WITH so much focus on mobile and digital wallets these days it’s understandable that the security of financial information on mobile devices is a hot topic. However, mobile done right can actually increase the security of this information from its current plastic incarnation, depending on the approach.
First, to clear up some confusion. A “mobile wallet” and a “digital wallet” are not the same thing. A “mobile wallet” refers to when the actual mobile phone becomes the wallet. All relevant financial information such as bank account and credit-card numbers are stored on the mobile device and the user needs to actually have the phone with them for the transaction to be possible. Payments are made using Near Field Communications technology embedded in the phone in card emulation mode and the device is waved over a special terminal at a retail location for payment.
A “digital wallet” is something different. Digital wallets exist in the cloud and they are not tethered to any one specific device such as a mobile phone, but are accessible from a variety of devices and in a number of ways–from a physical card or a mobile phone number and PIN to a mobile device in NFC peer-to-peer mode. Sensitive financial information is stored in the cloud, not on the actual device.
I’m a firm believer in the cloud approach to a digital wallet and let me explain why.
The most significant problem with the “mobile wallet” approach is rather obvious. Putting aside the many challenges such as consumer adoption or expensive technology upgrades for retailers, this approach puts consumers at unnecessary risk. Asking someone to permanently store critical details about their financial lives on their mobile phones opens up a world of problems if the phone is lost or stolen. Suddenly every bit of financial information is exposed to potential theft. To be so utterly device dependent when dealing with such sensitive information puts the user at a very high, and very avoidable, level of risk.
The “digital wallet” approach relies on the inherent security of the cloud. This is where a consumer’s financial information lives, not on their phone. They can access their “wallet” anytime, anywhere, no matter what device they’re using, and they never have to worry when they switch devices or upgrade phones. Even if the phone is lost or stolen there’s no need to worry. Of course, we always recommend that our customers protect their phones with a PIN as a first line of defense.
All sensitive financial information is stored safely in the cloud, not on the device. This is an intuitively smarter approach. The risk of financial information being compromised is dramatically reduced, yet the consumer still gets all the functionality and flexibility of being able to make mobile payments.
Look at it this way: if your phone gets stolen and all your financial information is on the device, and the thief began making transactions, it would almost be impossible to tell if it was really you. With the cloud approach your account is constantly being monitored. So, for example, if a transaction is made by you in San Francisco on your desktop computer, then 10 minutes later one is made in Paris on your phone, it will immediately be clear that something’s wrong.
As mobile phone and mobile device use continues to explode, there’s no doubt consumer habits for making payments will continue to evolve in ways we have yet to imagine. As this happens, the security of financial information will become increasingly more important and will be forced to keep pace with the rapid changes in technology.
In my opinion, the “digital wallet” that exists in the cloud offers this security now, while offering the flexibility of not being dependent on a specific mobile device.
Author blurb: Prashanth Ranganathan is director of mobile security and risk for PayPal. He was previously CEO of Truvie, an early stage developer of real-time fraud detection software that was acquired by PayPal in 2011.
Copyright © 2012 Singapore Institute of Management