Whose Responsibility is It to Protect Our Ewallets?


Analyst, Software Advice

Your smartphone is many things — mobile phone, personal organizer, music player, social network manager, digital camera, personal computer. Are you ready for it to also be your wallet? This technology isn’t years away; it’s actually going to be included in your next phone upgrade…or may be in your phone now.

Rumors are flying that either the iPhone 5 or 6 will include the capability to act as an ewallet. RIM’s UK CEO recently announced that most BlackBerries introduced this year will have this capability. And some Android phones already have it.

The inclusion of near field communication (NFC) chips in smartphones enables them to communicate with radio-frequency identification (RFID) tags, to upload your location to twitter, share information with other NFC devices, or act as your credit card.

So, instead of whipping out your card at the checkout, you’ll just have to pause from texting Aunt Lindsey and wave your phone in front of a terminal. Enter your PIN code, and your purchase is complete. It’s efficient, effortless, and fun — perfect for the tech-savvy consumer.

While the ewallet is exciting, it poses a problem for everyone involved. Mobile operating systems are frequently updated and improved, but also sport glaring security holes that put a smartphone user’s data at risk.

Will the fast and easy ewallet also be quick and effortless to digitally steal? Although the technology has been available in Japan since the early 2000s, adoption has been slow due to the lack of program incentives and perceived insecurity of ewallet transactions. Only 20 million active accounts were reported as of mid-2010, around 15% of Japan’s population — a stat made even more surprising when you consider that an expected 60 million phones in Japan have ewallet capabilities.

If adoption of the ewallet in the rest of the world is to be successful, its security has to be ensured. Let's take a look at the stakes involved, and who is responsible for protecting our future electronic wallets.

Software Developers are the Gatekeepers
Both operating system and application developers are the gatekeepers of ewallet technology. Their products will control how bank information is accessed, how it is shared, how it is used. Any security breach or vulnerability in their software puts users’ data at risk.

And if past security issues in the iPhone are any indication — access to contacts via the emergency call screen in iOS 2.02, a Safari vulnerability in version 5.0.4, and access to phone data again through the emergency call screen in iOS 4.1 — software developers have a long way to go before we put our bank security in their hands.

Adoption of this technology depends on both the ease of use and the security of our data. If developers offer products that tout both of these qualities, they can charge for the service and put a brand behind the act of using smartphones as credit cards — much like how Google put their brand on searching the Internet.

But this opportunity comes with great risk. The tech consumer and press seizes on rumors that a product exposes users’ data. One security flaw could mean the end of an ewallet development company.

Developers can ensure their products are secure and don’t have any potential vulnerabilities. By only releasing products that have undergone rigorous testing, and which they can confidently say are tighter than Fort Knox. In addition, they should notify users as soon as vulnerabilities are found, and provide them with security upgrades, either by pushing software patches directly to phones or notifying users of upgrades available elsewhere.

Banks Need to Invest in Security
Since the inception of credit cards, banks and credit card companies have handled the burden of security. Ewallet technology is an extension of this model, so we expect these companies to continue their obligation to protect our accounts as we make the payment method transition.

Plus, it’s not like they’re doing this out of the generosity of their hearts. It’s a service that they can offer thanks to processing fees they receive from every transaction. And similar to credit card reward programs, ewallet programs can be used to encourage consumer spending. For this reason, financial institutions have a mutual interest in encouraging ewallet adoption.

If ewallets are “stolen,” and fraudulent charges are made, banks will be the ones held responsible. Most banks offer services to resolve these sorts of issues with credit cards, and they most likely will with ewallets, as well.

Banks can ensure their liability is limited in ewallet transactions by only supporting phones or applications that have undergone strict, rigorous testing. Only the software that has proven to be secure and trusted should have access to the banks’ services.

In addition, they should invest in educating consumers about potential privacy risks. By ensuring their consumers are educated to make smart choices, banks limit the chance of consumers making decisions that lead to financial losses.

Retailers Need to Provide Security if They Want Others to “Buy-In”
As the users of the technology will be their customers, it is retailers’ responsibility to ensure customer information is safe. A security breach during a transaction could mean lost customers and negative press. If they are going to offer the capability to pay with a smartphone, they should be able to ensure that the method is completely safe.

Retailers should ensure that the terminals accessing smartphones are secure and will not violate users’ privacy. Partnering with software developers to create store-specific ewallet apps is one way they can ensure users’ security is a priority.

Assuming they can do this, streamlining the payment process at checkout could lead to more sales, plus free publicity among the young, tech-savvy demographic. Retailers can also offer incentive programs via the ewallet applications, further increasing the profitability of the technology.

Recently, Wal-Mart was rumored to have investigated partnering with Google, MasterCard, Citigroup, and VeriFone to bring ewallet technologies to its stores. If larger companies are thinking about adoption, then smaller retailers will put themselves at a disadvantage by ignoring the technology.

Consumers Have to Protect Their Own Money
Providing access to bank accounts is not new — consumers allow it every day when they use a credit or debit card, or complete an online transaction. As with these technologies, with ewallets it will be consumers’ responsibility to ensure their funds are being accessed only when they want them to be. Few, if any retailers will exclusively ask for ewallet payments as they become more popular; if the transaction conditions do not seem safe, it is up to the consumer to tread cautiously.

A breach in security could result in both lost personal data, and of course lost money — both extremely inconvenient, and potentially very harmful.

Protecting ewallets will not be all that different from protecting credit or debit cards. Consumers should only use the technology at stores and websites they trust. At the same time, they must take precautions to ensure their phones are secure: upgrade operating systems and applications as needed; password protect phones and applications; and know how to disable a phone if it is lost or stolen.

Likewise, consumers should monitor bank accounts frequently for erroneous transactions. Using electronic payment methods results in a psychological disconnect between bank funds and consumer spending. Monitoring funds as often as possible helps alleviate this disconnect.

What concerns do you have about ewallet technology? Is it something you would use if it was available today? Be sure to comment below with your thoughts.

  • http://www.paymenttalk.blogspot.com Steve Klebe

    It is not enough to be smart, people who are building companies and/or hardware/software that involves people’s money need to have domain experience and there needs to be regulatory oversight.

    Under the best of circumstances, fraud and other economic crimes are going to occur.

    And, as long as the US consumer is protected by REG E and other laws from any responsibility, stupidity will prevail.

  • Blogs by Market:
  • Subscribe to the Software Advice Retail Blog

Popular Blog Posts