Digital wallets are the fastest accelerating digital payment vehicle today. In this post, we discuss what’s driving their popularity, the fraud and AML risks involved, and what banks can do to protect themselves and their customers.

Author and poet Paulo Coelho famously said, “And when you want something, all of the universe conspires in helping you achieve it.” Well, it seems someone wants digital wallets, and badly.

If open banking in Europe wasn’t enough to bolster digital wallets, enter the COVID-19 crisis. Social distancing fast-tracks two transitions that were already underway: the move from cash to digital and the move from card to cardless. We now have a convergence of regulatory and consumer adoption, and the results are revolutionary. According to Businesswire, COVID-19 will realize an eightfold increase in mobile payments between the years 2020 and 2024 — and that’s just in North America. Talk about conspiring for an outcome!

Consumers appreciate digital wallets for the convenience they bring, but it’s their complexity that powers convenience. Digital wallets aren’t a simple product. They’re different from other payment types in that they offer multiple payment channels or payment rails in one entity. In fact, because you can load money onto a wallet as well as transact out of it, it means it’s not necessarily just a payment vehicle.

These complexities create certain vulnerabilities for the potential of both fraud and money laundering; a convergence increasingly referred to as FRAML.

One of the main security issues is that it’s easy to hide your persona with digital wallets. You can buy a burner phone, use credit or debit card information stolen from the dark web, and then very easily load it to a digital wallet. Merchants, banks, and consumers don’t know the person behind that mobile device because it is prepaid.

The FRAML dilemma posed by digital wallets is not unlike the issues challenger banks face. Consumers apply for challenger bank accounts because of the ease of the experience. They don’t have to provide documentation or visit a physical branch. But this type of convenience is also what appeals to criminals. When a challenger bank launches, they must prepare for an onslaught of money mules.

Wallets, unfortunately, have a similar profile. Many of them are new, digital-only products, and everyone wants that type of convenience, including criminals.

From an anti-money laundering perspective, it’s easy for criminals to make the wallet disappear after they’ve used it to launder money. They can just get rid of the phone. Whereas with a bank account, the bank is obligated to keep that data for a specific period.

Banks need to have fraud and crime prevention methods that can adapt to all the use cases of the digital wallet to keep both organizations and consumers safe. These use cases would include digital account opening and onboarding, loading the digital wallets, merchant payments, and the agility to allow for new products to potentially flatten the wallet, such as loans.

Also, it’s essential to have a platform that not only prevents FRAML but ensures your organization isn’t enabling it. Regulators and customers don’t want to hear that you stopped fraud for your company, but your product enabled it for everyone else.

Older fraud strategies don’t work with digital wallets

Traditional fraud strategies don’t work with digital wallets for a couple of reasons. First, digital wallets, by their nature, attract customers interested in ease and convenience. Those customers won’t meld with a punitive fraud prevention strategy riddled with high decline rates. That’s the recipe for losing customers, which is a real possibility as digital wallets aren’t nearly as sticky as bank accounts. Customers often enable direct deposit and other features, which make bank accounts considerably more sticky than digital wallets.

Second, traditional solutions profile customers by relying on payment data and the merchant category code (MCC). That approach doesn’t work with a digital wallet because the wallet only shows the wallet transaction, not the merchant transaction. For example, let’s say we buy chicken sandwiches at Juan’s Sandwich Shop, and we use Paypal to pay for those sandwiches. Juan’s Sandwich Shop never shows up on our statement. Instead, the transaction records as “Paypal.” With digital wallets, you don’t always get the actual merchant’s fidelity because the wallet provider can block that information.

Lastly, it’s not just that you can’t see the data; it’s that the data gets murky. One of the dangers of continuing with older technology is that you’ll find your customer profiling becomes less and less refined. That’s because you can’t combine how the customer is transacting in the digital wallet with how they’re transacting in the card. Even if using the same merchant in both instances, you may not be able to marry that data because. So if you, for example, use the same merchant with different payment types, then unless you review that at a customer level, your profiling will become worse, and your detection rate will worsen as well.

Machine learning and multiple data sources protect digital wallets

Artificial intelligence, and specifically machine learning, consumes disparate sources of data and can fill the gap left by the cloaked nature of digital wallets. In this way, machine learning allows you to gain a holistic view of the transaction, customer, and payment type across a client base as a whole in what is a speedy environment.

For a typical wallet experience, consumers load their payment information onto their devices. The information includes card or account numbers as well as other personally identifiable information. Then the bank categorizes the customer using some high risk/red, low risk/green, or medium risk/yellow system. Some banks send push notifications back to the consumer through the mobile app. Some banks send SMS for step-up authentication. Still, other banks force customers to call and provision their cards into an IVR. No matter what process the bank follows, this is the moment of truth for risk.

It is at this point in the process that financial institutions need to leverage device information coming from a digital trust provider. The digital trust provider interrogates the health and hygiene of each device along with the connection. It then feeds that information into a data lake for rule interpretation and risk assessment, subsequently starting to build the mobile device profile. Is it John Black accessing the device from Alameda, CA? Or is it Jonathon Black who resides in Alameda, CA, but the device is in East Sussex? That’s high risk. By incorporating this information into the profile, whether it be e-commerce or POS transactions, you create a more complete and accurate profile and risk score.

Machine learning leverages multiple sources of data to augment the digital data, combines it with the transactional data, and feeds that back into the platform to create a 360-degree view of the risk associated with the user, the device, plus the transaction itself.

A lesser-known Coelho quote states, “Life was always a matter of waiting for the right moment to act.” Technology, circumstances, and regulation have converged to a singular point: now is the time for digital wallets. Wallet owners or manufacturers, retailers in a sense, need to ensure they’re well based to realize this opportunity. In short, now is the time to act.

Ready to deepen the conversation around digital wallets? Watch MoneyLive’s recorded webinar, Preparing for the next phase of digital wallet disruption in a mobile-led era, with leaders from Danske Bank, Feedzai, Vipps, and Virgin Money.