FB pixel

Are digital wallets safe? New research says ‘no’

Are digital wallets safe? New research says ‘no’
 

Digital payment wallets have exploded in recent years and are expected to reach 5.2 billion users globally by 2026. But despite the popularity of quick payments offered by ApplePay, GPay, and PayPal, a new study is questioning their security and warning that changes in authentication methods are necessary to avoid identity theft and fraud.

Researchers from the University of Massachusetts Amherst and Pennsylvania State University analyzed the security of financial transactions through digital wallets, focusing on authentication, authorization, and access control security functions.

One of the issues identified is a weakness in how authentication methods are determined. Banks usually delegate the choice of user authentication method to the wallet. Generally, two types of authentication methods are used: knowledge-based authentication (KBA) and multi-factor authentication (MFA). When it comes to cardholder verification methods (CVMs) on smartphones the choices fall to either a passcode, pattern or the biometric authentication native to the device.

But while delegating authority for authentication is efficient and scalable, this compromises security, the researchers argue.

“We identify that a foolproof and uniform authentication policy enforcement by the bank is missing for all wallets,” the study says. “Such delegation of authentication is flawed in that an attacker can dictate the bank to accept a weak authentication procedure which gives birth to a number of security vulnerabilities.”

The paper, titled “In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping,” warns that some attacks could lead to serious consequences, including thieves making purchases with stolen bank cards despite banks blocking them. As digital wallets require sensitive personal and financial information, security issues may lead to identity theft and financial fraud.

The researchers propose several solutions to fix security issues in digital wallets, including adopting push MFA and passcodes instead of traditional OTP-based authentication methods. The paper does not explicitly refer to server-side biometrics. Other solutions include using continuous authentication in token management and distinguishing one-time from recurring transactions. Increasing payment apps’ security and security against card skimmers will also be necessary, the paper concludes.

Digital wallets continue to gain traction, meanwhile, not just for payments, but also identity verification and access control.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Deepfakes a ‘now problem’ as EU AI Act passes compliance deadline: Reality Defender

First it was Joe Biden, Kamala Harris and Taylor Swift. Now it’s Scarlett Johannson, Emmanuel Macron and Italy’s Defense Minister…

 

OneID raises £16 million

UK digital verification service OneID has secured new funding amid a rise of interest in digital identity among the country’s…

 

Digital ID verification can make property transactions more efficient, less prone to fraud

In the UK, Russia, South Korea, India and Pakistan, biometrics are making their way into real estate transactions, as digital…

 

IDV experts ponder death and resurrection of document verification

Is document verification dead? The question hangs over a debate hosted by Peak IDV CEO, Steve Craig. Five industry experts…

 

Jamaica operationalizing national digital ID with data exchange platform

Jamaica will make its digital identity available to all of its citizens, Custos of Kingston Steadman Fuller said on Thursday…

 

Philippines looks to boost digital ID adoption with rebrand, more services

The Philippines is hoping to boost the acceptance of its national digital identity with a new rebrand. The country is…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events