By Bo Jiang, CEO, Lithic
The payments industry has spent years making cards harder to compromise. Chip technology, tokenization that replaces your actual card number with a unique digital stand-in for every transaction, and biometric authentication have driven measurable reductions in certain categories of payments fraud. That progress reflects collaboration across card networks, issuers, processors, and wallet providers working to stay ahead of bad actors.
But it’s also how fraud works. As one attack surface closes, bad actors look for the next one. Lately, fraudsters have been targeting card provisioning, the step that happens when a cardholder adds their card to a digital wallet. This is a critical moment in the payment lifecycle, and forward-looking platforms are building the infrastructure to protect it.
Why provisioning is a prime target for fraud
Card provisioning was designed to be seamless. When a legitimate cardholder adds their own card to a digital wallet, the experience is fast and the only intentional friction is a verification step to confirm it’s really you. That step is exactly what fraudsters have learned to target.
The U.S. Payments Forum’s 2025 security white paper lays out how it works: criminals use card data from e-commerce breaches and try to provision it onto devices they control, either through automated exploits or by social-engineering a customer service representative into approving a request that should have raised flags. Phishing schemes take a similar approach, tricking cardholders into handing over card details or one-time passcodes directly. The infrastructure works as intended, while the attack happens during the human moment inside it.
Sometimes, fraudsters don’t even need to wait for the verification moment. When a cardholder’s history is rated as low risk with the card networks and wallet providers, a provisioning request can pass straight through to approval without an authentication step at all. Fraudsters working from stolen credentials that look clean on paper can clear that bar without ever facing a prompt.
Here’s where it gets costly. Once a stolen card clears provisioning into a digital wallet, the token looks completely legitimate to every system downstream. As Mastercard’s fraud research has noted, clearing provisioning is a major security hurdle precisely because of what it unlocks.
Digital wallet transactions are classified as card-present by the networks, the same category as a physical tap at a register, which means the issuer generally cannot dispute the charge. They absorb the loss with no chargeback and no path to recovery. And beyond the direct financial hit, trust may be irrevocably broken with the issuing bank and the cardholder who discovers their card was compromised and may choose to bank elsewhere entirely.
The gap issuers are working to close
Part of what makes provisioning fraud difficult to catch is how payment stacks are structured. When you add a card to a digital wallet, a request travels between your mobile wallet provider (e.g., Apple, Google, Samsung), the card network, and the bank or fintech that issued your card. Together, they evaluate if the card should be allowed to exist as a digital token on the respective device.
Your card issuer knows you better than any other player in that process. And yet, the provisioning call has historically been made by the card network and the issuer processor with the bank or fintech that actually issued your card finding out after the fact.
A FICO analysis of where card fraud is heading has found that this fragmentation creates real blind spots: the card issuer does not know what the mobile wallet saw, call center data never reaches the fraud model, and provisioning signals sit entirely separate from transaction-level risk logic. Each layer does its own job and fraudsters continue to seek to exploit any seams between them.
Closing that gap means issuers need to be in the provisioning decision in real time, bringing their own customer knowledge to bear when the token request arrives. Lithic Client Tokenization Decisioning, a new capability for provisioning decisions, is Lithic’s direct response to this need.
Putting issuers in control of the provisioning moment
Lithic’s Client Tokenization Decisioning gives their card issuing banks and fintech clients real-time control over provisioning decisions by bringing the issuer’s own data into the equation, such as device history, behavioral patterns, and customer context that no one else in the stack has access to. Client Tokenization Decisioning is part of Lithic’s Authorization Intelligence platform, which brings programmable, context-aware decisioning to every critical stage of the payment stack, card provisioning included.
Through their integration with Mastercard’s fraud and risk services, Lithic Client Tokenization Decisioning extends fraud protection to a stage where issuers previously had limited ability to apply their own risk logic. The capability was first built in collaboration with Mercury, a digital bank that processes over $250 billion in payment volume annually, that wanted exactly this level of control over its own card programs.
That control cuts both ways. Catching fraudulent provisioning before a token is ever created can eliminate every downstream transaction that would have followed. But blocking a legitimate cardholder from adding their card to their preferred wallet creates friction, erodes trust, and drives churn. Precision matters as much as stopping bad actors.
When a provisioning request comes in from any digital wallet provider, it first passes through Lithic’s global tokenization rules. The entire flow runs in milliseconds, which is what makes real-time issuer participation possible at all. If it clears those, the provisioning request goes to the issuer’s own decisioning layer, where programs can apply their proprietary cardholder data to approve, decline, or trigger verification.
Because each program is working from its own customer data, the risk logic can be as tailored as the program needs it to be. For requests that need a second look, programs can trigger two-factor authentication (2FA) through SMS or email. Through Lithic, programs can also enable in-app verification, a harder target for fraudsters to overcome than a text or email intercept, and one that keeps the cardholder in a familiar experience rather than routing them through an unfamiliar flow.
Why this kind of industry collaboration matters
The payment stack works because of collaboration. Wallet providers, networks, and issuer processors each control a piece of the infrastructure, and the fraud protections that have made modern payments safer are the product of all of them working together. Extending that same collaboration to provisioning is the natural next step, and it is exactly what this partnership between Lithic and Mastercard represents.
Provisioning is also just one piece of a broader picture. The most resilient fraud programs apply layered controls across the full payment lifecycle, from the moment a card is provisioned to a wallet through every transaction that follows. That is the architecture around which Lithic’s Authorization Intelligence is built.
Digital wallets are now a significant and growing share of how people pay, and fraud methods will keep evolving in response to every defense the industry builds. The answer is always the same: invest in the next layer of protection before the problem scales. Lithic’s Client Tokenization Decisioning with Mastercard is that layer right now, strengthened through their integration with Mastercard’s fraud and risk services to extend protection into the provisioning moment.
Lithic is the card issuing infrastructure platform powering next-generation financial products. Learn more at lithic.com.



