforward way for a fraudster to hack into an ewallet is to trick the owner into giving up the passwords and PINs that keep it secure. One phishing scheme that has taken hold in some markets involves the fraudster messaging their intended victim and telling them that they need to authenticate their account.
The fraudster will then instruct the victim to download an app that allows them to remotely view or control the victim’s device. If the victim downloads the app and attempts to log into their ewallet account, the fraudster can see the password and PIN they enter. Then they can log into the account and start spending or transferring the victim’s money.
Another type of scam uses ewallets to facilitate old-fashioned credit card theft. In this scenario, the fraudster attempts to link a victim’s stolen credit card number to the fraudster’s own ewallet. Issuing banks are usually in charge of authenticating the card enrollment process, and this may involve only passwords, security questions, and other defenses that fraudsters can defeat.
Once the victim’s card is successfully linked, the fraudster can use it freely at any online store that accepts their ewallet platform. This way, the fraudster only has to get through the authentication step once, instead of having to do it every time they use the card to make a purchase.
How Can eWallet Fraud Be Prevented?
Merchants are often encouraged to accept ewallet payments with the argument that these platforms are more secure and fraud-proof than regular credit card transactions.
It’s true that ewallets can offer some built-in protections that make them comparatively safer than the average card purchase, but as the schemes mentioned above prove, ewallet transactions can still be fraudulent and they can still result in chargebacks for the merchant.
eWallet providers and issuing banks are primarily responsible for making these platforms safer. Biometrics, two-factor authentication, strong password requirements, and other up-to-date practices can make things harder for fraudsters, but there isn’t always a technological solution for social engineering attacks that are based on deceiving people into voluntarily sharing their login credentials.
Merchants can help by educating their customers about common phishing tactics and amplifying warnings about new scams that are going around.
Behavioral analysis can be helpful for detecting all kinds of fraud, including ewallet fraud. Behavioral analysis looks at the user’s purchasing behavior in light of the following questions:
- Is this abnormal behavior for the user, based on their past history?
- Is this behavior consistent with the way fraudsters are known to act?
If the answer to either question is “yes,” it may be wise to subject the order to manual review.
Merchants can increase their sales by adapting to new technologies and meeting their customers where they’re at, but embracing novel payment platforms can sometimes leave merchants out on a limb when it comes to protecting themselves from the fraud and abuse that follows.
Security was definitely a major concern for the companies that developed ewallets, but fraudsters never stop trying to find weaknesses and loopholes to exploit.
By staying informed about the current state of fraud and exploring holistic fraud prevention methods such as behavioral analysis, merchants can put themselves in a strong position to counter any new threats that come their way.