The police warn against paying with smartphones and smartwatches
Digital debit or credit cards are digital images of your physical cards and can usually be integrated into current smartphones or a smartwatch. This becomes annoying when the perpetrators do this and can therefore use other people's cards.
Investigators from the Hanover Police Department are drawing attention to a current phenomenon that has led to several reports in recent weeks.
But first a little explanation of how the process with the digital card officially works:
As a rule, if the bank provides this option, a bank customer sets up the digital card from a debit or credit card in their own smartphone and/or smartwatch. The corresponding device must NFC as a function and should have the latest operating system. Some banks offer special pay apps for this purpose. For Android the usage is called “Google Pay” and for iOS “Apple Pay”. Depending on the bank/credit institution and device, the digital card is added directly and/or, if necessary, via online banking or the online banking app. general instructions for Apple here. general instructions for Google Pay here. You should also pay attention to your bank’s requirements.
As a rule, official confirmation of the facility is then required, for example by entering a TAN in online banking or your bank's TAN app.
In iPhones (as an example), the digital card is then stored in the so-called “wallet”. With a double click on a button on the device (e.g. side button), the wallet is triggered and the stored card is displayed. Now, when you pay at the checkout, you are released using your smartphone PIN (not the PIN on the physical debit card!), Face ID or fingerprint. You will then receive a short response about the payment on the corresponding device. You can only see the payment later in the actual account statement. The physical card and associated PIN are not required when paying. There is also no need to enter the card PIN into the reader at the checkout.
How do the perpetrators manage to set up someone else's card for themselves?
Using a phishing site, the perpetrators first obtain the potential victim's debit card details. The following day, the perpetrators call the potential victims and pretend to be bank employees. During the conversation, the person called is asked to confirm a push TAN, which they receive during the conversation. If this is carried out, the respective card is immediately activated on the perpetrator's cell phone. Now the perpetrators can use their own smartphone with the third-party digital card to pay without having the physical debit card with PIN themselves.
How can I prevent this?
First of all, you should be careful when banking online.
Only access your online banking website via the official web address you know. Don't take the detour via the search engines! There is, among other things, the risk that perpetrators will manage to place sponsored fake websites in such a way that they appear in the search results before the official websites of the real banks. You should also be careful if you receive emails that look like your bank. Here the perpetrators claim a sudden blocking, verification, update, change in legal situation, etc., which requires you to take action quickly. However, a link in the email then leads to a phishing page.
- If you receive a call from someone who purports to be a bank employee, do not allow yourself to be tempted to provide/confirm sensitive data over the phone. You should also not enter/name/confirm a TAN.
- Banks and credit institutions will never ask you to take such measures by phone or email/chat/website!
If in doubt, clarify such requests by contacting real customer support. - Check your online banking to see which cards/devices are officially registered for your account.
What can I do if I notice the fraud?
If you have recognized the phishing or the call from a false employee, you should contact your bank immediately.
You may need to take further measures (depending on the data transmitted during phishing). If you notice unauthorized debits on your account statement, please contact your bank. Check the devices/cards stored in online banking. Then file a report with your local police station.
Source: Police Prevention
Also read: Fraud after commercial/company register entry
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

