'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
you get a notification that your card was added to a digital wallet you do not use
Short answer
Don’t approve anything. Lock the card and contact your card issuer’s fraud department using the number on the back of your card (not any number in the message).
Do not do these things
- Don’t click links in the notification/email/text — open your issuer app or type the website yourself.
- Don’t call any phone number provided by the text/email/caller — use the number on the back of your card or the issuer’s official app.
- Don’t share verification codes, one-time passcodes, or “approve” prompts with anyone (even if they claim to be your bank, Apple, Google, or law enforcement).
- Don’t keep using the card “until you see charges” — wallet transactions can happen fast.
- Don’t assume it’s harmless because the message only shows the last 4 digits.
What to do now
-
Verify safely (without tapping the notification).
Open your issuer’s app/website and look for:- a pending “add to wallet” approval request
- security alerts or connected wallets/devices (some issuers show this)
If there’s an approval request and it wasn’t you: decline.
-
Lock/freeze the card immediately.
Use the app to lock/freeze. If you can’t, call the number on the back of the card and ask for the fraud department. -
Ask the issuer to remove the wallet token and consider reissuing the card number.
Tell them: “I received a notification that my card was added to a digital wallet I don’t use.”
Ask them to:- remove/disable any digital wallet token(s) for that card
- issue a new card number (and new physical card) if they think the card details were compromised
- confirm whether any wallet verification occurred and how
-
Check your transactions and dispute anything unfamiliar right away.
Review recent and pending transactions in the issuer app. Report anything you don’t recognize through the issuer’s fraud/dispute process. -
Secure the account that might have been used to add it.
If the alert mentions Apple Pay/Apple Wallet or Google Wallet/Google Pay:- change your Apple/Google account password (in official settings)
- enable two-factor authentication
- review signed-in devices and sign out of anything you don’t recognize
If the card appears in a wallet you control, remove it.
-
If you entered a code or approved a prompt, say that explicitly.
Tell the issuer you shared a code / approved an add-to-wallet request (if you did). Ask them to cancel wallet tokens and reissue the card. -
If you suspect broader identity theft, take one official step now.
Use IdentityTheft.gov to start an identity theft report and recovery plan. If you think someone may try to open new credit in your name, consider a credit freeze with Equifax, Experian, and TransUnion (or place a fraud alert, which you can usually do by contacting just one bureau). -
Make a quick record.
Write down the date/time of the notification, what it said (Apple/Google/Samsung), and what the issuer confirmed they did (card locked, token removed, new card issued).
What can wait
- You don’t need to decide right now whether to close your bank account or replace your phone.
- You don’t need to contact multiple agencies at once — locking the card and speaking to the issuer comes first.
- You don’t need to file a police report unless your issuer or IdentityTheft.gov steps recommend it for your situation.
Important reassurance
This kind of alert is common in card-fraud and phishing situations. Locking the card and having the issuer remove any wallet token(s) usually stops the damage quickly, even if you don’t yet know how it happened.
Scope note
This is first steps only: stop the bleed, secure key accounts, and start an official identity-theft path only if you see signs it goes beyond this card.
Important note
This guide is general information, not legal or financial advice. If you’re unsure what’s real, use the safest path: call the number on the back of your card or use your issuer’s official app, and ask for their fraud department.
Additional Resources
- https://www.occ.gov/topics/consumers-and-communities/consumer-protection/fraud-resources/credit-card-and-debit-card-fraud.html
- https://www.identitytheft.gov/
- https://consumer.ftc.gov/articles/credit-freezes-and-fraud-alerts
- https://consumer.ftc.gov/consumer-alerts/2024/03/whats-verification-code-why-would-someone-ask-me-it
- https://payments.google.com/payments/unauthorizedtransactions
- https://support.apple.com/en-us/101554