Mobile Wallets Can’t Tell a Privacy Guard From a Fraudster
Fraudsters and privacy-conscious consumers have one thing in common. Neither wants to be easily found.
For years, that overlap didn’t matter much. Privacy-minded consumers wanted to limit their data exposure and control how merchants stored their credentials. Fraudsters wanted to hide stolen identities and card numbers. Different motives, different corners of the system.
Digital wallets pulled those two worlds into the same room. And they did it at the one point in the flow where the industry was looking the other way. Provisioning. The card gets added to the wallet before a single dollar moves, and that’s where the two groups start to look identical.
“Once the fraudster gets through the provisioning system, they look clean,” Lithic CEO Bo Jiang told PYMNTS CEO Karen Webster. “That token looks legitimate to every provider downstream, and it’s not really being scrutinized or checked in the same way. They have a longer lead time” than they historically had.
That is the shift the industry hasn’t fully absorbed. Most fraud investment sits on authorization because for years the transaction was the risky moment. Wallets moved the risk earlier. A credential that clears provisioning wears a clean face for the rest of its life. The add-to-wallet decision is now as important as the purchase, and it’s less examined.
Why More Data Doesn’t Fix It
The obvious instinct is to collect more. Jiang said that doesn’t work because the privacy-conscious customer and the fraudster generate the same signals. A new device, an unfamiliar location, a request to provision a card. For one person, that’s Tuesday. For another, it’s an attack. The surface data reads the same either way.
Lithic learned this the hard way when building the first iteration of the brand, Privacy.com, the consumer service that lets people generate virtual cards, cap where those cards can be used, and share less with merchants.
“The value proposition attracts privacy-conscious customers who happen to look exactly like fraudsters if you’re just looking at the data,” Jiang said. “That forced us to look at the problem through a new lens and separate out the intent from the surface level of the data.”
That intent is the whole game, and intent doesn’t live in the wallet. It lives with the issuer, Jiang said. Banks and FinTechs are the ones who actually know the customer.
“The issuer’s own data in the room when you’re making the decision around whether provisioning occurs or not,” Jiang said.
A request first clears Lithic’s own fraud rules, then moves to the issuer’s decisioning layer, “where they can approve, decline or trigger a step-up using device history, behavioral patterns and customer context,” Jiang said. “That’s data no one else in the stack really has.”
The Cost of Guessing Wrong
Both mistakes are expensive. Wave a fraudster through, and they now have a clean token and a long runway before anyone notices. Block a legitimate customer because a model mistook privacy for risk, and you don’t look more secure to them. You look broken.
How do tighter provisioning controls stop fraud without shutting out the real customers who happen to look suspicious?
Make the models sharper, not stricter, Jiang said.
“There is no silver bullet,” Jiang said. “Our job is to give issuers the tools to stop fraud and the tools to validate how their custom logic is performing. We have shadow mode and backtesting, so an issuer can run these rules against live traffic without affecting real outcomes or against historical data to see what would have happened before going live. The hope there is that they can implement these controls without finding out about false positives by losing real customers.”
The Wallet Becomes the Gatekeeper for Agents
This gets harder, not easier, as wallets stop being places to store credentials and start acting as permission layers for artificial intelligence-driven commerce.
Consumers seem willing to let a wallet stand between them and an autonomous agent, but not to hand over control of how that agent spends, Webster said.
“Consumers still want the control, so they still want the ability to control lots of different things that are happening around the transaction, but the wallet is this trusted way of standing between an agent and the consumer,” Webster said.
Custom tokenization logic can de-risk agentic commerce as those controls offer guardrails before a payment, and not just protections during the moment of authorization, Jiang said.
“The ability to say, ‘I’m going to give an agent a card,’ and set a limit at the card level before any of this happens,” Jiang said. “The key for all of this comes back to proactively giving the customer both a real feeling of control and the interface to do so.”
Which brings the problem back to where it started. The wallet can’t tell the privacy guard from the fraudster by looking. It must know why. The only place that answer lives is with the issuer who already knows the customer, in the moment the card gets added.
For all PYMNTS digital transformation coverage, subscribe to the daily Digital Transformation Newsletter.