There are two dueling trends defining 21st century payments: digitization and cybercrime.
And while the two trends are unrelated — particularly given that paper-based payments are more of a fraud risk than their digital counterparts — a new research paper published last week (Aug. 14) finds that, across the digital wallet landscape, the two trends are increasingly butting heads.
The paper, entitled “In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping,” posits that an ongoing reliance on outdated authentication methods, and the prioritizing of convenience over security, has left digital wallets vulnerable to attack and abuse by bad actors.
“The implications of these attacks are of a serious nature where the attacker can make purchases of arbitrary amounts by using the victim’s bank card, despite these cards being locked and reported to the bank as stolen by the victim,” the researchers wrote.
In an era where digital transactions are becoming the norm, the convenience of digital wallets is undeniable — and as these wallets become increasingly integral to daily transactions, their security is becoming a top priority.
By adopting emerging security imperatives like biometric authentication, tokenization, end-to-end encryption, multi-factor authentication (MFA) and AI-driven detection and prevention, digital wallet providers can build robust defenses against the growing array of cyber threats.
Read more: Debit Cards In Digital Wallets Gaining Ground Across Sectors
The convenience and efficiency offered by digital wallets are undeniable, but with this convenience comes the responsibility to safeguard sensitive financial information. After all, the ease of setting up and using these wallets, combined with the lack of stringent verification processes, has made them an attractive target for illicit activities.
Against this backdrop, end-user reliance on digital wallets is only increasing. What started as a convenient alternative to physical wallets has evolved into a key financial tool, housing sensitive data and enabling seamless transactions across various platforms.
PYMNTS Intelligence finds that digital wallet usage continues to grow across grocery, retail, restaurant and travel sectors, with debit becoming the preferred underlying payment method. In June 2024, consumers paying with digital wallets used stored debit cards in 55% of grocery transactions, as well as 52% of retail transactions, 62% of restaurant transactions and 46% of travel transactions.
As digital wallets continue to gain traction in the financial ecosystem, their security will be a critical factor in determining their long-term success.
Among the emerging security imperatives that are essential for the future of digital wallets, biometric authentication has rapidly gained traction as a reliable and secure method of verifying a user’s identity. Unlike traditional passwords or PINs, which can be easily stolen or forgotten, biometric data — such as fingerprints, facial recognition, and voice patterns — are unique to each individual, making them significantly harder to replicate or misuse.
For digital wallets, the integration of biometric authentication offers a dual advantage: it enhances security while improving user experience by streamlining access to accounts and transactions.
“If you do the facial scan immediately upfront … That means all these transactions will go through seamlessly and you no longer have to confirm your identity after the fact,” Mark Nelsen, senior vice president and global head of consumer payments at Visa, told PYMNTS.
Read more: 3 Big Ideas From PYMNTS Intelligence’s Digital Wallets UK Report
Tokenization is another powerful security measure that replaces sensitive data, such as credit card numbers, with a unique identifier or “token” that can be used in transactions without exposing the actual data. This technique minimizes the risk of data breaches, as the token itself is meaningless to unauthorized parties who may intercept it.
“We think tokenized payments have the propensity to penetrate some 70% of transactions as a whole,” Mehret Habteab, senior vice president of product and solutions at Visa Europe, told PYMNTS.
In the context of digital wallets, tokenization is particularly effective in securing payment data during transactions. When a user initiates a payment, their sensitive information is not directly transmitted. Instead, a token is generated and used to complete the transaction. This approach significantly reduces the risk of fraud, as even if a hacker gains access to the token, they cannot use it to access the user’s financial information.
And for digital wallets, other methods of end-to-end encryption that involve encrypting payment data, personal information, and other sensitive details at every stage of a transaction can help ensure that even if data is intercepted, it remains unintelligible to unauthorized parties.
Of course, sometimes the simple solutions are the most effective — and for digital wallets, MFA is particularly effective in preventing unauthorized access. Even if a hacker obtains a user’s password, they would still need the second form of authentication to gain access to the wallet. This added layer of security makes it significantly harder for cybercriminals to compromise accounts.
Looking ahead, the rise of artificial intelligence (AI) and machine learning has opened new avenues for enhancing cybersecurity in digital wallets. These technologies enable real-time threat detection and continuous monitoring, allowing digital wallet providers to proactively identify and respond to potential security risks before they escalate.