A security upgrade that made paying easier may have opened a new battlefield for fraudsters.
For years, the payments industry focused on making card fraud harder. Chip cards, tokenization, biometric authentication, and digital wallets all helped strengthen security.
Now attackers appear to be shifting their attention somewhere else.
And according to Lithic CEO Bo Jiang, one of the fastest-growing targets may be a moment most consumers never even think about: adding a payment card to a digital wallet.
Table of Contents
ToggleThe New Weak Spot Fraudsters Are Chasing
Most people assume the risky part comes when money moves.
But fraudsters are increasingly focused on what happens before that.
The target is card provisioning — the process that occurs when a cardholder adds a debit or credit card to a digital wallet such as Apple Pay, Google Wallet, or Samsung Wallet.
The process was intentionally designed to be quick and seamless.
That convenience is exactly what makes it attractive.
According to the U.S. Payments Forum’s 2025 security white paper, criminals have been using stolen card information obtained through e-commerce breaches and attempting to provision those cards onto devices they control.
In other cases, attackers use social engineering tactics to persuade customer service representatives to approve requests that should have triggered suspicion.
Phishing attacks can play a role too, convincing cardholders to hand over card information or one-time verification codes.
The payment infrastructure itself may function correctly.
The attack happens around it.
And that’s what makes the challenge so difficult.
Must Read: UK’s Controversial 2026 Social Media Ban Could Reshape Life for Millions of Teens
Key Takeaway
- Fraudsters are increasingly targeting card provisioning
- Stolen card data can be added to digital wallets
- Social engineering and phishing remain common tactics
- Once provisioning succeeds, downstream fraud becomes harder to stop
Why Successful Provisioning Creates Bigger Problems
The bigger issue may be what happens next.
Sometimes, a provisioning request may not require an additional authentication step if the cardholder’s history is considered low risk by networks and wallet providers.
If attackers possess stolen credentials that appear legitimate, they may clear that hurdle.
Once a card is successfully provisioned into a digital wallet, a token is created.
That token can appear legitimate throughout the payment ecosystem.
As Mastercard has noted in its fraud research, passing the provisioning stage is a major hurdle because of everything it enables afterward.
Digital wallet purchases are generally treated as card-present transactions by payment networks.
That classification carries important consequences.
According to Lithic, issuers typically cannot dispute those charges in the same way they might challenge certain card-not-present transactions.
The result can be direct financial losses for issuers, along with potential damage to customer trust.
And trust, once lost, is often far more expensive than fraud itself.
The Hidden Gap Inside the Payments Stack
That’s where things become interesting.
When a card is added to a digital wallet, multiple parties participate in the decision.
The wallet provider.
The card network.
The issuer processor.
The issuing bank or fintech.
Yet Lithic argues that the institution that knows the customer best is often not the one making the primary provisioning decision.
According to the company, card networks and processors have historically played central roles in provisioning approvals, while banks and fintech issuers may learn about certain events afterward.
A FICO analysis cited by Lithic suggests this fragmented structure can create blind spots.
Different systems may see different signals.
Different teams may possess different pieces of information.
Fraudsters often look for precisely those kinds of gaps.
Why Issuers Want More Control
| Challenge | Potential Issue |
|---|---|
| Fragmented data | Risk signals remain separated |
| Limited issuer visibility | Customer context may be unavailable |
| Multiple decision layers | Blind spots can emerge |
| Growing digital wallet use | Larger attack surface |
Lithic’s Response
Lithic says its answer is a new capability called Client Tokenization Decisioning.
The system is designed to give issuing banks and fintech companies a larger role in real-time provisioning decisions.
Instead of relying solely on broader network-level signals, issuers can incorporate information they already possess, including:
- Device history
- Behavioral patterns
- Customer-specific context
- Proprietary risk signals
The capability operates within Lithic’s Authorization Intelligence platform and integrates with Mastercard fraud and risk services.
According to Lithic, Mercury — a digital bank that processes more than $250 billion in annual payment volume — collaborated on the development of the feature.
The goal is not simply blocking fraud.
It is avoiding unnecessary friction for legitimate customers as well.
Because every false decline can create frustration, reduce trust, and potentially drive customers elsewhere.
But Not Everyone Agrees
A contrarian perspective is worth considering.
The payments industry has spent years reducing friction because consumers increasingly expect instant digital experiences.
Adding more checkpoints into wallet provisioning could improve security, but it also raises a familiar question:
How much convenience are users willing to sacrifice for additional protection?
Finding that balance remains one of the toughest challenges in financial technology.
Too little security creates risk.
Too much friction creates customer frustration.
The industry’s challenge is determining where the line belongs.
What Happens Next?
Digital wallets continue to become a larger part of everyday commerce.
As adoption grows, the incentives for attackers grow too.
The broader message from Lithic’s announcement is that fraud prevention may be moving earlier in the payment lifecycle — before a transaction ever happens.
That shift reflects a reality the payments industry knows well.
Every time one door closes, attackers start looking for another.
The question now is whether bringing issuers directly into provisioning decisions can close one of the newest openings before it becomes a much larger problem.
Editorial Disclaimer: This article is based entirely on publicly available information from the source material provided. No facts, quotes, outcomes, statistics, timelines, or claims have been fabricated. Analysis reflects information available at the time of writing and may evolve as new information emerges.