Mobile payment is becoming more common, according to a study by the Bank of Spain , and at Rikki, we've found that this method generates trust among more digitally-savvy users. So, let's examine the technology behind this method.
Wallets that store bank cards on your mobile device (Google Pay, Samsung Pay, or Apple Pay are the most common) are hot wallets , meaning they're always connected to the internet for quick transactions. Compared to plastic cards, wallets that store bank cards offer these additional security measures:
- Card data is controlled by the card issuer and payment network (Visa, Mastercard, etc.). In other words, it is never stored directly on the device, unlike the magnetic strip or chip on a plastic card, meaning this data is hidden from anyone.
- Every time a card is added to the wallet, it is tokenized, meaning a token is generated that identifies the card and the device (smartphone or smartwatch), so the card data is never transmitted during the payment process. In other words, card cloning is not possible with the use of digital wallets.
- The bank or payment network has control over the activation or deactivation of the card in the wallet. Consequently, they not only verify the cardholder's identity at the time of activation in the wallet, but they can also deactivate or block it if they suspect fraudulent activity. Furthermore, if the card is deactivated by the bank, it will automatically stop working on the mobile device, or the token in the wallet will be updated if a new one is requested when the old one expires. Furthermore, if the account runs out of funds, the bank can block the card. Even if the bank declares bankruptcy, Visa or Mastercard can deactivate it.
- Biometric authentication or PIN is required for payment approval. Private keys are also not generated or controlled to authorize payments (unlike cryptocurrencies).
- The user has the option of remote locking if the mobile phone is lost.
As we can see, the technological security circuit increases significantly with mobile wallets, to the point of making it practically insurmountable, although at the cost of ceding a significant amount of control to the bank or payment network. It sounds nice, but we'll end up understanding the consequences as we use it.
That said, the more secure this technological circuit is, the more vulnerable its users are. Because, from the cybercriminals' perspective, the more difficult it is to breach this technology's security, the more reason they will have to target the weakest part of the circuit: the cardholders. In short, it's just the same old trick.
In the next two articles we will examine the points that make us most vulnerable.