Consumer & Commercial Payments
August 29, 2024
Mobile wallets have become a convenient payment method, offering consumers ease, speed, and security globally. According to research by Payments, Cards, and Mobile, due to their versatile features, digital wallets are projected to account for more than $25 trillion in global transaction value or 49% of all sales online and at POS combined by 2027. Even though digital wallets were adopted in the late 90s, the pandemic boosted their popularity.
The rise of mobile payment adoption brought with it the rising number of mobile wallet frauds, with recent research pointing to a rise of over 60% by the end of 2023. There are multiple scenarios where consumers get trapped in mobile wallet fraud, such as fraudster scam use situations such as “accidental transfers” or pretending to be calling from a business, government agency, bank, or utility company. As consumers continue to embrace this modern form of payment, it is essential to understand the potential risks and take necessary precautions to safeguard financial transactions.
1. Phishing and social engineering attacks
Fraudsters frequently employ basic yet highly effective phishing techniques, which include sending deceptive emails, text messages, or making phone calls to trick individuals into disclosing sensitive private information. For instance, they may send emails to users of online services, falsely alerting them to a policy violation that requires immediate action, such as changing their password or making an urgent payment. This tactic has gained significant popularity in recent years, particularly in countries like the UAE, where scammers impersonate VIP representatives from central banks, officers of police stations, and other authorities to elicit swift responses, often resulting in substantial financial losses.
Financial institutions always have to educate their customers through official communication channels and ask them to be cautious and verify the authenticity of any communication before sharing personal or financial details.
2. Malicious mobile apps
Malicious apps exploit trusted platforms like the Google Play Store, exploiting the trust of millions of users worldwide. In 2023 alone, more than 300,000 users downloaded banking trojan apps via the Google Play Store. Once the app is downloaded, fraudsters silently execute their agendas, subscribing users to unwanted services and levying unauthorised charges on their mobile accounts. Financial institutions must alarm their customers, requesting them to stick to reputable developers to reduce the risk of downloading malicious apps that can compromise their mobile wallet’s security, as there is a great threat to their personal information mentioned on these platforms.
3. Weak authentication and password practices
Financial institutions must consistently emphasise the importance of strong authentication mechanisms in their digital wallets, such as biometric authentication and long-tail passwords. While consumers should be recommended to install a unique password, financial institutions should look for an experienced technological partner with a Fraud Management solution to implement two-factor authentication functionality, behavioural analysis, and other protection mechanisms to provide an additional layer of security.
4. Lost or stolen devices
Consumers must act with caution if unforeseen circumstances of mobile theft occur and promptly report any loss or theft of the same. Furthermore, device locking mechanisms such as PINs, passwords, or biometric locks to prevent unauthorised access to mobile wallets can greatly secure further damages.
5. Public Wi-Fi risks
In 2023, a Forbes survey revealed that 40% of respondents had their information compromised while using public Wi-Fi, and 20% used public Wi-Fi for financial transactions in their daily activities. This indicates a significant risk of exposing personal information when logging into online bank accounts or digital wallets on public networks. Banks should advise users to avoid conducting financial transactions or accessing mobile wallets on public Wi-Fi due to vulnerabilities to eavesdropping and man-in-the-middle attacks. Instead, users should use secure, encrypted networks or consider a virtual private network (VPN) for enhanced security.
6. Regularly update and secure your device
Mobile wallet users should also keep their mobile operating system, apps, and mobile wallet apps up to date with the latest security patches and updates. Users can also regularly scan their devices for malware using reputable security software to ensure a secure environment for their mobile wallet.
7. Monitor transactions and set alerts
Financial institutions can assist their users by implementing a notification engine and utilising alerts. While users should remain vigilant, banks can enhance security by monitoring suspicious transactions on wallet accounts and promptly notifying users through email, SMS, or other communication channels, allowing users to take immediate action if any unauthorised or unusual activity is detected. For example, if a first-time user pays for an unusually large order through their digital wallet, the bank can alert the user, who can then report the transaction if it appears fraudulent. This system helps mitigate the risk of financial fraud and enhances overall account security.
Digital wallets are a popular and effective means of driving financial inclusion, particularly in underserved communities. However, enhancing financial literacy among users is essential to maximise the benefits of these technologies. While this gradually improves with inevitable digitalisation, financial institutions and wallet service providers can help their customers by offering educational resources, implementing the right fraud management solutions that support all modern payment channels and layers, and providing up-to-date approaches to protect against fraud. By monitoring suspicious activities and promptly alerting users, providers can help defend their customers.
The new BPC guide, “The Anatomy of the New Fraudster 2024“, provides detailed insights into current fraud trends and effective countermeasures. It offers valuable knowledge to help individuals and organisations. Interested in learning more about how to adapt quickly to fraudsters’ changing tactics? Download BPC’s comprehensive guide now.
Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.
We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.
Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.
Please click the button below which relates to the issue you’re having.
Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association
Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.
For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.
The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.
Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.
Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.
For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.
