eWallet Fraud Prevention Tips

The increasing sophistication of smartphones has enabled them to play an ever-expanding role in consumers’ lives. In the financial realm, digital vaults known as eWallets that enable consumers to store financial information and make purchases with their phones have grown increasingly popular in recent years.

With major technology firms offering platforms for these digital wallets, tremendous efforts have been made to make them as secure as possible. However, as has been seen with other devices and security measures, hackers invariably devote considerable time and effort to circumventing new transaction methods as they are adopted.

With fraudsters increasingly focusing their efforts on eWallets, it’s important to be aware of the methods hackers use to help protect yourself and your customers from fraudulent activity.

The rise of eWallets

With the Covid-19 pandemic boosting the adoption of digital transactions, the use of smartphones for touchless transactions has boomed. Consumers can access this functionality by downloading an eWallet app and then using it to buy goods at checkout. While this has been a plus from the standpoint of public health and convenience, it has also attracted the attention of hackers looking for new opportunities.

While most eWallets feature strong security provisions, credit card fraudsters can still find ways to pierce these defenses, in many cases using phishing and other social engineering schemes that enable them to bypass such defenses by acquiring login credentials.

These attacks focus on vulnerabilities due to human mistake or misunderstanding rather than directly overcoming security measures. As a result, eWallet users can’t simply rely on the security provisions of their wallet, they must also know how to avoid social engineering attacks.

How do eWallets work?

eWallets are software apps that work by storing payment credentials such as credit card numbers and associated passwords. These apps enable users to conduct transactions at terminals which support their use via a device such as a smartphone connected to an eWallet.

In addition to smartphones, eWallets can also be linked to wearable devices such as watches. eCommerce platforms in many cases will support the use of eWallets, with providers including tech titans such as Apple and Google, among others.

The use of near-field communications technology allows eWallets to transfer payment information wirelessly from an app to a payment terminal, enabling touchless payments. Additionally, by tokenizing data, eWallet apps can process transactions without any need for the terminal to scan the actual credit number being used or to store it, which helps bolster transaction security.

Because of this and other security measures, including the use of biometric authentication processes to secure smartphone access, eWallets have strong protections against hackers and other threat actors. However, this has not stopped these fraudsters from looking for vulnerabilities they can exploit to access eWallets.

Types of eWallet Fraud

One method fraudsters use to try and avoid biometric authentication is stealing login credentials. Techniques used to accomplish this include:

• Phishing emails: Fraudsters commonly will send an email that mimics a customer service message from a company the customer does do business with to trick them into providing their login credentials.
• Phishing texts: A common example of a phishing text is when hackers send a fake link to a consumer asking them to authorize their account. The link provided typically takes them to a site where they will be asked to provide password and PIN info, which is stolen by the hackers.
• Harvesting data via social media: Fraudsters often scour social media accounts for the names of pets, kids, etc. which may be used in passwords and account names.
• App insertion: Hackers will sometimes use phishing emails or texts to try and convince a smartphone user to download an app to their device. When the user logs into the app, the hacker captures the password and PIN and then uses that information to log into the eWallet and process fraudulent transactions.
• Credit card theft: Hackers and other fraudsters may use plain old credit card theft with a modern twist – by trying to connect stolen credit card numbers with an eWallet controlled by the criminal. In some cases, this approach may allow them to avoid biometric security measures when authenticating the card. Because this process is typically overseen by the issuing credit card institution, a fraudster may be able to set up the card using only passwords and security questions, rather than providing biometric data. In such cases, the fraudster then uses their eWallet to make purchases with the purloined credit card without having to undergo continual authentication challenges.

Tips for preventing eWallet fraud and avoiding chargebacks

Because fraudsters have discovered a number of ways to avoid security measures associated with eWallet purchases, merchants should not relax their vigilance when accepting transactions of this type. Chargebacks can result from eWallet transactions as with other types of transactions where fraudsters gain access to account credentials.

The firms behind eWallet apps, along with the financial institutions issuing the credit cards used within them, are on the front line of establishing security measures to protect eWallet use. However, given that social engineering schemes can be used by fraudsters to overcome these security procedures, merchants should still take steps of their own to guard against chargebacks from fraudulent eWallet transactions.

These include:

• Education: Warning customers about phishing attacks can help them avoid being tricked into giving away their login credentials by social engineering schemes. This can also include alerting customers about new scams as they pop up.
• Analyzing buyer behavior: This approach uses data analytics to search for signs of fraudulent activity when eWallet users make purchases. This can include flagging transactions that are markedly different than past purchases a user has made. It also looks for activity that coincides with known patterns of fraudster behavior.
• Manual purchase review: In cases where purchase behavior has been flagged as anomalous, bringing in a human to review such transactions can help weed out fraudulent transactions.

All of these steps can reduce the chances of fraudulent transactions slipping by the eWallet firewalls, thereby helping cut down on chargebacks. Working with a chargeback management company also is advised for managing chargebacks related to fraudulent transaction.

Transaction Security and New Technology

New technologies have opened up novel avenues for merchants to use when conducting business. While these new technologies often feature cutting edge security features, they can still be vulnerable to determined attack from hackers and other fraudsters.

Merchants looking to expand their business by accepting eWallets should be aware of the potential for fraud leading to chargebacks from this source. To help protect their customers from falling victim to eWallet fraud, merchants should keep up with the latest trends in fraudulent activity and use countermeasures such as transaction analysis to keep an eye out for signs of behavior that could indicate fraudulent activity has occurred.