Digital wallets such as Apple Pay and Google Pay have made payments more convenient for consumers – but they have also created a new entry point for fraudsters.
Through phishing, criminals obtain card information and manipulate cardholders into sharing activation codes. Once a card is enrolled in a digital wallet controlled by a fraudster, it can be used without a PIN – potentially leading to substantial losses.
The first line of defence: Token Enrolment Monitoring
In 2024, Tieto Banktech developed a solution designed to stop fraud at the enrolment stage. Token Enrolment Monitoring (TEM) tracks every attempt to register a card in a digital wallet. Using parameters such as IP address, language, and geographical location, the enrolment attempt is compared against the customer’s normal behaviour.
– If something doesn’t add up – such as an unfamiliar language or an IP address from a completely different country – the process is halted. The bank then contacts the cardholder to confirm whether the attempt is legitimate or initiated by a fraudster, says Silje Andrea Kvernberg, Quality & Risk Manager, Financial Crime Prevention at Tieto Banktech.
TEM blocks these attempts before the card can even be activated and used.
– TEM alone stops between 70 and 80 per cent of all attempted digital wallet enrolment fraud. That means the majority never reach the point of being used. TEM is the frontline that gives banks the time and space to react, explains Sverre Larsen, Fraud Specialist at Tieto Banktech.
– From 2024 to 2025, we saw a 100 per cent increase in cases related to digital wallet enrolment. This underlines the need for a strong first line of defence like TEM, Larsen adds.
He notes that although most attempts are stopped early, the ones that do slip through tend to be the most serious.
Token Enrolment Monitoring (TEM) tracks every attempt to register a card in a digital wallet. If something doesn’t add up, the process is halted, says Silje Andrea Kvernberg, Quality & Risk Manager, Financial Crime Prevention at Tieto Banktech.
The second line of defence: Card Transaction Monitoring
Attempts that pass the first line of defence are often detected by the next layer: advanced Card Transaction Monitoring (CTM). All card transactions are monitored, making CTM a highly effective second line of defence where transactions are stopped based on behavioural patterns and risk indicators.
Larsen elaborates:
– If a card is used in a shop in Norway in the morning, it’s highly unlikely that the same card is legitimately used in Asia that same afternoon. When such unusual activity is detected, the purchase is blocked and the customer is contacted. If confirmed as fraud, the card is immediately blocked, preventing further abuse.
More than 60 banks use Tieto Banktech’s monitoring services, benefiting from shared insights across institutions.
– When we combine TEM and CTM, we reduce losses significantly, says Larsen.
He highlights a concrete example:
– During a phishing-related fraud wave in late summer 2025, roughly 3,000 cases were flagged and stopped in TEM – without losses. An additional 600 cases resulted in transactions because the digital wallet enrolment was completed. Of these, 300 were stopped by CTM, while losses in the remaining 300 were partially reduced thanks to CTM. This clearly shows how layered defences work even during high‑pressure periods.
Layer upon layer of defence
As fraud attempts grow more sophisticated – and as criminals increasingly use AI-enabled tools such as deepfakes – fraud prevention must continuously evolve with new defensive methods.
In 2025, Defence Centre blocked fraudulent activities totalling €1.132 billion, more than tripling the previous year’s figure. A key driver behind this success was the Blocking of Rogue Merchants (BoRM) solution. In addition, 3D Secure Monitoring (3DSM) had a strong preventive effect: transactions totalling more than €225 million were declined in 2025 through this service.
In 2026, Defence Centre will introduce additional layers of protection: Money Mule Monitoring (MMM) and Manipulation Risk Monitoring (MRM) will provide deeper behavioural insights and earlier detection of fraud.
– Together, these solutions represent a major strengthening of our defensive capabilities, says Kvernberg.
Collaboration delivers results
For Tieto Banktech and Defence Centre, TEM, developed in collaboration with a major Norwegian bank, proves the value of close cooperation with the banking sector.
– This is an example of how technology and banking expertise can be combined to address a new type of threat. TEM reduces fraud on a large scale, while safeguarding the customer experience, Larsen says.
He adds that since the attacks are global, the solution must be too.
– TEM isn’t built for one bank or one market. It’s modular, scalable and can be deployed across countries. The more cross-market insights we gather, the stronger the system becomes. TEM sets a new standard for how the industry can counter the threat to digital wallets, Larsen concludes.
By enabling proactive detection of fraud in a trend that is growing rapidly, solutions like TEM are essential. The more banks that adopt these tools, the stronger the collective defence against criminal networks becomes.
– We continuously develop new features and invite more banks to join. The more institutions that use the solution, the more insight we’re able to gather – and those shared insights benefit every individual bank, Larsen adds.
Want to learn more?
Read the Tieto Banktech Payment Fraud Report 2026
Explore our fraud insights - the evolving role of AI in fraud prevention, fraud trends, and more
