When adding a credit or debit card to your digital wallet, the security method generally used to prevent unauthorized addition involves multiple layers of authentication, notably:
- Provisioning Verification : During the card provisioning phase, the digital wallet provider and the card issuer verify that the person adding the card is the legitimate cardholder. This often involves sending a one-time passcode (OTP) to the cardholder’s registered phone number or email, or requiring authentication through the issuer’s app or customer service
- Biometric or PIN Authentication : Device-level security requires biometric verification such as fingerprint or facial recognition, or entry of a PIN, to unlock the wallet and authorize adding a card. This ensures that only the device owner can add or use cards in the wallet
- Multi-Factor Authentication (MFA) : Many digital wallets implement MFA, combining something the user knows (password or PIN) with something the user has (device) or something the user is (biometrics), adding an extra barrier against unauthorized card addition
Together, these methods create a layered security approach that verifies the cardholder’s identity before allowing a card to be added to a digital wallet, significantly reducing the risk of someone else adding your card to their wallet without permission
. However, it is worth noting that some research has identified potential vulnerabilities in the initial authentication phase, where reliance on limited verification data (like zip code or last four digits of SSN) may be insufficient, allowing sophisticated attackers to add stolen card numbers to their wallets. Despite this, the common and recommended security practice remains the use of OTPs, biometric authentication, and multi-factor checks during card addition
