Protect yourself against digital wallet fraud
Digital wallets are hugely popular due to their combined ease and advanced security.
While digital wallets (new tab) are an incredibly safe method of payment, they may still be vulnerable to bad actors. Read on to learn about digital wallet fraud and how you can protect yourself against social engineering scams.
How scammers get your information
In digital wallet scams, criminals retrieve a cardholder's details and add them to their own digital wallet on a device they control. They can get this information from you through social engineering (new tab), or by buying stolen data off the dark web.
Popular methods
- Smishing (new tab): You receive a suspicious SMS message with a strange link claiming to be N26 or other services (such as a postal service). They'll ask for personal details, like your card credentials.
- Vishing: You receive a suspicious phone call from an impersonator claiming to work for N26 or elsewhere. They'll say they need your card details. This is a scam — no bank will ever cold call you to ask for your card details over the phone.
- Data breaches: Your personal payment details are compromised through a data hack or the dark web, leaving your account exposed.
Important: If scammers are successful in getting your financial details, they can add your card to their digital wallet, attempt a tokenization (i.e. card confirmation), and make unauthorized transactions.
How scammers trick you into helping them
After card details are added to a scammer’s digital wallet, a final confirmation step is needed. This process is called “tokenization” and the method can vary. Criminals will generally use social engineering tactics (new tab) to deceive you into approving the tokenization.
Methods of deception
- One-time-password: A confirmation request is initiated by your digital wallet. You’re prompted to input a code received via SMS to your paired device.
- Fraud can happen when: bad actors initiate the tokenization and convince you to share the SMS code with them.
- In-app confirmation: You’re prompted to log in to your N26 account to confirm a tokenization process initiated by your digital wallet.
- Fraud can happen when: bad actors initiate the request and convince you to confirm the tokenization from your N26 account.
Important: If successful, scammers can immediately perform irreversible card payments and funds may never be recovered.
Tips to stay safe
- Trust your gut. Don’t engage with unknown senders or strange-sounding messages
- Never provide bank account or personal details to an unknown party or vendor unless you are 100% sure they're trustworthy
- Never accept a digital wallet action not requested from the N26 app
- Never share an SMS code with anyone
- Install a spam blocker
- Enable two-factor authentication
- Enable Face ID if your smartphone allows it
- Avoid saving your card details on suspicious websites
- Take your time and never feel pressured to act
Report strange communications
- If you’ve received any questionable communications, please report it to Customer Support.
- If you've approved a virtual card or received an approval code followed by a fraudulent card transaction, block your card in the N26 app immediately.