Skip to main content
Daily Record

How 'digital pickpockets' steal your card without it leaving your wallet

Hackers are now using their victim's bank details to create their own digital wallets.

Comments
Eilidh Farquhar Trainee Affiliates Writer
11:42, 21 Aug 2025
Stealing a credit card through a laptop concept for computer hacker
Brits are being warned of a new scam that targets online banking.(Image: Getty Images)

Cyber crooks are always coming up with new and creative ways to steal personal data from victims. Whether it be pretending to be a family member who has 'lost their phone' or through fake emails that look like alerts from reliable brands, fraudsters will try and steal money by any means necessary.


One scam that is currently on the rise is to do with digital wallets. With many people using online banking these days, many of us have a digital wallet set up - such as Apple Pay or Google Pay - in order to pay for items through contactless.


The added bonus of this convenient feature is that users need to authorise each of their payments with either their face or a fingerprint. However, just because this security measure is in place, it does not mean hackers are deterred.


In order to set up this feature, users need to fill in their card details in order to link the digital wallet to their online banking.

Mobile payment with wallet app
Hackers are now being able to create their own digital wallets with their victim's bank details.(Image: Getty Images)

While this is simple enough for the account holder to do, it also means that if hackers have stolen a person's card details they will also be able to create their own digital wallet on another device without your knowledge.


According to Which?, while digital wallet fraud can occur during the takeover of an entire bank account, it can also easily take place when someone is tricked into passing out their debit or credit card details.

One method hackers have used is by creating a fake text or email that claims to be from a parcel delivery service. Once victims click the link, they are taken to a dodgy website that will prompt them to add their card details to complete the transaction.

As scammers will be monitoring the website in real-time, they will immediately try to create a digital wallet when they receive the card information.


In order to create the wallet, users will usually be sent a one-time passcode (OTP) via text or email to authorise the creation of the online card. As the hacker won't receive this message, the fake website will instead prompt the victim to send the code to finish authorising their 'payment'.

Woman paying for parking with smartphone.
Many people now use contactless pay on their smartphones and watches.(Image: Getty Images)

Now that the hacker has the digital wallet set up, they are able to freely spend your money without you even knowing unless your bank notifies you. Unfortunately, unlike physical contactless cards that come with pay limits, many digital wallets allow an unlimited spend.


It should be noted that not every bank uses OTPs as a way of authorising a digital wallet, which can make it significantly more difficult for hackers to con people into sharing their details.

Which? states: "OTPs sent by text aren’t the gold standard in verification. Some providers offer more secure alternatives, including approval within their mobile banking apps and customers calling the bank and being asked for digits or characters from passwords."

However, they did warn: "No verification method is bulletproof. For example, it’s conceivable that a victim could be socially engineered into approving wallet setup within their mobile app.


"But an in-app process or a phone call gives the bank more chances to warn victims about fraudsters’ tactics – anyone making a bank transfer in the past few years is likely to have noticed the increased checks and warnings."

The Daily Record

Latest scam stories

Which? has also shared some steps online banking users should heed in order to keep their personal and financial information safe from cyber crooks.

Article continues below

How to keep your bank details safe from fraudsters

  • Avoid links: Do not click on links in emails or messages that claim to be from your bank or credit card company. If you're unsure if a message is legitimate, contact the organisation directly using a trusted phone number or website. Many banks can be reached via the fraud helpline 159.
  • Check website data: When shopping online, make sure the web address is correct and use a domain checker to verify the site's age. Be cautious of ads with prices that seem too good to be true.
  • Turn on notifications: Most mobile banking apps allow you to receive push notifications whenever money is spent on your account. Turning these on can help you spot fraudulent activity as soon as it occurs.
  • Check statements: Regularly review your bank and credit card statements and report any suspicious transactions to your bank immediately.
  • Heed warnings: If your bank notifies you that your card has been added to a digital wallet and you did not do this, call the bank immediately to investigate.
  • Disable message previews: To prevent OTPs from being seen by others, you can disable message previews so they do not flash on your phone's locked screen.
Follow Daily Record:


Financial crimeBankstechnology

reach logo

At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the saleor sharing of your data, at any time clicking the "Do Not Sell or Share my Data" button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Privacy Notice.