Mobile's safer than cards, but not safe enough

Register now

Even though credit cards are the most vulnerable when payment systems are hacked, mobile payments in general are incorrectly being labeled as part of the problem, making them seem scarier with each new breach.

Digital wallets offer a safer alternative to credit cards. But even as the digital payment market grows at a projected rate of 14.1 percent between 2018 and 2023, widespread adoption of digital wallets hinges on consumers actually believing that these wallets are more secure.

Consumer education, however, is only half of the equation. Before we can advertise the security benefits of digital wallets, we have to address their vulnerabilities. Until we seal up those cracks, consumers will stick to the devil they know.
Digital wallets have great potential to protect consumers against theft and fraud. They're more secure because personally identifiable information and account numbers are not exposed to the public during the payment process. Tokenization provides advanced security by applying unique and restricted identifiers throughout an entire transaction flow. Not only does this protect PII, but it also enhances the ability to identify potential fraud threats and react immediately.

Digital wallets also benefit from multifactor authentication. The user provides information he knows, such as a password or PIN; uses something he has like a mobile phone to conduct the transaction; and authenticates the payment with biometric data like facial recognition or fingerprint locks. In addition, GPS data can be used to pinpoint the precise location, time, and date of the transaction.

These built-in advantages both prevent and contain fraud. However, today’s digital wallets still have three major security gaps: insufficient identity protection, corporate secrecy, and vulnerable data storage. Here's how to address these weaknesses:

Build with blockchain. Identity and privacy go hand in hand. Existing digital wallets focus on making payment cards digital, but they don’t address digital identity. To replace a physical wallet, the digital option will need to safely manage identity as well as payments.

Blockchain provides the proper architecture to deliver a safe and trusted identity online. Through decentralization and cryptography, the use of blockchain in digital wallet design offers tamper-proof transaction records and a trusted source of community consensus.

Open source the code. Today, companies building wallets keep their codes secret and ask customers to trust the company's security measures. But just like any system, determined hackers can find their way in. The solution is to create open-source code wallets that would let everyone see where potential flaws lurk and enable multiple minds to collaborate to improve security. While open-sourcing wouldn't make wallets bullet-proof, it would remove the corporate veil of secrecy that sometimes hides poor development or security practices.

Stop storing data. Today’s payment processes require storage of personally identifiable information at various points. Worse, payment networks often collect data significantly above and beyond what’s truly needed for the transaction. Any type of data storage makes the owner of that database a prime target for hackers. Digital wallets that manage identity eliminate the need to capture and store data for payment verification purposes. And if data isn’t stored, it doesn’t need protection.

Even with these enhancements, nothing will ever be 100 percent secure from hackers. But when applied, measures like these will deter digital payment fraud, reduce theft, and make responding to threats easier. These are the elements that will earn that crucial consumer trust and unlock the full promise of digital wallets.

For reprint and licensing requests for this article, click here.
Mobile wallets Retailers Security risk ISO and agent