5 New Security Requirements for Digital Wallets

Two conflicting trends are defining 21st century payments: digitalization and cybercrime.

And while the two trends are unrelated – especially given that paper-based payments pose a higher risk of fraud than their digital counterparts – a new research paper published last week (August 14) reveals that, in the digital wallet landscape, the two trends are increasingly colliding.

The paper, titled “In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping,” argues that the continued reliance on outdated authentication methods and the prioritization of convenience over security have left digital wallets vulnerable to attack and abuse by bad actors.

“The implications of these attacks are severe in nature, as the attacker can make purchases of arbitrary amounts using the victim’s bank card, even if these cards are locked and reported to the bank as stolen by the victim,” the researchers wrote.

In an era where digital transactions are becoming the norm, the convenience of digital wallets is undeniable. And as these wallets become more and more an integral part of everyday transactions, their security becomes a top priority.

By embracing emerging security imperatives such as biometric authentication, tokenization, end-to-end encryption, multi-factor authentication (MFA), and AI-driven detection and prevention, digital wallet providers can create robust defenses against the growing array of cyber threats.

Learn more: Debit cards in digital wallets gain traction across industries

How Digital Wallet Providers Can Protect Users

The convenience and efficiency offered by digital wallets are undeniable, but with that convenience comes the responsibility of protecting sensitive financial information. After all, the ease of setting up and using these wallets, combined with the lack of rigorous verification processes, has made them an attractive target for illicit activity.

In this context, end-users’ reliance on digital wallets is only increasing. What started as a convenient alternative to physical wallets has become an essential financial tool, hosting sensitive data and enabling seamless transactions across various platforms.

PYMNTS Intelligence finds that digital wallet usage continues to grow across grocery, retail, restaurant, and travel, with debit becoming the preferred underlying payment method. As of June 2024, consumers paying with digital wallets used debit cards on file in 55% of grocery transactions, as well as 52% of retail transactions, 62% of restaurant transactions, and 46% of travel transactions.

As digital wallets continue to gain traction in the financial ecosystem, their security will be a critical factor in determining their long-term success.

Among the emerging security imperatives that are critical to the future of digital wallets, biometric authentication has quickly gained popularity as a reliable and secure method of verifying a user’s identity. Unlike traditional passwords or PINs, which can be easily stolen or forgotten, biometric data (such as fingerprints, facial recognition, and voice patterns) is unique to each individual, making it much harder to replicate or misuse.

For digital wallets, integrating biometric authentication offers a dual benefit: it strengthens security while improving the user experience by simplifying access to accounts and transactions.

“If you do the facial scan right up front… That means all of these transactions will happen seamlessly and you won’t have to verify your identity after the fact,” Mark Nelsen, senior vice president and global head of consumer payments at Visa, told PYMNTS.

Learn more: 3 Big Insights From PYMNTS Intelligence’s Digital Wallets UK Report

Reducing risks in digital transactions

Tokenization is another powerful security measure that replaces sensitive data, such as credit card numbers, with a unique identifier or “token” that can be used in transactions without exposing the actual data. This technique minimizes the risk of a data breach because the token itself has no meaning to unauthorized parties who might intercept it.

“We believe tokenized payments have the potential to penetrate about 70% of transactions overall,” Mehret Habteab, senior vice president of products and solutions at Visa Europe, told PYMNTS.

In the context of digital wallets, tokenization is particularly effective for securing payment data during transactions. When a user initiates a payment, their sensitive information is not directly transmitted. Instead, a token is generated and used to complete the transaction. This approach significantly reduces the risk of fraud, because even if a hacker gains access to the token, they cannot use it to access the user’s financial information.

And for digital wallets, other end-to-end encryption methods that involve encrypting payment data, personal information, and other sensitive details at every stage of a transaction can help ensure that even if the data is intercepted, it remains unintelligible to unauthorized parties.

Of course, sometimes the simplest solutions are the most effective. For digital wallets, multi-factor authentication is particularly effective at preventing unauthorized access. Even if a hacker obtains a user’s password, they will still need the second form of authentication to access the wallet. This extra layer of security makes it much harder for cybercriminals to compromise accounts.

The rise of artificial intelligence (AI) and machine learning has opened new avenues for improving the cybersecurity of digital wallets. These technologies enable real-time threat detection and continuous monitoring, allowing digital wallet providers to proactively identify and respond to potential security risks before they escalate.

The article 5 Emerging Security Imperatives for Digital Wallets appeared first on PYMNTS.com.