Stolen card details enrolled into digital wallets to bypass chip-and-PIN security

What is this scam?

A rise in 'digital wallet fraud' has been identified by Which? in June 2026: fraudsters who obtain payment card details through phishing texts — typically fake delivery notifications or social media bargain adverts — enrol the stolen card into Apple Pay, Google Wallet, or Samsung Pay on their own device. This allows contactless payments at retail points without the physical card and bypasses chip-and-PIN checks, since digital wallet payments authenticate with the criminal's own biometrics or passcode. UK banks are each losing an estimated £2–6 million annually to this method. Victims typically discover the fraud through unfamiliar transactions on their statement, often well after the card details were first compromised.

Example scam message

Red flags to look out for

• The message creates urgency — threatening a fine, missed delivery, or account closure.
• Links lead to unofficial domains that don't match the real company's website.
• You weren't expecting this message and can't verify the event it references.
• It asks you to confirm payment details or personal information via a link.
• The sender's number or email address doesn't match the company's official contact.

What to do if you receive this

1. Do not transfer money — your bank will never ask you to move funds to a 'safe account'.
2. Hang up and call your bank directly on the number printed on the back of your card.
3. Report it to Action Fraud at actionfraud.police.uk.
4. If you've already transferred money, contact your bank immediately and ask about the APP fraud refund scheme.