How secure are mobile payments and digital wallets?

Amid the global Covid-19 pandemic mobile payments and digital wallets have increased in popularity. Mohamed Dabo looks at the associated security concerns

The use of mobile devices by Covid-conscious customers to effect payment for goods and services represents a paradigm shift towards digital only payments. It has been driven mainly by consumers’ fears of virus transmission.

For most consumers the ability to pay by mobile also offers greater convenience than carrying a traditional wallet with multiple credit and debit cards.

However, using a mobile wallet is not without risks.

According to a survey among mobile payment users in the US, “20 % affirmed their main security concern with regards to mobile payment is the possibility of someone intercepting their payment information or other data, while about 13 % feared their phones being hacked.”

Furthermore, another survey of more than 900 security experts concluded that only 23% of them believe that mobile payments are currently sufficiently robust at keeping personal information safe.

Nearly half of respondents (47%) felt that mobile payment applications offer no security and 30% of respondents were unsure.

Therefore, despite this push towards mobile payments, security concerns remain of paramount importance. One could say that consumer discomfort with the current state of play has inhibited mass adoption.

The spreading of viruses and malware is causing alarm

The explosive proliferation of viruses and malware affecting mobile devices alongside the very real danger of lost or stolen devices has instilled a sense of uneasiness in the consumer mind about the implications of losing a large part of their digital lives.

If we add a second dimension of money to this and the risk of unauthorised payments should a mobile device be lost, stolen, or infected with malware then suddenly our mobile devices may become guardians of our financial freedom.

The implications of losing our mobiles or them being susceptible to hacking or other such malfeasance skyrockets.

The potential threat areas are many

A report from the European Union Agency for Network and Information Security (ENISA) has identified the following key threats:

Mobile user threats - installation of rogue and malware applications, phishing and social engineering.

Mobile device threats - unauthorized access, lost or stolen device.

Mobile payment application and wallet threats - reverse engineering, tampering with the payment application and the use of rootkits.

Merchant threats - Point of Sale (POS) malware, Man-in-the-Middle (MiTM) and replay attacks.

Payment service providers’ and Acquirers threats - payment system compromise and data connectivity compromise.

Payment Network Providers Threats- token service compromise and denial of service.

Issuers Threats – payment authorization process compromise, token data compromise.

Mobile Payment Applications Providers threats – compromise of sensitive data, compromise of user profile managed in the cloud, token compromise and denial of service attacks.