- 25 Aug 2023
Smartphones – high security digital wallets
When it comes to purchase convenience and security, Tap & Pay cards are the current leaders. But it is becoming clear that digital wallets are in the running to replace them. It is no longer a matter of “if” but “when”, with today’s announcement that eftpos cardholders can now use Apple Pay, adding to the suite of card schemes available on digital wallets. In addition to the convenience and ease-of-use benefits of digital wallets, it’s their cutting-edge, multi-layer security that makes them the better and safer option for payments.
However, surveys consistently show that customers are concerned about the safety of digital wallets. This concern arises in part from poor communication on how digital wallets are implemented and how they work. Digital wallets were designed to address the security flaws in cards and create a more secure payment method. They are safer than cards, by design, and their security starts with the smartphone.
The multi-layer security of the digital wallet
The security advantage digital wallets have over cards begins with their access to the computing power and features of the smartphone, including specialised security hardware for protecting personal information. This gives the digital wallet app secure storage for payment information where other apps or malware cannot access it.
- The first layer of security in a digital wallet comes into play when cards are added to the digital wallet app. Cards can be added using the phone’s camera, typing them in, or transferring them directly from some financial institutions’ apps. The app requires that the person adding the cards is verified as the owner of the cards before they can make payments. This may involve a one-time password sent via SMS to the phone or via email, or even a quick chat with customer service.
- The second security layer is the customer and how they control access to their phone. That control can be a PIN or pattern passcode, and, on more recent smartphones, biometric verification using their fingerprint, face or eyes. If the phone is lost, no one can use its digital wallet to make purchases without passing verification. However, for ease of use, some digital wallets do allow the customer to make small purchases without unlocking their phone.
- The third layer of security is called tokenisation. To increase transaction security, digital wallets do not store card details or share them when a payment is made. Instead, a token is generated when a card is added. This token is transmitted instead of the card details when a payment is made.
The token is a unique number that links the card to the customer’s device and digital wallet. This allows a customer to register the same card on multiple devices and with multiple digital wallet providers. It is generated by the payment infrastructure provider used by the digital wallet. The payment infrastructure provider stores the original account information on a heavily secured system called a Token Vault.
When a transaction is made the token is used by the payment processor to retrieve and verify the original card information from the Token Vault and complete the transfer of funds. The merchant never sees the actual card details and the account information never travels outside of secure networks. An additional benefit of tokenization is if the user loses their phone they do not need to cancel their card, but they do need to lock or remove the card from their digital wallet. Digital wallet providers have online services to do this in the event of a lost phone.
Finally, digital wallets are protected by the same 24/7 computer-based fraud monitoring and zero liability protections as Tap & Pay cards.
More than POS payments
Digital wallet providers are actively expanding the functionality of their apps. Digital wallets can be used to make purchases within apps and for online purchases. Some digital wallets can automatically provide your delivery address as part of an online transaction. The digital wallet may also store loyalty cards, event tickets and boarding passes that can be scanned from the screen of the phone.
As more transaction types are handled by digital wallets their use will continue to grow. With that growth will come a demand for financial institutions to offer their customers access to the digital wallet provider of their choice. Banks that won’t or can’t will lose customers.
Transitioning to digital wallets
Customers are already choosing financial institutions that are compatible with their phone and digital wallet provider. This is a clear signal that the technology is proven and spreading from early adopters to the mainstream. At the same time, the back office technology has been tried and tested. Deploying digital wallet services is now easier than ever.
Today or tomorrow, your customers are going digital. Be there for them. Find out more about our digital solutions.
By Trent Gunthorpe, Head of EFT, Acquiring and Digital
- 17 Nov 2022
- 14 Sep 2022