Stolen Credit Cards used in Digital Wallets| DROP Organization

Posted by on


 In the digital era, digital wallets have become a popular means of convenient and secure way to make payments. However, with this increased popularity, digital wallet fraud has also become a growing issue. This paves way for the need for individuals and organizations to understand the risks involved and take relevant steps to protect personal and financial information from being compromised.

The integration of digital wallets with our daily lives has brought a great change into our lives. The immense benefits such as its use, along with enhanced security features has ushered in a new era of financial convenience. However, digital wallets like Apple Pay, Google Pay and PayPal can be used to conduct transactions using stolen and cancelled payment cards. 

What is a Digital Wallet?

A digital wallet, also known as an e-wallet or mobile wallet, is an advanced and user-friendly application that as a digital storage space for various payment methods, assisting in seamless financial transactions through mobile devices. It stores payment information like credit and debit card details in safe custody. Digital wallet creates a central hub for managing financial interactions where users can add, edit or remove payment sources.

Risks of Digital Wallet

There are several risks associated with digital wallet that manifest at both the organizational and individual levels. This has brought the need for more awareness and proactive measures to efficiently counter potential threats that aroused due to the following risks:

Organizational Risks

  • Payment Fraud- The digital platform create insights for payment fraud. The threat actors exploit vulnerabilities, stealing personal information for unauthorized transactions. Payment fraud can lead to financial losses, legal liabilities and reputation damage for the digital wallet providers.
  • Machine Learning threats- Machine learning for fraud detection can expose the providers with new threats. The threat actors can manipulate algorithms by evading detection in a cat-and-mouse game. 
  • Third-party Vulnerabilities- The digital wallet providers often integrate third-party services that leads to introduction of vulnerabilities. These gateways carry weak security environment which can cause unauthorized access or data breaches. 
  • Data Breaches- Digital wallets accumulates the user data which make it enticing targets. Data breaches include sensitive information which can lead to legal, financial and reputational consequences.

Individual Risks

  • Device Theft and Loss- Digital wallets are associated with mobile devices that pose risk. Lost or stolen devices or even stolen cards and permit unauthorized wallet access. The threat actors can cause huge financial losses. 
  • Phishing Attacks- Often the malicious actors use phishing methods to gain wallet credentials. Fake emails, messages or sites can impersonate legitimate platforms, luring the users to share login details and other sensitive information. 
  • Biometric Vulnerabilities- Fraudsters manipulate fingerprint or facial recognition systems to obtain unauthorized access.

Digital Wallet Frauds

Digital Wallet like Apple Pay, Google Pay and PayPal can be used to conduct transactions using stolen and cancelled payment cards. The attacker having limited financial information can add an active stolen payment card number to a digital wallet and make purchases, even if the card is cancelled or replaced. 

This highlights serious flaws in the authentication, authorization and access control mechanisms of major digital wallet apps and US banks. A probable attack scenario goes like, where an attacker steals a credit card from a person. The attacker determines the address of victim using online databases. Now the attacker tries to add the card in different digital wallets. Any wallet that requires an address or ZIP code for authentication is the suitable one for the attack to proceed. 

Once the attacker adds the card to their wallet, the cardholder may lock the card or ask the bank to send a replacement. But, this will bring no effect on the attacker's wallet, and will continue to enjoy access to the card for further transactions.

How does Digital Wallet Frauds occur?

  1. Phishing- Malicious actors send fake emails or text messages impersonating as legitimate digital wallet providers, luring users to provide their payment information.
  2. Malware- Attackers can infect mobile devices with malware that can help them to steal payment credentials directly from the digital wallet application.
  3. Social Engineering- The threat actors tricks users to share payment data using social engineering attacks. They imitate as support reps or trusted entities to gain trust and obtain access to user's wallet.
  4. Man-in-the-middle- Attackers intercept communication between user's devices and payment terminals, and capture payment data for misuse, termed as man-in-the-middle attacks.
  5. Wi-Fi Snooping- Users who attempts public Wi-Fi use, often face Wi-Fi snooping. This indicates interception of data between wallets and terminal for fraudulent use.
  6. Data Breaches- Data breaches can result in exposure of payment data stored by the providers due to system vulnerabilities or hacking.
  7. Device Theft- Stolen or lost devices can provide unauthorized access to wallets, which enables fraudulent transactions.

How can you stop Digital Wallet Frauds?

To stop or prevent digital wallet frauds involves overcoming the obstacles of obscuring the user's payment credentials. 
As a merchant, you can ideally identify the individual cards in the wallet and ensure that a user is real. But, outside your own platform, you surely have no control over a wallet and its verification. Below are few option you could consider:
  • Advanced Security Measures- Organizations shall implement robust security protocols such as cutting-edge encryption and tokenization techniques, to secure payment information within digital wallet systems and prevent digital wallet frauds. This makes sensitive data inaccessible to malicious attackers.
  • Retain Traditional Payment Methods- Younger members may prefer digital options, whereas the older member may stick to cash, cheques or physical credit cards, to serve all demographics.
  • Routine System Updates- You must consistently update digital wallet apps and systems to address critical security flaws proactively. Regular updates can ensure implementation of the latest security patches, which makes it harder for attackers to exploit weaknesses.
  • Robust ID Verification and Authentication- Organizations shall implement stringent ID verification and authentication procedures. Use of multi-factor authentication and biometric verification can ensure that only authorized users access and use the digital wallet.
  • Fraud Prevention and Detection- You must establish sophisticated fraud prevention and detection mechanisms such as anomaly detection algorithms and real-time monitoring, to proceed with comprehensive fraud investigations. This way, you can identify suspicious activity patterns and proactively prevent potential attempts of fraud.
  • Educational Initiatives- Organizations shall conduct comprehensive educational campaigns for employees and users. This can empower them with the knowledge needed to identify the digital wallet fraud. This comprises of identifying phishing attempts and adopting best practices for safe usage.

The Future of Payments id Hybrid

There is a need to maintain a balance between the traditional and digital approach of payment system. Digital wallets are here to stay, but that does not mean credit cards are obsolete. There must be a mixture of both the methods, such that your credit union can meet the needs of all members. Adopting robust prevention measures is essential. This can ensure secure financial transactions in this fast evolving landscape.
Want to start your learning journey on Cyber Security and Ethical Hacking field?



Comments

Post a Comment