The payments industry has spent years making cards harder to steal, harder to clone, and easier to protect. Chip cards, tokenization, and biometric authentication have all helped reduce certain forms of fraud. But criminals rarely stop at the first barrier. They move to the next weak point in the chain, and right now one of the most attractive weak points is card provisioning fraud, the moment a card is added to a digital wallet. TechCrunch’s sponsored article on Lithic says fraudsters have increasingly targeted this step, because once a card is provisioned, the token can look legitimate to downstream systems.
That is why the latest wave of payment security innovation is not just about stopping bad transactions. It is about stopping bad identity moments before the transaction even starts. Card provisioning fraud is especially dangerous because it exploits a process designed for convenience. The experience has to be fast for real cardholders, which means the system often has to balance speed against verification. That tradeoff is exactly where fraudsters try to slip in.
How The Attack Works
At a basic level, tokenization is what makes digital wallets work. Mastercard describes tokenization as replacing the real card number with a stand-in number stored in a phone, watch, or merchant site, so the merchant never sees or stores the actual card number. That improves security, but it also creates a new target if criminals can force a token to be issued for a stolen card. Once that happens, the bad actor is no longer holding a raw card number. They are holding access to a payment credential that looks authentic inside the wallet ecosystem.
TechCrunch’s Lithic article explains the operational path clearly. A provisioning request moves between the wallet provider, the card network, and the issuer or processor. That flow is meant to confirm that a legitimate cardholder is adding the card to a wallet, but attackers exploit the verification step, social engineering, or low-friction approval paths. The article also notes that some provisioning requests may pass through without a step-up challenge when a cardholder is assessed as low risk, which can let stolen credentials look clean enough to be approved.
That is the real problem with card provisioning fraud. It does not always look like classic fraud. It often looks like a normal wallet enrollment request, which means the attack can hide inside an ordinary customer journey. If the request succeeds, the resulting token may be treated like a legitimate credential by the rest of the network. In practice, that can make losses harder to dispute and harder to recover.
What Lithic Is Building
Lithic’s answer is called Client Tokenization Decisioning, which sits inside its broader Authorization Intelligence platform. In practical terms, Lithic says the system gives issuers real-time control over provisioning decisions by bringing issuer data into the decisioning layer, including device history, behavioral patterns, and customer context. That matters because the issuer usually knows the customer better than any other party in the wallet flow.
Lithic also says its fraud suite combines authorization rules, flexible decisioning logic, and velocity controls to block suspicious activity while keeping legitimate transactions moving. That is an important distinction. Good fraud controls are not simply about declining more requests. They are about improving decision quality so the platform catches real attacks without creating avoidable friction for honest cardholders.
The company’s broader platform messaging reinforces that idea. Lithic describes Authorization Intelligence as a programmable rule layer that works across the payment lifecycle, from identity verification to transaction authorization, and across multiple payment forms, including cards, ACH, and wallet tokens. That means provisioning is not treated as a side task. It is part of the same control surface as the rest of the payment stack.
Why Real-Time Decisioning Changes The Equation
The challenge in card provisioning fraud is timing. The risk has to be evaluated immediately, because the decision happens in the middle of a user journey that people expect to complete in seconds. Lithic says its flow runs in milliseconds, which allows the issuer to participate in the provisioning decision in real time. That is the difference between a static rule and an active defense.
The U.S. Payments Forum has also emphasized that mobile and contactless payments require secure provisioning, biometric authentication, tokenization, fraud detection, and account takeover prevention. Its 2025 white paper frames these controls as part of a broader ecosystem responsibility shared across issuers, processors, wallet providers, and merchants. That is consistent with Lithic’s approach, which relies on collaboration rather than a single-point fix.
For issuers, the value is not only stopping fraud. It is also preserving approval rates. If a system blocks too aggressively, legitimate cardholders get stuck at the exact moment they want to add a card to a preferred wallet. That creates frustration, support costs, and churn. Lithic’s pitch is that better data and better control can reduce both fraud and false declines at the same time.
The Broader Industry Is Facing The Same Pressure
This is not just a Lithic problem. It is an industry-wide shift. The sponsored TechCrunch article points out that once one attack surface becomes harder to exploit, bad actors move to the next one. That is why card provisioning fraud has become such a serious topic. It sits at the intersection of security, usability, and network trust, which makes it an ideal place for fraud to evolve.
Lithic’s Mercury case study shows how a programmable authorization stack can matter in real programs. Lithic says Mercury used its infrastructure, including integrated 3DS and real-time behavioral decisioning, to reduce total card fraud losses attributed to 3DS transactions by 40 percent while continuing to scale. That is not the same as provisioning fraud, but it supports the larger thesis that programmable, context-aware controls can materially improve fraud outcomes.
The lesson for the market is simple. Fraud prevention is moving closer to the edge of the transaction lifecycle. Instead of waiting to inspect a completed payment, issuers are increasingly trying to make the right decision at the first risky moment. In the case of card provisioning fraud, that moment is the wallet enrollment itself. That is where the real contest is now taking place.
What Fintechs And Issuers Should Take From This Shift
For fintechs, the first takeaway is that wallet enrollment should be treated like a high-risk event, not a routine form fill. The second is that decisioning should incorporate more than account age or static risk labels. Lithic’s model, as described in its materials, leans on behavioral signals, device context, and issuer knowledge because those inputs can reveal patterns that network-level checks may miss.
For issuers, the operational question is whether their current stack can make a fast, informed, and explainable decision during provisioning. If the answer is no, they are probably leaving an opening for card provisioning fraud. The U.S. Payments Forum’s guidance on secure provisioning and tokenization makes clear that the security model for modern wallets has to be layered, not singular.
For the broader payments ecosystem, the trend suggests that fraud controls will keep moving upstream. That means more attention on identity, more controls at token creation, and more collaboration between wallet providers, networks, processors, and issuers. Mastercard’s tokenization framework and the U.S. Payments Forum’s guidance both point in the same direction. Digital wallet security is strongest when the ecosystem protects the token at the moment it is created.
Read More

Wednesday, 08-07-26
