SINGAPORE: With the year-end travel season here, Singaporeans are jetting off for the holidays, and chances are, many will be using multi-currency digital wallets on their trips.
Multi-currency card providers, which include Revolut, YouTrip and Wise, allow users to convert Singapore dollars and store them in different foreign currencies for low or no transaction fees.
One in five millennials here has an account with the Singapore-based YouTrip, a multi-currency card and travel wallet, according to a study by the firm in 2022.
Revolut said in June that it now has more than 30 million retail customers worldwide, having added more than five million new users globally since November 2022.
These digital wallets are gaining popularity owing to their competitive exchange rates, and are also cheaper to use than credit cards from traditional banks since there are lower or no transaction fees.
But while they offer convenient ways to pay for goods and services, there are risks to using these wallets and they may be less secure than traditional banks, experts said.
Traditional bank cards adhere to stringent financial regulations, provide extensive security features, and have well-established global acceptance, said Shahnawaz Backer, a senior solutions architect at F5.
“Travel wallets, often a third-party service, may have security measures and competitive currency exchange rates tailored for international travel but may not be subject to the same level of regulatory oversight as traditional banks,” he said.
When it comes to resolving fraudulent transactions, banks typically offer comprehensive customer support and clearly defined processes, ensuring a higher level of consumer protection, he added.
One YouTrip user, Marcus Yeo, told The Straits Times he had discovered unauthorised transactions on his card made in the US and Kenya amounting to US$1,180 (RM5,490 or S$1,570) even though he had not travelled to those places when the transactions were made. He was not alerted to these payments, which he discovered in July.
The 49-year-old said it took YouTrip some three months to fully reimburse him for the fraudulent transactions.
Ian Lim, field chief security officer at the Asia-Pacific and Japan for cybersecurity firm Palo Alto Networks, said travel wallets might have their own fraud protection policies, but might not offer the same level of coverage as traditional banks.
“Unlike banks, with well-defined procedures, customer service teams, and streamlined processes for reporting fraud and disputing transactions, travel wallets might have less efficient mechanisms for these purposes,” he said.
Lim urged multi-currency digital wallet users to carefully review the terms and conditions, fraud protection policies and contact support for detailed information about the services they use.
That said, because digital wallets are pre-paid in nature, losses are limited, unlike credit cards, which can have higher credit limits, said Lim. Digital wallets like YouTrip function like a debit card, and users have to top up their account with funds.
Another YouTrip user who wanted to be known only as Miss Lim had about S$2,500 (RM8,737) in her virtual wallet before she boarded her flight from Singapore to Los Angeles on Nov 18.
When the flight attendant landed in Los Angeles some 20 hours later, she had just over S$170 (RM594) left. Fraudsters had made seven unauthorised transactions in British pounds and US dollars amounting to S$2,361 (RM8,252).
Miss Lim, who submitted a charge-back request to YouTrip on Nov 21, got her money back that same day.
But the episode has left her wary of using YouTrip. “It is very frustrating and disappointing,” said the 38-year-old.
YouTrip chief operating officer Kelvin Lam said Miss Lim had likely transacted with an ecommerce merchant that had been exposed to data security breaches, pointing out that fraudsters commonly target merchants prone to security attacks, and create fraudulent transactions through them.
YouTrip has a fraud-monitoring system which analyses past transaction patterns and industry insights, traces and detects signs of fraudulent transactions, and flags potential suspicious activities, said Lam.
“On a case-by-case basis, customers may receive the compensation before the dispute resolution is completed based on our discretion and careful consideration of factors, including the validity of the user’s claim, the likelihood of a successful charge-back, the amount involved and the associated risk,” he said.
Another potential risk of using these digital wallets comes from “man-in-the-middle attacks” that can take place when travellers use public WiFi networks to top up the wallet, said Jan Sysmans, a mobile app security evangelist at cybersecurity firm Appdome.
“In this vulnerable moment, a hacker can intercept communication between the mobile wallet and its server, extracting credentials and sensitive data,” said Sysmans, adding that the hacker can exploit the financial information to make fraudulent transactions.
Lim added that the growing reliance on digital services presents more opportunities for cyber criminals to carry out identity theft, fraud and unauthorised data collection.
“No payment methods or apps are immune to risks. Plainly stated, both digital wallets and bank cards are under attack,” he said.
“Protecting ourselves from fraudulent transactions is getting more complicated now with how digitally connected we are.” – The Straits Times (Singapore)/Asia News Network