Smarter wallets to help consumers fight fraud

Just two decades ago, the idea of checking your bank balance with a mobile phone was revolutionary. Today, mobile banking apps have become the remote control of our financial lives, with more than 3.6 billion people worldwide using mobile banking services in 2024.¹ Banking tasks that once required a branch visit – such as sending money to friends and family, managing direct debits, requesting new cards – can now be handled instantly, on the go.

This shift hasn’t just changed how we bank – it has also made it much easier to pay for goods and services. Whether in-store or online, our smartphones are increasingly becoming the go-to payment method, with billions of payment cards now tokenized and stored across a growing web of digital wallets, mobile devices, and e-commerce platforms. 

Rising adoption, however, isn’t without risks. Each new device or merchant where a payment credential is stored increases a consumer’s digital footprint, and with it, the opportunities for exploitation by fraudsters. While 74% of consumers expect to increase their use of digital payments in the next 12 months, more than half (53%) say that news of cybercrime and data breaches has caused them to reduce usage in the past. Clearly, it’s in a bank’s interest to minimize that risk and preserve consumer confidence.²

Thanks to their biometric-device-bound nature, tokenized wallet payments are inherently more secure than other payment methods; however, they are not entirely immune. Fraudsters are increasingly targeting unsuspecting users with phishing messages that trick them into sharing personal information, such as payment card details, that can then be used to add the victim’s card to their own digital wallet. Once added, those credentials can be used instantly. According to Visa estimates, global losses linked to this type of fraud – known as provisioning fraud – reached $450 million in 2023.³ 

Why visibility matters

At the heart of this issue is a lack of transparency. Consumers have no way of knowing where their credentials are stored or which devices have access to them. If a card is linked to a stolen device – or, worse, to one owned by a criminal – a user will likely only find out after the damage has been done. 

This is where current digital wallets and banking apps fall short. While they allow users to track recent transactions and see which cards are stored on their phone, there is no way to see all the other devices, platforms or merchants where the card details are stored.

Clearly, this is a major concern for banks. With so many alternatives on the market, trust is fragile and easily lost. Consumers have options and won’t hesitate to switch banks if they sense their data or money is at risk. Rather than wait for such attacks to occur, banks can reduce the risk of such attacks and strengthen their own position by giving customers more visibility and control over their digital payment credentials.

“We are witnessing a paradigm shift toward shared responsibility,” says Jukka Yliuntinen, Portfolio Owner Payment & Identity at InterFund Solutions Netcetera. “Trust is the foundation of every banking relationship. By increasing the visibility of how and where digital credentials are stored, banks can strengthen trust and fight fraud, helping consumers take a more active role in keeping their credentials secure.”

Tackling provisioning fraud

Banks can address this by integrating credential control features directly into mobile banking apps or wallets to give users a clear overview of their payment card’s digital footprint. As soon as a card is enrolled in a digital wallet, users can see which devices it is connected to and immediately revoke access to any old or unrecognized devices, thus reducing the threat of provisioning fraud. Likewise, users can have full visibility of merchants and platforms where their payment tokens are stored, with the ability to suspend or revoke access at their discretion. 

This added layer of control provides customers with peace of mind with their daily transactions, without compromising the speed or convenience of mobile payments. If anything, convenience is enhanced by push provisioning features that enable users to instantly connect a card to trusted merchants to speed up the checkout process.

And for banks, the benefits are twofold. Firstly, shared responsibility reduces exposure to fraud. But more strategically, it drives deeper engagement with customers by increasing wallet interactions. Each additional touchpoint that reinforces the wallet’s security and convenience builds trust and strengthens long-term brand loyalty – factors that can make all the difference in a highly competitive market.  

Let’s take a closer look at how one of Australia’s leading banks put this into practice.

How CommBank gave consumers control of their credentials

As Australians increasingly embrace digital wallets for everyday payments, Commonwealth Bank of Australia (CommBank) – one of the country’s biggest banks, with over 17 million customers – took a leading role by becoming the first major Australian bank to integrate credential control features directly into its native banking app in 2024. 

With more than 7 million CommBank payment credentials added to mobile devices, tablets, and wearables, the bank recognized a need to give customers greater oversight of where and how their payment cards are stored to help reduce the risk of phishing attacks and fraud.

To address this need, CommBank introduced a new Review Digital Wallet feature, powered by InterFund Solutions Netcetera’s Convego^® Token Cockpit. The feature allows users to see all the digital wallets their card has been linked to and revoke access to any they don’t recognize. The impact was immediate. “In trials of the Review Digital Wallet feature, we saw customers checking what digital wallets have been set up with their payment details and, in some cases, making changes – for example, where a device may no longer be in use,” said James Roberts, Head of Fraud, CommBank.

As a first mover, CommBank set the standard for the role that banks can play in this emerging paradigm, where security is no longer something done for the customer, but rather with the customer. By empowering users to actively manage their digital credentials, banks not only help reduce the risk of fraud, but also build deeper trust. 

With the global shift toward mobile-first payments poised to continue in the years ahead, banks that adopt such a forward-looking strategy will be better positioned to build lasting trust and keep fraudsters at bay.

Published: 07/08/2025