Risks Associated with Digital Wallets
In recent times, digital wallets have grown to become one of the popular choices for online payments among consumers. The growing popularity have also attracted the attention of hackers and cybercriminals who are now developing a number of ways to work on mobile platforms. These threats have a serious impact on mobile payment security and can lead to privacy breach and financial loss. Mobile payment security is critical for all users and service providers. The payment information must be protected when it is at rest, in transit and in use.
Some of the risks associated with mobile payments and digital wallets are:
Mobile Malware: Mobile malware refers to malware (short for malicious software) that is designed explicitly to damage or disrupt mobile devices such as tablets or smartphones. It is one of the main threats to a mobile payment system today. A mobile malware can record calls, instant messages, send call logs and other critical and sensitive data to a cybercriminal. Malware can attack in many forms. For example, you could accidentally download a malicious app that dials premium rate numbers from your phone; while, other malicious apps can potentially alter your phone’s functionality and make it unusable. ZitMo (Zeus-in-the-mobile), a mobile version of Zeus malware is designed to steal your One Time Passwords (OTPs) sent by bank that are used to authenticate mobile transactions.
SSL/TLS Vulnerabilities: Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are two widely used protocols in computer security. The main purpose of these protocols is to provide privacy, integrity, identification, forward secrecy and application. Many mobile payment systems use SSL/TLS to protect user data on the Internet. SSL/TLS allows an over the air connection between two systems to be encrypted, making the data unreadable to attackers such as usernames, passwords, credit card numbers and anything else that is being sent back and forth during the connection. However, SSL/TLS and its implementation may also have vulnerabilities which could be exploited by attackers. The Heartbleed Bug is a serious vulnerability that allowed attackers to steal information protected by the SSL/TLS encryption.
Hacking: Mobile payment technology uses wireless communication technology that facilitates transmission and reception of transactions among devices without being connected physically. This is known as over-the-air (OTA) communication. This also enhances the chances of hackers attempting to compromise mobile devices without having the phone physically.
Data Leakage: Data leakage is one of the main concerns for digital wallets as there are multiple parties involved in the transaction process. When a user makes a purchase using a digital wallet at a mobile as POS, all the parties (digital wallet service provider, mobile payment as POS service provider, merchant, acquiring bank and issuing bank) are required to collect the transaction data.
Phone Theft/Loss: There are many types of risks associated with debit/credit cards whether they are stored on a smartphone or not. The biggest of these risks is a lost phone, which can give someone access to all the sensitive information that is increasingly being stored on mobile device. Some digital wallets provide security measure that disable the wallet if five erroneous PIN attempt are made.