Mobile wallets are digital payment systems that allow users to store their credit card information on their smartphones, which they can then use at retail locations or online. Also commonly known as “contactless payments,” they’ve become increasingly popular over recent years as consumers seek a more convenient, frictionless and secure way to make payments.

However, with the rise of mobile wallet usage, there has also been an increase in mobile wallet fraud. As a retailer, it’s important to understand this type of “contactless fraud” and take necessary precautions to protect your business and your customers.

Mobile Wallet Fraud

Put yourself in a consumer’s shoes for a moment. Mobile wallets are popular with consumers because they can simplify purchases and pay bills without needing to carry around physical cards. But these conveniences come with risks: if you lose your phone or someone steals it, they could gain access to all of your sensitive financial data through the mobile wallet app stored on your phone. Conversely, with enough stolen personal data, crooks can create a fraudulent wallet profile under your name to make purchases at your expense.

No Transaction is Safe

Mobile wallet fraud can occur through a number of different schemes, including using a mobile device to make fraudulent transactions without the need for a card. This tactic creates a vulnerability for card-present transactions. Brick and mortar merchants who have just gotten used to EMV protections now have to keep an eye open for fraudulent mobile wallets in their shops. This type of fraud can be particularly difficult to detect because it often involves small purchases that are below the threshold for requiring a signature or PIN.

Somebody Do Something About It!

Let’s look at how mobile wallet fraud is being addressed, from the ground up. Let’s begin at the front lines, how you the merchant can protect your business. Then we’ll examine what issuers should be doing to protect their account holders from falling victim. And finally we’ll look at the role of regulatory and governmental institutions (or lack thereof).

The Merchant Should…

It can be argued that merchants are on the hook even more than consumers. When the account holder states their case that mobile wallet fraud occurred, they invariably come away reimbursed by a chargeback. The merchant on the other hand has no such fallback.

However, you do have these best practices to safeguard your business against mobile wallet fraud:
  1. Educate your employees:
    • Train your employees to recognize the signs of mobile wallet fraud:
      • unusual payment patterns
      • purchases with same source or ship-to from multiple origins
      • multiple low-value transactions in a short period of time
    • Encourage your employees to report any suspicious activity to management immediately.
  2. Implement security measures:
    • Ensure your transaction stream is PCI Compliant.
    • Use secure payment processing systems and ensure that your payment terminals are EMV-enabled.
    • Require customers to enter a PIN or biometric authentication before processing a mobile wallet payment.
    • Consider using fraud detection software to monitor transactions and identify potential threats.
  3. Stay up-to-date on the latest trends:
    • Stay informed about the latest mobile wallet fraud trends and tactics.
    • Follow industry news and join relevant forums or groups to stay up-to-date on the latest developments.
    • Share information with other retailers to help protect the community as a whole.

Issuers Should…

Issuer inaction is tantamount to complicity in contactless fraud. At the bare minimum, issuers must ensure that the POS entry mode identifies a supported interface for the payment account and that the service code contains a valid value. They must also authenticate the CVV that corresponds to the POS entry mode as part of the decision process, and verify whether the POS entry mode, service code, and card values are logically consistent. source

As a merchant, if you are seeing recurring BINs or repeat offenders in the transaction source of your wallet fraud, block the bank/BIN, as they are likely not taking the requisite steps to prevent this form of fraud.

Regulators Should…

You have the various governmental agencies tasked to protect consumers from fraud, but they typically delegate to industry stakeholders. Such is the case here. The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that retailers must meet in order to process credit cards. PCI DSS requirements are enforced by the major credit card companies, such as Visa and MasterCard, who require compliance with these standards before they will allow their cards to be used at an ecommerce site or physical store location.

The PCI DSS standards include requirements for protecting customer data during transmission over networks (when you make an online purchase), storing sensitive information securely on servers (when you enter your payment details), encrypting cardholder data while stored in databases and other measures designed to ensure that only authorized people can access sensitive information such as passwords or credit card numbers. source

The problem here is that nor everyone follows these guidelines and breaches occur all the time.

Conclusion

Mobile wallet fraud is a growing concern for retailers, but with the right knowledge and precautions, you can protect your business and your customers from potential threats. By educating your employees, implementing security measures, and staying up-to-date on the latest trends, you can help ensure a safe and secure payment experience for everyone.

Popup Lead Form