Mobile wallets cannot tell a privacy guard who is a scammer


Scammers and privacyConscious consumers have one thing in common. Neither of them wants to be found easily.

For many years, this overlap did not matter much. Privacy-conscious consumers wanted to limit their data exposure and control how merchants stored their credentials. The scammers wanted to hide the identities and numbers of the stolen cards. Different motivations, different angles of the system.

Digital wallets I pulled these two scientists into the same room. They did this at one point in the flow where the industry was looking the other way. Supply. The card is added to the wallet before a single dollar moves, and this is where the two sets start to look identical.

“Once the fraudster goes through the supply system, it looks clean.” stone CEO Bo Jiang He said piments CEO Karen Webster. “This code looks legitimate for every provider, and they’re not audited or vetted in the same way. They have a longer lead time” than they have historically.

This is a shift that the industry has not fully grasped. Most investment scams are based on licensing, because for many years the transaction was a risky moment. Portfolios transferred risks earlier. The credentials that clear provisioning have a clean appearance for the rest of their lives. The decision to add to a portfolio is now just as important as the purchase, and is less scrutinized.

Why doesn’t more data fix the problem?

The obvious instinct is to collect more. This doesn’t work because the privacy-conscious customer and the scammer generate the same signals, Jiang said. New device, unfamiliar location, card request. For one person, that’s Tuesday. For another, it’s offensive. The surface data is read the same way in both cases.

Lithic learned this the hard way when building the first iteration of the brand; Privacy.coma consumer service that allows people to create virtual cards, set a limit on where those cards can be used, and share less with merchants.

“The value proposition attracts privacy-conscious customers who look exactly like scammers if you just look at the data,” Jiang said. “This forced us to look at the problem through a new lens and separate intent from the surface level of data.”

This intention is the whole game, and intention does not live in the wallet. Jiang said he lives with the source. Banks and fintech companies are the ones who already know the customer.

“Issuer-specific data is in the room when it makes the decision on whether or not to provide support,” Jiang said.

The request first scans Lithic’s fraud rules, then goes to the issuer’s decision-making layer, “where they can approve, deny, or trigger a move using device history, behavioral patterns, and customer context,” Jiang said. “This is data that no one else in the stack really has.”

The cost of incorrect guessing

Both mistakes are costly. Swipe the scammer through, and they’ll now have a clean code and a long runway before anyone notices. Block a legitimate customer because a model mistook privacy as a risk, and look no further He believes to them. You look broken.

How can stricter supply controls stop fraud without excluding genuine customers who appear suspicious?

Make the models clearer, not stricter, Jiang said.

“There is no silver bullet,” Jiang said. “Our mission is to give issuers the tools to stop fraud and the tools to validate the performance of their custom logic. We have a shadow mode and backtesting, so the issuer can run these rules against live traffic without impacting real results or against historical data to see what would have happened before they went live. The hope is that they can implement these controls without discovering false positives by losing real customers.”

The wallet becomes a gatekeeper for agents

This becomes more difficult, not easier, as wallets stop being places to store credentials and start serving as permission layers for AI-based commerce.

Consumers appear willing to let the wallet stand between them and an independent agent, but not to hand over control of how that agent spends, Webster said.

“Consumers still want control, so they still want the ability to control a lot of different things that happen around the transaction, but the wallet is the trusted way to stand between the agent and the consumer,” Webster said.

Custom tokenization logic can eliminate the risks of proxy trading because those controls provide guardrails before payment, not just protection during the moment of authorization, Jiang said.

“Being able to say, ‘I’m going to give the dealer a card,’ and set a limit on the card level before any of this happens,” Jiang said. “The key to all of this comes down to proactively giving the customer a real sense of control and the interface to do so.”

Which brings the problem back to where it started. A wallet can’t tell a privacy guard from a scammer by looking. He must know the reason. The only place the answer lives is with the issuer who actually knows the customer, at the moment the card is added.

For all of PYMNTS’ digital transformation coverage, subscribe to the daily Digital Transformation Bulletin.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *